Mededeling

Collapse
No announcement yet.

Trage PC en veel Pop-ups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trage PC en veel Pop-ups

    Ik heb denk ik een adware te pakken ofzo. Daarom post ik mijn HijackThis log even en hoop ik dat iemand iets kan vinden hierin:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:18:15, on 9-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    C:\WINDOWS\system32\nvsvc32.exe
    H:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    D:\Adobe\Photoshop Elements 5.0\apdproxy.exe
    H:\Program Files\PC Tools AntiVirus\PCTAV.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\ssoftsrv.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    D:\eMule\emule.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [\\HENK\EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P38 "\\HENK\EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Dimension] C:\Program Files\Dimension\Dimension.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [PCTAVApp] "H:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
    O4 - HKLM\..\Run: [3468cd11] rundll32.exe "C:\WINDOWS\system32\uqgciovo.dll",b
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "D:\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [NBJ] "H:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Registration The Settlers II - 10th Anniversary.LNK = D:\Ubisoft\Funatics\The Settlers II - 10th Anniversary\bin\RegistrationReminder.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\SHDOCVW.DLL
    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\SHDOCVW.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{567505DA-668F-470C-A182-AB9C84345F4E}: NameServer = 85.255.116.83,85.255.112.236
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6A0F7415-D4BA-4BB6-89CE-0D0C166199CD}: NameServer = 85.255.116.83,85.255.112.236
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B70581CE-C8FE-4D7C-8208-C3BC60D816A1}: NameServer = 85.255.116.83,85.255.112.236
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BC26911E-FF20-4A65-BEB5-47BD9A07AA87}: NameServer = 85.255.116.83,85.255.112.236
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.83 85.255.112.236
    O17 - HKLM\System\CS1\Services\Tcpip\..\{567505DA-668F-470C-A182-AB9C84345F4E}: NameServer = 85.255.116.83,85.255.112.236
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.83 85.255.112.236
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - H:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Remote Control Pro (RCPServer) - Alchemy Lab - H:\Program Files\Remote Control Pro\rcpserver.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

    --
    End of file - 10615 bytes

  • #2
    Download FixWareout van:
    (http://downloads.subratam.org/Fixwareout.exe)

    Sla het op je bureaublad op en dubbelklik Fixwareout.exe. Klik eerst op Next en daarna op Install. Controleer daarna of Run fixit aangevinkt is en klik op Finish. Laat dan de fix zijn werk doen.
    Je zal gevraagd worden om de computer opnieuw op te starten, doe dat. Het kan zijn dat je computer langer doet over het opstarten dan gewoonlijk; dit is normaal.

    Let op! Als je antivirus een scriptblokker heeft krijg je een waarschuwing zoals "malicious script warning" wanneer je dit tooltje gaat draaien. Je kunt deze waarschuwing negeren.

    Plaats, na het herstarten, de inhoud van het log dat je hier kan vinden: C:\fixwareout\report.txt.


    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Firewareout report

      Hier de report file van Firewareout. Ik kreeg bij het afsluiten van windows trouwens een "nu beëindigen" venstertje van energiegebruik te zien, terwijl ik geen eens een laptop heb.

      Username "Beheerder" - 09-05-2008 16:01:05 [Fixwareout edited 9/01/2007]

      ~~~~~ Prerun check
      HKLM\SOFTWARE\~\Winlogon\ "System"="kdhay.exe"

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
      "nameserver"="85.255.116.83 85.255.112.236" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{567505DA-668F-470C-A182-AB9C84345F4E}
      "nameserver"="85.255.116.83,85.255.112.236" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{6A0F7415-D4BA-4BB6-89CE-0D0C166199CD}
      "nameserver"="85.255.116.83,85.255.112.236" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B70581CE-C8FE-4D7C-8208-C3BC60D816A1}
      "nameserver"="85.255.116.83,85.255.112.236" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{6A0F7415-D4BA-4BB6-89CE-0D0C166199CD}
      "DhcpNameServer"="85.255.116.83,85.255.112.236" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B70581CE-C8FE-4D7C-8208-C3BC60D816A1}
      "DhcpNameServer"="85.255.116.83,85.255.112.236" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{BC26911E-FF20-4A65-BEB5-47BD9A07AA87}
      "DhcpNameServer"="85.255.116.83,85.255.112.236" <Value cleared.

      De DNS-omzettingscache is leeggemaakt.


      System was rebooted successfully.

      Comment


      • #4
        Overige logjes volgen nog?

        Comment


        • #5
          Rvaxo

          En nu nog ff die van deckards scan doen.

          ---RVAXO.exe Updated: 2008-05-08---first run---
          Uninstallers:

          Files found:
          C:\WINDOWS\system32\efhQtBeg.ini2
          C:\WINDOWS\wininit.ini
          C:\WINDOWS\SwSys1.bmp
          C:\WINDOWS\SwSys2.bmp
          C:\WINDOWS\cookies.ini
          C:\WINDOWS\system32\[email protected]@@k.dll
          C:\WINDOWS\system32\clkcnt.txt
          C:\WINDOWS\system32\lsprst7.tgz
          C:\WINDOWS\system32\mcrh.tmp
          C:\WINDOWS\system32\lsprst7.dll
          C:\WINDOWS\SYSTEM32\SSPRS.DLL
          C:\check_LSA7.txt

          Folders Found:

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------
          Not deleted items:

          --------------RVAXO.exe finished----------------

          Comment


          • #6
            deckards system scan Main

            Deckard's System Scanner v20071014.68
            Run by Beheerder on 2008-05-09 17:13:21
            Computer is in Normal Mode.
            --------------------------------------------------------------------------------

            -- System Restore --------------------------------------------------------------

            System Restore is disabled; attempting to re-enable...success.


            -- Last 1 Restore Point(s) --
            1: 2008-05-09 15:13:29 UTC - RP1 - Controlepunt van systeem


            Performed disk cleanup.



            -- HijackThis (run as Beheerder.exe) -------------------------------------------

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 17:13:50, on 9-5-2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16640)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            D:\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
            H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
            C:\WINDOWS\system32\gearsec.exe
            C:\WINDOWS\System32\GEARSec.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
            C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
            C:\WINDOWS\system32\nvsvc32.exe
            H:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
            C:\WINDOWS\system32\PnkBstrA.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\CyberLink\Shared files\RichVideo.exe
            C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
            C:\WINDOWS\system32\ssoftsrv.exe
            C:\WINDOWS\System32\PAStiSvc.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
            C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
            C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
            C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
            C:\WINDOWS\system32\RunDLL32.exe
            C:\Program Files\DAEMON Tools\daemon.exe
            C:\Program Files\iTunes\iTunesHelper.exe
            D:\Adobe\Photoshop Elements 5.0\apdproxy.exe
            H:\Program Files\PC Tools AntiVirus\PCTAV.exe
            C:\WINDOWS\system32\rundll32.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            C:\Program Files\Windows Media Player\WMPNSCFG.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\WINDOWS\system32\NOTEPAD.EXE
            C:\Program Files\iPod\bin\iPodService.exe
            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Documents and Settings\Beheerder\Bureaublad\dss.exe
            C:\PROGRA~1\TRENDM~1\HIJACK~1\BEHEER~1.EXE

