Is there somebody who can analyse my hijack file?

Logfile of HijackThis v1.99.1
Scan saved at 17:00:14, on 1-11-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Ahead\NeroNET\NeroNET.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My unzipped files\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de/freenet/customerindex_30.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Zoeken - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {EDDD6406-4684-410F-A90D-780E8C73D2C4} (aldi-fotoservice-druck_de_bilduebertragung) - http://www.aldi-fotoservice-druck.de/uploa...ebertragung.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8641FE8C-1DD4-46BF-93DF-774B98BCCF48}: NameServer = 194.97.173.124 194.97.173.125
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Program Files\Common Files\AVM\de_serv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NeroNET - Ahead Software AG - C:\Program Files\Ahead\NeroNET\NeroNET.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Are you having any particular Problems?

This log looks ok.

My PC is very slowly and my Virus program ANTIVIR is not capable to remove the virus: TR/Drop.Rbot.adx.2

Where is it finding TR/Drop.Rbot.adx.2 please?

Often these are in the System Volume information in the restore points. They are not running but AV's cannot always remove them.

Let me know where it is being found.

Slow is a common problem and Spyware is only one reason for it. It could be a multitude of problems. Hijackthis is a start. Let;s go one step further.

Download Autoruns from this page:
http://www.sysinternals.com/Utilities/Autoruns.html

Unzip to a folder and the double click on autoruns.exe

Wait until the program has finished running (the status line will show 'Ready')
Under the 'Options' menu, make sure that 'Include Empty Sections' is checked.
Wait again until ready.

Be sure the 'Everything' tab is selected.
Select 'File -> Save' and save the output file.

Copy the contents of the Autoruns text file and post its contents in your next reply here.

-----------------------------------



Let's dog deeper and see if we find anything.

Indeed the virus was found in the "System Volume information" map on C:\
And here is the autoruns output: (I use Windows XP / Dutch !)

HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup

HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup

HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\system32\userinit.exe Aanmeldingstoepassing Userinit Microsoft Windows Publisher c:\windows\system32\userinit.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exe Windows Verkenner Microsoft Windows Publisher c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ ATICCC CLI Application (Command Line Interface) (Not verified) ATI Technologies Inc. c:\program files\ati technologies\ati.ace\cli.exe

+ AVGCtrl AntiVir Guard/XP Control Program (Not verified) H+BEDV Datentechnik GmbH c:\program files\avpersonal\avgnt.exe

+ CHotkey Chicony Multimedia Driver (Not verified) Chicony c:\windows\mhotkey.exe

+ Cmaudio CmiCnfg DLL Microsoft Windows Hardware Compatibility Publisher c:\windows\system\cmicnfg.cpl

+ Dit c:\windows\dit.exe

+ ledpointer Chicony Multimedia Driver (Not verified) Chicony c:\windows\cnyhkey.exe

+ NeroFilterCheck NeroCheck (Not verified) Ahead Software Gmbh c:\windows\system32\nerocheck.exe

+ NeroNETTrayIcon NeroNET Server Application (Not verified) Ahead Software AG c:\program files\ahead\neronet\nnservicectrl.exe

+ PCMService PCMService MFC Application c:\program files\medion home cinema xl ii\powercinema\pcmservice.exe

+ PinnacleDriverCheck c:\windows\system32\psdrvcheck.exe

+ PRISMSTA.EXE PRISM Status Tray Applet (Not verified) Intersil Americas Inc. c:\windows\system32\prismsta.exe

+ SunJavaUpdateSched Java™ 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\program files\java\jre1.5.0_04\bin\jusched.exe

+ TkBellExe RealNetworks Scheduler (Not verified) RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten

+ Adobe Gamma Loader.lnk Adobe Gamma Loader (Not verified) Adobe Systems, Inc. c:\program files\common files\adobe\calibration\adobe gamma loader.exe

+ Adobe Reader Snelle start.lnk Adobe Acrobat SpeedLauncher (Not verified) Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

+ ATI CATALYST System Tray.lnk CLI Application (Command Line Interface) (Not verified) ATI Technologies Inc. c:\program files\ati technologies\ati.ace\cli.exe

+ hp psc 1000 series.lnk HP OfficeJet COM Device Objects (Not verified) Hewlett-Packard Co. c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe