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: (no name) - {0155AE2D-BC31-4768-85FC-07937D6D167D} - C:\WINDOWS\system32\geBtQhfe.dll
            O2 - BHO: {9f5b545d-135e-eb38-d8b4-c14753593930} - {03939535-741c-4b8d-83be-e531d545b5f9} - C:\WINDOWS\system32\pcbywtaw.dll
            O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - D:\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O2 - BHO: (no name) - {A4D13F30-55A5-49BB-8B90-2A71EA9673A9} - C:\WINDOWS\system32\iifdddBu.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
            O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
            O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
            O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
            O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
            O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
            O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
            O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
            O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
            O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
            O4 - HKLM\..\Run: [\\HENK\EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P38 "\\HENK\EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420"
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
            O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
            O4 - HKLM\..\Run: [Dimension] C:\Program Files\Dimension\Dimension.exe
            O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime Alternative\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
            O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Adobe\Photoshop Elements 5.0\apdproxy.exe"
            O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
            O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
            O4 - HKLM\..\Run: [PCTAVApp] "H:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
            O4 - HKLM\..\Run: [3468cd11] rundll32.exe "C:\WINDOWS\system32\uqgciovo.dll",b
            O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            O4 - HKCU\..\Run: [BitTorrent] "D:\BitTorrent\bittorrent.exe" --force_start_minimized
            O4 - HKCU\..\Run: [NBJ] "H:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
            O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
            O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
            O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
            O4 - Startup: Registration The Settlers II - 10th Anniversary.LNK = D:\Ubisoft\Funatics\The Settlers II - 10th Anniversary\bin\RegistrationReminder.exe
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\SHDOCVW.DLL
            O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\SHDOCVW.DLL
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
            O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
            O20 - Winlogon Notify: iifdddBu - C:\WINDOWS\SYSTEM32\iifdddBu.dll
            O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
            O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
            O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
            O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
            O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
            O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
            O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
            O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - H:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
            O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
            O23 - Service: Remote Control Pro (RCPServer) - Alchemy Lab - H:\Program Files\Remote Control Pro\rcpserver.exe
            O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
            O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
            O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
            O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

            --
            End of file - 10534 bytes

            -- File Associations -----------------------------------------------------------

            All associations okay.


            -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

            R0 giveio - c:\windows\system32\giveio.sys
            R0 PQV2i - c:\windows\system32\drivers\pqv2i.sys <Not Verified; StorageCraft; V2i Protector>
            R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
            R1 PQIMount - c:\windows\system32\drivers\pqimount.sys <Not Verified; PowerQuest Corporation; V2i Protector>
            R2 ssoftnt4 - c:\windows\system32\drivers\ssoftnt4.sys
            R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

            S3 k750bus (Sony Ericsson 750 driver (WDM)) - c:\windows\system32\drivers\k750bus.sys (file missing)
            S3 k750mdfl (Sony Ericsson 750 USB WMC Modem Filter) - c:\windows\system32\drivers\k750mdfl.sys (file missing)
            S3 k750mdm (Sony Ericsson 750 USB WMC Modem Drivers) - c:\windows\system32\drivers\k750mdm.sys (file missing)
            S3 k750mgmt (Sony Ericsson 750 USB WMC Device Management Drivers) - c:\windows\system32\drivers\k750mgmt.sys (file missing)
            S3 k750obex (Sony Ericsson 750 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\k750obex.sys (file missing)


            -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

            R2 gearsec - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
            R2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
            R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
            R2 ssoftservice (Cryptainer service) - ssoftsrv.exe <Not Verified; Cypherix; Cryptainer>

            S2 RCPServer (Remote Control Pro) - h:\program files\remote control pro\rcpserver.exe <Not Verified; Alchemy Lab; Remote Control Pro>
            S3 IDriverT (InstallDriver Table Manager) - "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe" (file missing)


            -- Device Manager: Disabled ----------------------------------------------------

            Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
            Description: PS/2-compatibele muis
            Device ID: ACPI\PNP0F13\4&1117367&0
            Manufacturer: Microsoft
            Name: PS/2-compatibele muis
            PNP Device ID: ACPI\PNP0F13\4&1117367&0
            Service: i8042prt

            Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
            Description: Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord
            Device ID: ACPI\PNP0303\4&1117367&0
            Manufacturer: (standaardtoetsenbord)
            Name: Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord
            PNP Device ID: ACPI\PNP0303\4&1117367&0
            Service: i8042prt


            -- Scheduled Tasks -------------------------------------------------------------

            2008-04-27 12:31:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


            -- Files created between 2008-04-09 and 2008-05-09 -----------------------------

            2008-05-09 17:10:33 205190 --ahs---- C:\WINDOWS\system32\efhQtBeg.ini2
            2008-05-09 17:08:53 0 dr-h----- C:\Documents and Settings\Beheerder\Onlangs geopend
            2008-05-09 17:07:34 0 d-------- C:\RVAXO
            2008-05-09 17:02:50 821063 --a------ C:\WINDOWS\system32\RVAXO.bat
            2008-05-09 17:02:50 69632 --a------ C:\WINDOWS\system32\remove.exe
            2008-05-08 20:52:09 101440 --a------ C:\WINDOWS\system32\pcbywtaw.dll
            2008-05-08 20:49:15 90176 --a------ C:\WINDOWS\system32\uqgciovo.dll
            2008-05-08 20:46:55 2112 --a------ C:\WINDOWS\system32\xjwqoxij.exe
            2008-05-08 20:46:07 274944 --a------ C:\WINDOWS\system32\geBtQhfe.dll
            2008-05-08 17:38:04 37376 --a------ C:\WINDOWS\system32\geBstuRk.dll
            2008-05-08 17:37:34 37376 --a------ C:\WINDOWS\system32\hgGvvvTm.dll
            2008-05-08 17:37:08 37376 --a------ C:\WINDOWS\system32\iifdddBu.dll
            2008-05-01 12:47:49 0 d-------- C:\Program Files\Common Files\PC Tools
            2008-04-14 19:46:53 0 d-------- C:\Documents and Settings\NetworkService\Mijn documenten


            -- Find3M Report ---------------------------------------------------------------

            2008-05-09 17:12:07 475216 --a------ C:\WINDOWS\system32\perfh013.dat
            2008-05-09 17:12:07 84432 --a------ C:\WINDOWS\system32\perfc013.dat
            2008-05-01 12:47:49 0 d-------- C:\Program Files\Common Files
            2008-04-26 16:49:43 0 d--h----- C:\Program Files\InstallShield Installation Information
            2008-04-26 16:41:07 0 d-------- C:\Program Files\Remote Control Pro
            2008-03-29 15:03:29 230432 --a------ C:\StiImg.dat
            2008-03-13 21:53:59 0 d-------- C:\Program Files\Java
            2008-02-17 20:01:49 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
            2008-02-17 20:01:49 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>


            -- Registry Dump ---------------------------------------------------------------

            *Note* empty entries & legit default entries are not shown


            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0155AE2D-BC31-4768-85FC-07937D6D167D}]
            08-05-2008 20:46 274944 --a------ C:\WINDOWS\system32\geBtQhfe.dll

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03939535-741c-4b8d-83be-e531d545b5f9}]
            08-05-2008 20:52 101440 --a------ C:\WINDOWS\system32\pcbywtaw.dll

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4D13F30-55A5-49BB-8B90-2A71EA9673A9}]
            08-05-2008 17:37 37376 --a------ C:\WINDOWS\system32\iifdddBu.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04-08-2004 14:00]
            "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04-08-2004 14:00]
            "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04-08-2004 14:00]
            "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [07-12-2005 22:57]
            "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [13-04-2006 11:09]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 05:25]
            "Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [29-07-2004 04:41]
            "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [14-08-2006 14:39]
            "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [14-08-2006 14:41]
            "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [14-08-2006 14:38]
            "\\HENK\EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [09-04-2004 05:00]
            "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [25-07-2006 08:31]
            "nwiz"="nwiz.exe" [25-07-2006 08:31 C:\WINDOWS\system32\nwiz.exe]
            "NvMediaCenter"="NvMCTray.dll" [25-07-2006 08:31 C:\WINDOWS\system32\nvmctray.dll]
            "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [14-09-2006 22:09]
            "Dimension"="C:\Program Files\Dimension\Dimension.exe"
            "QuickTime Task"="D:\QuickTime Alternative\qttask.exe" [27-04-2007 09:41]
            "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26-05-2007 12:45]
            "Adobe Photo Downloader"="D:\Adobe\Photoshop Elements 5.0\apdproxy.exe" [22-12-2006 07:29]
            "AVG7_CC"="H:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [21-09-2007 17:23]
            "NBKeyScan"="H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
            "PCTAVApp"="H:\Program Files\PC Tools AntiVirus\PCTAV.exe" [05-03-2008 09:37]
            "3468cd11"="C:\WINDOWS\system32\uqgciovo.dll" [08-05-2008 20:49]

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [15-09-2006 15:35]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 14:00]
            "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12-08-2007 16:36]
            "BitTorrent"="D:\BitTorrent\bittorrent.exe"
            "NBJ"="H:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
            "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
            "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02-11-2006 23:53]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
            "{A4D13F30-55A5-49BB-8B90-2A71EA9673A9}"= C:\WINDOWS\system32\iifdddBu.dll [08-05-2008 17:37 37376]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdddBu]
            iifdddBu.dll 08-05-2008 17:37 37376 C:\WINDOWS\system32\iifdddBu.dll

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
            "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geBtQhfe




            -- End of Deckard's System Scanner: finished at 2008-05-09 17:14:38 ------------

            Comment


            • #7
              Deckards system scan Extra deel 1

              Deckard's System Scanner v20071014.68
              Extra logfile - please post this as an attachment with your post.
              --------------------------------------------------------------------------------

              -- System Information ----------------------------------------------------------

              Microsoft Windows XP Professional (build 2600) SP 2.0
              Architecture: X86; Language: Dutch

              CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
              CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
              Percentage of Memory in Use: 43%
              Physical Memory (total/avail): 1023.43 MiB / 575.57 MiB
              Pagefile Memory (total/avail): 1681.66 MiB / 1315.1 MiB
              Virtual Memory (total/avail): 2047.88 MiB / 1916.44 MiB

              C: is Fixed (NTFS) - 20.02 GiB total, 8.15 GiB free.
              D: is Fixed (NTFS) - 48.83 GiB total, 18.52 GiB free.
              E: is Fixed (NTFS) - 5.68 GiB total, 2.51 GiB free.
              F: is CDROM (CDFS)
              G: is CDROM (CDFS)
              H: is Fixed (NTFS) - 298.09 GiB total, 63.63 GiB free.

              \\.\PHYSICALDRIVE1 - WDC WD3200AAKS-00SBA0 - 298.09 GiB - 1 partition
              \PARTITION0 - Installable File System - 298.09 GiB - H:

              \\.\PHYSICALDRIVE0 - WDC WD800JD-60JRA0 - 74.53 GiB - 3 partitions
              \PARTITION0 (bootable) - Installable File System - 20.02 GiB - C:
              \PARTITION1 - Extended w/Extended Int 13 - 54.5 GiB - D: - E:



              -- Security Center -------------------------------------------------------------

              AUOptions is scheduled to auto-install.
              Windows Internal Firewall is enabled.

              FirstRunDisabled is set.

              AV: PC Tools AntiVirus 4.0.0.26 v4.0.0.26 (PC Tools Research Pty Ltd)
              AV: AVG 7.5.488 v7.5.488 (GRISOFT)

              [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
              "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
              "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
              "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
              "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

              [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
              "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
              "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
              "D:\\eMule\\emule.exe"="D:\\eMule\\emule.exe:*:Enabled:eMule"
              "C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
              "D:\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="D:\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
              "D:\\Activision\\Tony Hawk's Underground 2\\Game\\THUG2.exe"="D:\\Activision\\Tony Hawk's Underground 2\\Game\\THUG2.exe:*:Enabled:THUG2"
              "C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
              "D:\\Ubisoft\\Funatics\\The Settlers II - 10th Anniversary\\bin\\S2DNG.exe"="D:\\Ubisoft\\Funatics\\The Settlers II - 10th Anniversary\\bin\\S2DNG.exe:*:Enabled:S2DNG"
              "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drive rs\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
              "D:\\Softnyx\\Rakion\\Bin\\rakion.bin"="D:\\Softnyx\\Rakion\\Bin\\rakion.bin:*:Enabled:rakion"
              "D:\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"="D:\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"
              "D:\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Online\\System\\SCDA_Online.exe"="D:\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Online\\System\\SCDA_Online.exe:*:Enabled:SCDA_Online"
              "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
              "D:\\Soldat\\Soldat.exe"="D:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
              "D:\\EA GAMES\\Battlefield 1942\\BF1942.exe"="D:\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
              "D:\\EA GAMES\\The Battle for Middle-earth(tm)\\game.dat"="D:\\EA GAMES\\The Battle for Middle-earth(tm)\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
              "D:\\EA GAMES\\The Battle for Middle-earth(tm)\\patchget.dat"="D:\\EA GAMES\\The Battle for Middle-earth(tm)\\patchget.dat:*:Enabledatchgrabber"
              "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
              "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Een DLL-bestand als toepassing starten"
              "C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
              "D:\\EA GAMES\\Command and Conquer Generals\\game.dat"="D:\\EA GAMES\\Command and Conquer Generals\\game.dat:*:Enabled:game"
              "C:\\Program Files\\Dimension\\dimension.exe"="C:\\Program Files\\Dimension\\dimension.exe:*:Enabled:dimension"
              "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
              "D:\\EA GAMES\\Need For Speed Hot Pursuit 2\\NFSHP2.exe"="D:\\EA GAMES\\Need For Speed Hot Pursuit 2\\NFSHP2.exe:*:Enabled:NFSHP2"
              "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
              "D:\\LimeWire\\LimeWire.exe"="D:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
              "D:\\Microprose\\Risk II\\RiskII.exe"="D:\\Microprose\\Risk II\\RiskII.exe:*:Enabled:Risk II"
              "D:\\Gunz\\GunzLauncher.exe"="D:\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
              "D:\\America's Army\\System\\ArmyOps.exe"="D:\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
              "D:\\GameSpy Arcade\\Aphex.exe"="D:\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
              "D:\\Azureus\\Azureus.exe"="D:\\Azureus\\Azureus.exe:*:Enabled:Azureus"
              "D:\\BitTorrent\\bittorrent.exe"="D:\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
              "D:\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe"="D:\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe:*:Enabled:SWAT 4"
              "D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
              "D:\\Ubisoft\\Splinter Cell Pandora Tomorrow\\Support\\Check_Appli\\pandora_detection.exe"="D:\\Ubisoft\\Splinter Cell Pandora Tomorrow\\Support\\Check_Appli\\pandora_detection.exe:*:Enabledandora_detection"
              "D:\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"="D:\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabledandora"
              "D:\\UT2003Demo\\System\\UT2003.exe"="D:\\UT2003Demo\\System\\UT2003.exe:*:Enabled:UT2003"
              "D:\\Electronic Arts\\The Battle for Middle-earth II\\game.dat"="D:\\Electronic Arts\\The Battle for Middle-earth II\\game.dat:*:Enabled:The Battle for Middle-earth™ II"
              "D:\\BearShare Applications\\BearShare\\BearShare.exe"="D:\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
              "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
              "D:\\Xfire\\xfire.exe"="D:\\Xfire\\xfire.exe:*:Enabled:Xfire"
              "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
              "C:\\WINDOWS\\system32\\elreglqn.exe"="C:\\WINDOWS\\system32\\elr"
              "H:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"="H:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"
              "H:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"="H:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe:*:Enabled:Far Cry"
              "H:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"="H:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat:*:Enabled:game"
              "C:\\WINDOWS\\system\\lsass.exe"="C:\\WINDOWS\\system\\lsass.exe:*:Enabled:Windows Sharing"
              "H:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="H:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
              "H:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="H:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
              "H:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="H:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
              "H:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="H:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
              "H:\\Program Files\\DC++\\DCPlusPlus.exe"="H:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++"
              "H:\\Program Files\\Soulseek-Test\\slsk.exe"="H:\\Program Files\\Soulseek-Test\\slsk.exe:*:Enabled:SoulSeek"
              "H:\\Program Files\\EA Games\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"="H:\\Program Files\\EA Games\\Medal of Honor Pacific Assault(tm)\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
              "H:\\Program Files\\Remote Control Pro\\RCPServer.exe"="H:\\Program Files\\Remote Control Pro\\RCPServer.exe:*:Enabled:Remote Control Pro"
              "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
              "H:\\Downloads\\games\\Call of Duty 4 Modern Warfare Full-Rip Skullptura\\Call.of.Duty.4.Modern.Warfare.Full-Rip.Skullptura\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="H:\\Downloads\\games\\Call of Duty 4 Modern Warfare Full-Rip Skullptura\\Call.of.Duty.4.Modern.Warfare.Full-Rip.Skullptura\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:iw3mp"
              "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
              "H:\\LimeWire\\LimeWire.exe"="H:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
              "H:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="H:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
              "H:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="H:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
              "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
              "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
              "C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"="C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe:*:Enabled:Comrade"
              "C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero Installer"
              "C:\\Documents and Settings\\Beheerder\\Local Settings\\Temp\\OnlineUpdate8\\SetupXu.exe"="C:\\Documents and Settings\\Beheerder\\Local Settings\\Temp\\OnlineUpdate8\\SetupXu.exe:*:Enabled:Nero ControlCenter"
              "H:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"="H:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
              "H:\\Downloads\\games\\ship simulator en een extra suprise\\serious sam 2\\Serious Sam 2\\Bin\\Sam2.exe"="H:\\Downloads\\games\\ship simulator en een extra suprise\\serious sam 2\\Serious Sam 2\\Bin\\Sam2.exe:*:Enabled:Sam2"
              "H:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="H:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
              "H:\\Program Files\\Softnyx\\Rakion\\Bin\\rakion.bin"="H:\\Program Files\\Softnyx\\Rakion\\Bin\\rakion.bin:*:Enabled:rakion"
              "C:\\Documents and Settings\\Beheerder\\Bureaublad\\jumper_redux\\Jumper Redux.exe"="C:\\Documents and Settings\\Beheerder\\Bureaublad\\jumper_redux\\Jumper Redux.exe:*:Enabled:Jumper Redux"
              "C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
              "H:\\Program Files\\Vietcong\\vietcong.exe"="H:\\Program Files\\Vietcong\\vietcong.exe:*:Enabled:vietcong"
              "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
              "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
              "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


              -- Environment Variables -------------------------------------------------------

              ALLUSERSPROFILE=C:\Documents and Settings\All Users
              APPDATA=C:\Documents and Settings\Beheerder\Application Data
              CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
              CLIENTNAME=Console
              CommonProgramFiles=C:\Program Files\Common Files
              COMPUTERNAME=HP-E990F44758CF
              ComSpec=C:\WINDOWS\system32\cmd.exe
              FP_NO_HOST_CHECK=NO
              HOMEDRIVE=C:
              HOMEPATH=\Documents and Settings\Beheerder
              LOGONSERVER=\\HP-E990F44758CF
              NUMBER_OF_PROCESSORS=2
              OS=Windows_NT
              Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;D:\QuickTime Alternative\QTSystem
              PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
              PROCESSOR_ARCHITECTURE=x86
              PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
              PROCESSOR_LEVEL=15
              PROCESSOR_REVISION=0304
              ProgramFiles=C:\Program Files
              PROMPT=$P$G
              QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
              SESSIONNAME=Console
              SystemDrive=C:
              SystemRoot=C:\WINDOWS
              TEMP=C:\DOCUME~1\BEHEER~1\LOCALS~1\Temp
              TMP=C:\DOCUME~1\BEHEER~1\LOCALS~1\Temp
              USERDOMAIN=HP-E990F44758CF
              USERNAME=Beheerder
              USERPROFILE=C:\Documents and Settings\Beheerder
              windir=C:\WINDOWS


              -- User Profiles ---------------------------------------------------------------

              Beheerder (admin)
              Administrator (new local, admin)
              Gast (guest)


              -- Add/Remove Programs ---------------------------------------------------------

              --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
              --> H:\Program Files\PC Tools AntiVirus\unins000.exe /LOG
              --> MsiExec /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
              --> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
              --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
              A-one 3GP Video Converter 2.13 --> "D:\A-one 3GP Video Converter\unins000.exe"
              Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
              Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
              Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
              Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
              Adobe Reader 7.0 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A70000000000}
              Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
              AGEIA PhysX v7.07.09 --> MsiExec.exe /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
              America's Army --> MsiExec.exe /I{EF434C52-D882-43DB-8777-EC7B10D8943C}
              Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
              ArcSoft VideoImpression 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C765D9FF-4A34-4BF1-9F91-E9A3C60C86FC}\setup.exe" -l0x13
              Audio Recorder Deluxe --> "C:\Program Files\Audio Recorder Deluxe\unins000.exe"
              AutoKeyboard 7.0 --> "H:\Program Files\AutoKeyboard70\unins000.exe"
              AVG 7.5 --> H:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
              avi2divx --> "D:\avi2divx\unins000.exe"
              AviScreen Classic Version 1.3 --> "D:\bobyte\AviScreen classic\unins000.exe"
              Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
              Battlefield 1942: Secret Weapons of WWII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}\setup.exe" -l0x9
              Battlefield 1942: The Road To Rome --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}\setup.exe" -l0x9
              Battlefield Vietnam(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x9
              Beetle Bomp (remove only) --> "D:\Zylom Games\Beetle Bomp\Uninstall.exe"
              Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB913433) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
              Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
              Big Money Deluxe --> "C:\Program Files\Zylom Games\Big Money Deluxe\GameInstaller.exe" --uninstall UnInstall.log
              Biologie in beeld --> MsiExec.exe /I{2A394157-7B58-40B2-96DA-A68F2BF672BC}
              BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
              Bricks Of Atlantis Deluxe --> "C:\Program Files\Zylom Games\Bricks Of Atlantis Deluxe\GameInstaller.exe" --uninstall UnInstall.log
              Bricks of Egypt 2 Deluxe --> "C:\Program Files\Zylom Games\Bricks of Egypt 2 Deluxe\GameInstaller.exe" --uninstall UnInstall.log
              Bridge Construction Set Demo 1.37 --> "H:\Program Files\Bridge Construction Set Demo\unins000.exe"
              Bridge It Demo 1.1 --> "H:\Program Files\Bridge It Demo\unins000.exe"
              Bunny Bounce Deluxe --> "C:\Program Files\Zylom Games\Bunny Bounce Deluxe\GameInstaller.exe" --uninstall UnInstall.log
              Cake Mania (remove only) --> "D:\Zylom Games\Cake Mania\Uninstall.exe"
              Call of Duty(R) 4 - Modern Warfare(TM) Demo --> C:\Program Files\InstallShield Installation Information\{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}\setup.exe -runfromtemp -l0x0409
              CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
              Chainz 2 Deluxe --> "D:\Zylom Games\Chainz 2 Deluxe\GameInstaller.exe" --uninstall UnInstall.log
              Cheat Engine 5.3 --> "H:\Program Files\Cheat Engine\unins000.exe"
              ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
              Client Activator 2.2 - English --> C:\WINDOWS\Rainbow Technologies\Client Activator\2.2\English\AUNINST.EXE
              Command & Conquer Generals --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
              Cosmic Switch Deluxe --> "D:\Zylom Games\Cosmic Switch Deluxe\GameInstaller.exe" --uninstall UnInstall.log
              Cryptainer LE --> "D:\Cryptainer LE\unins000.exe"
              Crysis(R) --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
              Delicious Deluxe --> "C:\Program Files\Zylom Games\Delicious Deluxe\GameInstaller.exe" --uninstall UnInstall.log
              Desktop Sidebar --> MsiExec.exe /I{A92D7264-1A13-45BE-B769-88445DD04FD6}
              Dimension Public Preview --> C:\WINDOWS\system32\ss2uinst.exe "C:\Program Files\Dimension\ss2uinst.dat"
              DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
              DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
              DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
              DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
              DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
              Dragon NaturallySpeaking XP Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66349B1A-A8CB-4DBF-8643-FEBE86F8AF16}\setup.exe"
              DRIV3R --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01DBF423-E27B-45DA-B7F3-F9D4DB39B1C9}\SETUP.EXE" -l0x9
              EAX4 Unified Redist --> MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
              ebgcInfra --> MsiExec.exe /X{82ACA6FB-E81B-4C01-8D8F-B15ACD663E34}
              ebgcRes --> MsiExec.exe /X{79159A4E-1DD4-4FEA-9FDD-E94B7C5DDA47}
              ebgcSDK --> MsiExec.exe /X{4D60D0AC-E1E5-44A4-8C3F-516112AEC53F}
              eMule --> "D:\eMule\Uninstall.exe"
              Everest Casino (Remove Only) --> C:\Program Files\Everest Casino\cstart.exe /uninstall
              Everest Poker (Remove Only) --> C:\Program Files\Everest Poker\cstart.exe /uninstall
              Far Cry --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
              FAST Defrag Freeware 2.3 --> "C:\Program Files\FDF\unins000.exe"
              Fireworks Extravaganza Deluxe --> "C:\Program Files\Zylom Games\Fireworks Extravaganza Deluxe\GameInstaller.exe" --uninstall UnInstall.log
              Fraps --> "D:\Fraps\uninstall.exe"
              G-Force --> C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe
              Game Maker 7.0 --> H:\Program Files\Game_Maker7\Uninstal.exe
              GameSpy Arcade --> D:\GAMESP~1\UNWISE.EXE D:\GAMESP~1\INSTALL.LOG
              Glyph Deluxe --> "C:\Program Files\Zylom Games\Glyph Deluxe\GameInstaller.exe" --uninstall UnInstall.log
              Gold Miner Vegas --> "H:\Program Files\Gold Miner Vegas\unins000.exe"
              Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
              Google Earth Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x9 -removeonly
              Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
              Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
              GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\SETUP.exe" -l0x9 -removeonly
              GTAIII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\Setup.exe" -l0x13
              Harry Potter and the Order of the Phoenix™ --> h:\Program Files\Electronic Arts\Harry Potter and the Order of the Phoenix\EAUninstall.exe
              HighGrow Freeware Version 4.20 --> D:\HighGrow\UNWISE.EXE D:\HighGrow\INSTALL.LOG
              HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
              Hitman Blood Money --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}\setup.exe" -l0x9 -removeonly
              Honey Switch Deluxe --> "D:\Zylom Games\Honey Switch Deluxe\GameInstaller.exe" --uninstall UnInstall.log
              Hospital Tycoon --> h:\Program Files\Codemasters\Hospital Tycoon\uninstall.exe
              Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
              Incadia Deluxe --> "D:\Zylom Games\Incadia Deluxe\GameInstaller.exe" --uninstall UnInstall.log
              Insaniquarium Deluxe --> "D:\Zylom Games\Insaniquarium Deluxe\GameInstaller.exe" --uninstall UnInstall.log
              Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
              iTunes --> MsiExec.exe /I{6E93572D-F31E-496F-8B2F-F400B3A2BC4E}
              J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
              J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
              J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
              J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
              Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
              Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
              Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
              Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
              Language pack for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
              LifeGlobe Sharks, Terrors of the Deep --> "C:\Program Files\Prolific Publishing, Inc.\Sharks\unins000.exe"
              LimeWire 4.14.10 --> "H:\LimeWire\uninstall.exe"
              LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
              Luxor Amun Rising Deluxe --> "C:\Program Files\Zylom Games\Luxor Amun Rising Deluxe\GameInstaller.exe" --uninstall UnInstall.log
              Max Payne 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}\setup.exe" -l0x9
              Medal of Honor Pacific Assault(tm) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}\setup.exe" -l0x13 -removeonly
              Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
              Microsoft Halo --> "H:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
              Microsoft Office Access MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
              Microsoft Office Excel MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
              Microsoft Office InfoPath MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE}
              Microsoft Office Outlook MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
              Microsoft Office PowerPoint MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
              Microsoft Office PowerPoint Viewer 2007 (Dutch) --> MsiExec.exe /X{95120000-00AF-0413-0000-0000000FF1CE}
              Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
              Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
              Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
              Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
              Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
              Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
              Microsoft Office Proofing (Dutch) 2007 --> MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
              Microsoft Office Publisher MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
              Microsoft Office Shared MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
              Microsoft Office Word MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
              Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
              Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
              MIKSOFT Mobile 3GP converter --> "C:\Program Files\MIKSOFT\Mobile 3GP converter\unins000.exe"
              MixMeister Pro 6 --> MsiExec.exe /I{6A0D89A3-1D15-43CA-BFB2-259E1A16073B}
              Movavi Video Converter 5.1 --> D:\Movavi Video Converter 5.1\uninst.exe
              Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
              MP3 WAV Converter 3.18 --> D:\MP3WAV~1\UNWISE.EXE D:\MP3WAV~1\INSTALL.LOG
              neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
              Norton Ghost 9.0 --> MsiExec.exe /X{3C759736-8347-4031-BB9C-D75ADFE6B101}
              NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
              OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U /S
              PC Tools AntiVirus4.0 --> "H:\Program Files\PC Tools AntiVirus\unins000.exe"
              PhotoFiltre --> "c:\Program Files\PhotoFiltre\Uninst.exe"
              Pivot Stickfigure Animator --> MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
              PokerRoom.com (remove only) --> "D:\PokerRoom.com\uninstall.exe"
              PokerStars --> "H:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
              Pontifex II --> H:\Program Files\Pontifex II\uninstall.exe
              PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
              Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
              PunkBuster for Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{127B684B-A002-44C8-99A7-6CF8F1E26873}\setup.exe" -l0x9
              PunkBuster for Battlefield Vietnam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}\setup.exe" -l0x9
              PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
              pvAuthor v3.3.1 --> D:\PACKET~1\PVAuthor\UNWISE.EXE D:\PACKET~1\PVAuthor\INSTALL.LOG
              QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
              QuickTime Alternative 1.77 --> "D:\QuickTime Alternative\unins000.exe"
              Rakion International --> "H:\Program Files\Softnyx\Rakion\unins000.exe"
              RealSpeakEnx --> MsiExec.exe /X{0585AFE2-148B-4184-BCFA-3980704E45D8}
              RealSpeakFra --> MsiExec.exe /X{dddd60db-c067-4896-b847-323ecb70f9b6}
              Remote Control Pro --> "C:\Program Files\Remote Control Pro\uninstall.exe"
              Risk II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0EE11800-A1BD-11D3-BFEB-005004AF2D32}\setup.exe" -l0x0013
              SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
              SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
              SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
              Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x13 -removeonly
              Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
              Screen Movie Studio --> D:\SCREEN~1\UNWISE.EXE D:\SCREEN~1\INSTALL.LOG
              Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
              Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
              Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
              Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
              Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
              Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
              Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
              Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
              Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
              SFV Checker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9736F27-3CFC-4AF9-B2A7-5B1A54B1A84F}\setup.exe"
              Sichemsoft StruktoGraaf Demo 4.0 --> "H:\Program Files\StruktoGraaf Demo\unins000.exe"
              Sony Ericsson Themes Creator 3.10 --> D:\Sony Ericsson\Themes Creator\Uninstall.exe
              SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
              SpeedFan (remove only) --> "D:\SpeedFan\uninstall.exe"
              Sudoku! Deluxe --> "C:\Program Files\Zylom Games\Sudoku! Deluxe\GameInstaller.exe" --uninstall UnInstall.log
              Super Collapse! 3 --> D:\ZYLOMG~1\SUPERC~1\UNWISE.EXE /U D:\ZYLOMG~1\SUPERC~1\INSTALL.LOG
              SWF Opener --> "h:\Program Files\UnH Solutions\SWF Opener\unins000.exe"
              TeamSpeak 2 RC2 --> "H:\Program Files\Teamspeak2_RC2\unins000.exe"
              TeamSpeak Overlay BETA 2 (#63) --> "C:\Program Files\TSO\uninstall.exe"
              The Battle for Middle-earth(tm) --> D:\EA GAMES\The Battle for Middle-earth(tm)\EAUninstall.exe
              The Godfather™ The Game --> H:\Program Files\Electronic Arts\The Godfather The Game\EAUninstall.exe
              The Punisher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{329BF75E-4876-4687-9CAD-5AE7DE56EA22}\setup.exe" -l0x9 -removeonly
              Theme Hospital --> C:\WINDOWS\uninst.exe -fD:\Bullfrog\Hospital\DeIsL1.isu
              Tom Clancy's Splinter Cell Double Agent --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAD1691A-FA24-4B95-9009-3257B8440ECC}\setup.exe" -l0x9 -removeonly
              Tomb Raider - The Last Revelation --> C:\WINDOWS\IsUninst.exe -f"D:\Core Design\Tomb Raider - The Last Revelation\Uninst.isu"
              Tomb Raider - The Lost Artifact --> C:\WINDOWS\IsUninst.exe -f"D:\Core Design\Tomb Raider - The Lost Artifact\Uninst.isu"
              Transformers(TM) - The Game --> C:\Program Files\InstallShield Installation Information\{5645BA4F-2BF3-4F31-B3F7-710700C92456}\setup.exe -runfromtemp -l0x0809
              Trust WB-1400T Webcam --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F6CE1230-A694-4B86-B21C-A11A112689DA} /l1033
              TrustIn Contextual --> regsvr32 /u /s "C:\Program Files\TrustIn Contextual\trustincontext.dll"
              TWL AA Cheat Deterrent Client --> MsiExec.exe /I{A9BD391C-A3D7-47EC-847C-A22935AB0193}
              Update for Office 2007 (KB932080) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
              Update for Office 2007 (KB934391) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
              Update for Office 2007 (KB934393) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
              Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
              Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
              Update for Word 2007 (KB934173) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
              Update voor Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
              Update voor Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
              Update voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
              Update voor Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
              Update voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
              Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
              Update voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
              Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
              Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
              Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
              Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
              Update voor Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
              Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
              Update voor Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
              Update voor Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
              Update voor Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
              Update voor Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
              Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
              VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
              Vietcong --> H:\Program Files\Vietcong\Uninstall.exe
              Virtual DJ - Atomix Productions --> D:\VIRTUA~1\UNWISE.EXE D:\VIRTUA~1\INSTALL.LOG
              Vodafone 804SS USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
              Vodei Multimedia Processor 2.10 --> C:\Program Files\Vodei\uninst.exe
              WAV MP3 Converter 2.3 build 679 --> D:\HooTech\WAV_MP3\uninst.exe
              WhenU Save --> "C:\Program Files\Save\SaveUninst.exe" /w /d"WhenU Save"
              WhiteCap --> C:\Program Files\SoundSpectrum\WhiteCap\Uninstall.exe
              Windows Live aanmeldhulp --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
              Windows Live installer --> MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
              Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
              Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
              WinISO 5.3 --> "C:\Program Files\WinISO\unins000.exe"
              WinMX --> H:\Program Files\WinMX\uninstall.exe
              WinRAR --> C:\Program Files\WinRAR\uninstall.exe
              Xfire (remove only) --> "D:\Xfire\uninst.exe"
              XviD MPEG-4 Codec --> "D:\XviD\UninstXviD.exe"
              YouTube Downloader 2.11 --> "h:\Program Files\FDRLab\YouTube Downloader\unins000.exe"


              -- Application Event Log -------------------------------------------------------

              Event Record #/Type1058 / Error
              Event Submitted/Written: 05/09/2008 05:07:20 PM
              Event ID/Source: 100 / AVG7
              Event Description:
              2008-05-09 15:07:20,093 HP-E990F44758CF [000272:000276] ERROR 000 AVG7.AM service module run failed: Error 0x80040154

              Event Record #/Type1044 / Error
              Event Submitted/Written: 05/09/2008 04:03:51 PM
              Event ID/Source: 100 / AVG7
              Event Description:
              2008-05-09 14:03:51,031 HP-E990F44758CF [000440:000552] ERROR 000 AVG7.AM service module run failed: Error 0x80040154

              Event Record #/Type1032 / Error
              Event Submitted/Written: 05/09/2008 03:54:25 PM
              Event ID/Source: 100 / AVG7
              Event Description:
              2008-05-09 13:54:25,593 HP-E990F44758CF [000360:000368] ERROR 000 AVG7.AM service module run failed: Error 0x80040154

              Event Record #/Type1022 / Success
              Event Submitted/Written: 05/09/2008 10:00:41 AM
              Event ID/Source: 12001 / usnjsvc
              Event Description:
              The Messenger Sharing USN Journal Reader service started successfully.

              Event Record #/Type1013 / Error
              Event Submitted/Written: 05/09/2008 09:56:01 AM
              Event ID/Source: 100 / AVG7
              Event Description:
              2008-05-09 07:56:01,859 HP-E990F44758CF [000308:000324] ERROR 000 AVG7.AM service module run failed: Error 0x80040154

              Comment


              • #8
                Deckasrd system check Extra deel 2

                -- Security Event Log ----------------------------------------------------------

                No Errors/Warnings found.


                -- System Event Log ------------------------------------------------------------

                Event Record #/Type47348 / Error
                Event Submitted/Written: 05/09/2008 05:09:34 PM
                Event ID/Source: 7026 / Service Control Manager
                Event Description:
                De volgende opstartstuurprogramma's zijn niet geladen:
                Avg7Core
                Avg7RsXP
                i8042prt

                Event Record #/Type47347 / Error
                Event Submitted/Written: 05/09/2008 05:09:34 PM
                Event ID/Source: 7022 / Service Control Manager
                Event Description:
                De PC Tools AntiVirus Engine-service is bij het starten vastgelopen.

                Event Record #/Type47345 / Error
                Event Submitted/Written: 05/09/2008 05:08:04 PM
                Event ID/Source: 7000 / Service Control Manager
                Event Description:
                De Remote Control Pro-service kan vanwege de volgende fout niet worden gestart:
                %%1053

                Event Record #/Type47344 / Error
                Event Submitted/Written: 05/09/2008 05:08:04 PM
                Event ID/Source: 7009 / Service Control Manager
                Event Description:
                Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Remote Control Pro.

                Event Record #/Type47338 / Error
                Event Submitted/Written: 05/09/2008 05:02:13 PM
                Event ID/Source: 7026 / Service Control Manager
                Event Description:
                De volgende opstartstuurprogramma's zijn niet geladen:
                AFD
                Avg7Core
                Avg7RsW
                Avg7RsXP
                Fips
                i8042prt
                intelppm
                IPSec
                MRxSmb
                NetBIOS
                NetBT
                PQIMount
                RasAcd
                Rdbss
                Tcpip
                WS2IFSL



                -- End of Deckard's System Scanner: finished at 2008-05-09 17:14:38 -----------

                Comment


                • #9
                  Download The Avenger en pak het programma uit op je bureaublad.
                  Open de map avenger en start het programma door op avenger.exe te dubbelklikken.
                  In het venster Input Script here, kopieer en plak je onderstaande dikgedrukte tekst:


                  Files to delete:
                  C:\WINDOWS\system32\efhQtBeg.ini
                  C:\WINDOWS\system32\efhQtBeg.ini2
                  C:\WINDOWS\system32\pcbywtaw.dll
                  C:\WINDOWS\system32\uqgciovo.dll
                  C:\WINDOWS\system32\xjwqoxij.exe
                  C:\WINDOWS\system32\geBtQhfe.dll
                  C:\WINDOWS\system32\geBstuRk.dll
                  C:\WINDOWS\system32\hgGvvvTm.dll
                  C:\WINDOWS\system32\iifdddBu.dll


                  Klik daarna op de knop Execute.
                  The Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
                  Na reboot opent een logfile (avenger.txt). Post de inhoud van deze logfile met een nieuw logje van Hijackthis

                  Comment


                  • #10
                    Avenger en hijackthis logs

                    gedaan:



                    Logfile of The Avenger version 1, by Swandog46
                    Running from registry key:
                    \Registry\Machine\System\CurrentControlSet\Services\gmnmeaab

                    *******************

                    Script file located at: \??\C:\Documents and Settings\aiimghaq.txt
                    Script file opened successfully.

                    Script file read successfully

                    Backups directory opened successfully at C:\Avenger

                    *******************

                    Beginning to process script file:

                    File C:\WINDOWS\system32\elreglqn.exe deleted successfully.
                    File C:\WINDOWS\system32\ddayw.dll deleted successfully.
                    File C:\WINDOWS\system32\glyjdodk.dll deleted successfully.


                    File C:\WINDOWS\system\lsass.exe not found!
                    Deletion of file C:\WINDOWS\system\lsass.exe failed!

                    Could not process line:
                    C:\WINDOWS\system\lsass.exe
                    Status: 0xc0000034

                    File C:\WINDOWS\SYSTEM32\khfccca.dll deleted successfully.


                    File C:\WINDOWS\system32\hmiqcfgg.dll not found!
                    Deletion of file C:\WINDOWS\system32\hmiqcfgg.dll failed!

                    Could not process line:
                    C:\WINDOWS\system32\hmiqcfgg.dll
                    Status: 0xc0000034



                    File C:\WINDOWS\System32\drivers\svchost.exe not found!
                    Deletion of file C:\WINDOWS\System32\drivers\svchost.exe failed!

                    Could not process line:
                    C:\WINDOWS\System32\drivers\svchost.exe
                    Status: 0xc0000034


                    Completed script processing.

                    *******************

                    Finished! Terminate.


                    Logfile of The Avenger Version 2.0, (c) by Swandog46
                    http://swandog46.geekstogo.com

                    Platform: Windows XP

                    *******************

                    Script file opened successfully.
                    Script file read successfully.

                    Backups directory opened successfully at C:\Avenger

                    *******************

                    Beginning to process script file:

                    Rootkit scan active.
                    No rootkits found!

                    File "C:\WINDOWS\system32\efhQtBeg.ini" deleted successfully.
                    File "C:\WINDOWS\system32\efhQtBeg.ini2" deleted successfully.
                    File "C:\WINDOWS\system32\pcbywtaw.dll" deleted successfully.
                    File "C:\WINDOWS\system32\uqgciovo.dll" deleted successfully.
                    File "C:\WINDOWS\system32\xjwqoxij.exe" deleted successfully.
                    File "C:\WINDOWS\system32\geBtQhfe.dll" deleted successfully.
                    File "C:\WINDOWS\system32\geBstuRk.dll" deleted successfully.
                    File "C:\WINDOWS\system32\hgGvvvTm.dll" deleted successfully.
                    File "C:\WINDOWS\system32\iifdddBu.dll" deleted successfully.

                    Completed script processing.

                    *******************

                    Finished! Terminate.











                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 17:41:30, on 9-5-2008
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\WINDOWS\Explorer.EXE
                    D:\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
                    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                    C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
                    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
                    C:\WINDOWS\system32\RunDLL32.exe
                    C:\Program Files\DAEMON Tools\daemon.exe
                    H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                    C:\Program Files\iTunes\iTunesHelper.exe
                    D:\Adobe\Photoshop Elements 5.0\apdproxy.exe
                    H:\Program Files\PC Tools AntiVirus\PCTAV.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                    C:\WINDOWS\system32\gearsec.exe
                    C:\Program Files\Windows Media Player\WMPNSCFG.exe
                    C:\WINDOWS\System32\GEARSec.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
                    C:\WINDOWS\system32\nvsvc32.exe
                    H:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
                    C:\WINDOWS\system32\PnkBstrA.exe
                    C:\Program Files\CyberLink\Shared files\RichVideo.exe
                    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                    C:\WINDOWS\system32\ssoftsrv.exe
                    C:\WINDOWS\System32\PAStiSvc.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\Program Files\iPod\bin\iPodService.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                    C:\WINDOWS\system32\wuauclt.exe
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    O2 - BHO: (no name) - {0155AE2D-BC31-4768-85FC-07937D6D167D} - C:\WINDOWS\system32\geBtQhfe.dll (file missing)
                    O2 - BHO: {9f5b545d-135e-eb38-d8b4-c14753593930} - {03939535-741c-4b8d-83be-e531d545b5f9} - C:\WINDOWS\system32\pcbywtaw.dll (file missing)
                    O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - D:\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    O2 - BHO: (no name) - {A4D13F30-55A5-49BB-8B90-2A71EA9673A9} - C:\WINDOWS\system32\iifdddBu.dll (file missing)
                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
                    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
                    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
                    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
                    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
                    O4 - HKLM\..\Run: [\\HENK\EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P38 "\\HENK\EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420"
                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
                    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
                    O4 - HKLM\..\Run: [Dimension] C:\Program Files\Dimension\Dimension.exe
                    O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime Alternative\qttask.exe" -atboottime
                    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Adobe\Photoshop Elements 5.0\apdproxy.exe"
                    O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                    O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                    O4 - HKLM\..\Run: [PCTAVApp] "H:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
                    O4 - HKLM\..\Run: [3468cd11] rundll32.exe "C:\WINDOWS\system32\uqgciovo.dll",b
                    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
                    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                    O4 - HKCU\..\Run: [BitTorrent] "D:\BitTorrent\bittorrent.exe" --force_start_minimized
                    O4 - HKCU\..\Run: [NBJ] "H:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
                    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
                    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
                    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
                    O4 - Startup: Registration The Settlers II - 10th Anniversary.LNK = D:\Ubisoft\Funatics\The Settlers II - 10th Anniversary\bin\RegistrationReminder.exe
                    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\SHDOCVW.DLL
                    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\SHDOCVW.DLL
                    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                    O20 - Winlogon Notify: iifdddBu - iifdddBu.dll (file missing)
                    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
                    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                    O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
                    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
                    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
                    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
                    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                    O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - H:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
                    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                    O23 - Service: Remote Control Pro (RCPServer) - Alchemy Lab - H:\Program Files\Remote Control Pro\rcpserver.exe
                    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
                    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                    O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
                    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

                    --
                    End of file - 10463 bytes

                    Comment


                    • #11
                      Start Hijackthis en vink alleen de volgende regels aan:
                      O2 - BHO: (no name) - {0155AE2D-BC31-4768-85FC-07937D6D167D} - C:\WINDOWS\system32\geBtQhfe.dll (file missing)
                      O2 - BHO: {9f5b545d-135e-eb38-d8b4-c14753593930} - {03939535-741c-4b8d-83be-e531d545b5f9} - C:\WINDOWS\system32\pcbywtaw.dll (file missing)
                      O2 - BHO: (no name) - {A4D13F30-55A5-49BB-8B90-2A71EA9673A9} - C:\WINDOWS\system32\iifdddBu.dll (file missing)
                      O4 - HKLM\..\Run: [3468cd11] rundll32.exe "C:\WINDOWS\system32\uqgciovo.dll",b
                      O20 - Winlogon Notify: iifdddBu - iifdddBu.dll (file missing)

                      Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

                      Herstart je computer.

                      Post na de herstart een nieuw logje van Hijackthis en vertel of er nog problemen zijn

                      Comment


                      • #12
                        Volgens mij doet alles het weer zoals het zou moeten. Heel erg bedankt voor uw hulp

                        Hier nog mijn hijackthis logje:

                        Logfile of Trend Micro HijackThis v2.0.2
                        Scan saved at 14:50:40, on 10-5-2008
                        Platform: Windows XP SP2 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                        Boot mode: Normal

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\WINDOWS\Explorer.EXE
                        D:\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
                        H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                        C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
                        H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                        H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                        C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
                        C:\WINDOWS\system32\gearsec.exe
                        C:\WINDOWS\system32\RunDLL32.exe
                        C:\Program Files\DAEMON Tools\daemon.exe
                        C:\WINDOWS\System32\GEARSec.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\Program Files\iTunes\iTunesHelper.exe
                        C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                        D:\Adobe\Photoshop Elements 5.0\apdproxy.exe
                        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                        C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
                        H:\Program Files\PC Tools AntiVirus\PCTAV.exe
                        C:\Program Files\CCleaner\ccleaner.exe
                        C:\WINDOWS\system32\ctfmon.exe
                        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                        C:\Program Files\Windows Media Player\WMPNSCFG.exe
                        C:\WINDOWS\system32\nvsvc32.exe
                        H:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
                        C:\WINDOWS\system32\PnkBstrA.exe
                        C:\Program Files\CyberLink\Shared files\RichVideo.exe
                        C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                        C:\WINDOWS\system32\ssoftsrv.exe
                        C:\WINDOWS\System32\PAStiSvc.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                        O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - D:\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                        O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
                        O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
                        O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
                        O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
                        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                        O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
                        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                        O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
                        O4 - HKLM\..\Run: [\\HENK\EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P38 "\\HENK\EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420"
                        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                        O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
                        O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
                        O4 - HKLM\..\Run: [Dimension] C:\Program Files\Dimension\Dimension.exe
                        O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime Alternative\qttask.exe" -atboottime
                        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                        O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Adobe\Photoshop Elements 5.0\apdproxy.exe"
                        O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                        O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                        O4 - HKLM\..\Run: [PCTAVApp] "H:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
                        O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
                        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                        O4 - HKCU\..\Run: [BitTorrent] "D:\BitTorrent\bittorrent.exe" --force_start_minimized
                        O4 - HKCU\..\Run: [NBJ] "H:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
                        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
                        O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                        O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                        O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
                        O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
                        O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
                        O4 - Startup: Registration The Settlers II - 10th Anniversary.LNK = D:\Ubisoft\Funatics\The Settlers II - 10th Anniversary\bin\RegistrationReminder.exe
                        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\SHDOCVW.DLL
                        O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\SHDOCVW.DLL
                        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                        O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                        O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
                        O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                        O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                        O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                        O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
                        O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
                        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                        O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
                        O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                        O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
                        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                        O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - H:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
                        O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                        O23 - Service: Remote Control Pro (RCPServer) - Alchemy Lab - H:\Program Files\Remote Control Pro\rcpserver.exe
                        O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
                        O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                        O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
                        O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

                        --
                        End of file - 9733 bytes

                        Comment


                        • #13
                          Logje ziet er goed uit

                          Doe dit nog:

                          Download ATF cleaner (mirror)(gemaakt door Atribune)

                          Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                          Dubbelklik op ATF cleaner om het programma te starten.
                          Op het tabblad "Main", plaats je een vinkje bij Select All.
                          Klik op de knop Empty Selected.

                          Het volgende doen als je ook FireFox als browser hebt:
                          Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                          Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                          (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                          Klik op de knop Empty Selected.

                          Het volgende doen als je ook Opera als browser hebt:
                          Klik op tabblad "Opera", plaats een vinkje bij Select All.
                          Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                          Klik op de knop Empty Selected.
                          Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                          Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                          Kijk hier hoe je je systeemherstel moet uitschakelen.
                          Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                          Dan denk ik dat alles weer OK is.

                          Groeten smeenk

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X