+ hpoddt01.exe.lnk hpotdd01 (Not verified) Hewlett-Packard c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe

+ Microsoft Office.lnk Microsoft Office XP component Microsoft Corporation c:\program files\microsoft office\office10\osa.exe

C:\Documents and Settings\Herman Geisink\Menu Start\Programma's\Opstarten

+ Registration-InstantCopy.lnk RegTool Application (Not verified) Pinnacle Systems, Inc. c:\program files\pinnacle\shared files\instantcddvd\pixie\regtool.exe

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ CTFMON.EXE CTF Loader Microsoft Windows Publisher c:\windows\system32\ctfmon.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKLM\System\CurrentControlSet\Services

+ AdobeActiveFileMonitor Houdt de bestanden bij die door Adobe Photoshop Album worden beheerd c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe

+ AntiVirService Provides real-time antivirus security using H+BEDV's AntiVir technology. (Not verified) H+BEDV Datentechnik GmbH c:\program files\avpersonal\avguard.exe

+ Ati HotKey Poller ATI External Event Utility EXE Module Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\ati2evxx.exe

+ ATI Smart ATI Smart c:\windows\system32\ati2sgag.exe

+ AudioSrv Hiermee worden audioapparaten voor op Windows-gebaseerde programma's beheerd. Als deze service wordt gestopt, functioneren audioapparaten en geluidseffecten niet juist. Als deze service wordt uitgeschakeld, kunnen de services die van deze service afhankelijk zijn niet worden gestart. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ AVWUpSrv Helpservice of AntiVir Personal Edition. (Not verified) H+BEDV Datentechnik GmbH, Germany c:\program files\avpersonal\avwupsrv.exe

+ CryptSvc Hiermee worden drie beheersservices geboden: de Catalog Database-service, die de handtekeningen van Windows-bestanden bevestigt, de Protected Root-service, die op deze computer certificaten van vertrouwde basiscertificeringsinstanties toevoegt en verwijdert, en de Key-service, die helpt bij het inschrijven van deze computer voor certificaten. Als deze service wordt uitgeschakeld, kunnen services die afhankelijk zijn van deze service niet worden gestart. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ DcomLaunch Provides launch functionality for DCOM services. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Dhcp Hiermee wordt de netwerkconfiguratie beheerd via het registreren en bijwerken van IP-adressen en DNS-namen. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Dnscache Hiermee worden DNS-namen voor deze computer omgezet en in cache opgeslagen. Als deze service is gestopt, kan deze computer geen DNS-namen omzetten en domeincontrollers in Active Directory vinden. Als deze service is uitgeschakeld, zullen alle services die van deze voorziening afhankelijk zijn niet kunnen worden gestart. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ ERSvc Hiermee kunnen services en toepassingen die worden uitgevoerd in omgevingen die niet standaard zijn, fouten rapporteren. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Eventlog Hiermee kunnen gebeurtenisberichten die worden uitgegeven door programma's en onderdelen van Windows worden weergegeven in Logboeken. Deze service kan niet worden gestopt. Microsoft Windows Publisher c:\windows\system32\services.exe

+ Fax Hiermee kunt u faxen verzenden en ontvangen met de faxapparaten op deze computer of op het netwerk. Microsoft Windows Publisher c:\windows\system32\fxssvc.exe

+ helpsvc Hiermee kan Help en ondersteuning op deze computer worden uitgevoerd. Als de service wordt gestopt, is Help en ondersteuning niet beschikbaar. Als deze service wordt uitgeschakeld, kunnen services die van deze service afhankelijk zijn niet worden gestart. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ HidServ Toegang voor generieke invoer voor apparaten met een speciale gebruikersinterface, die het gebruik van voorgedefinieerde toetsen op toetsenborden, afstandsbedieningen en andere multimedia-apparaten activeert en onderhoudt. Als deze service wordt gestopt, functioneren de toetsen die door deze service worden beheerd niet. Als deze service wordt uitgeschakeld, kunnen de services die van deze service afhankelijk zijn niet worde gestart. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ lanmanserver Hiermee wordt ondersteuning geboden voor het via het netwerk delen van bestanden, printers en named pipes voor deze computer. Als deze service is gestopt, zijn deze functies niet beschikbaar. Als deze service is uitgeschakeld, zullen alle services die van deze voorziening afhankelijk zijn niet kunnen worden gestart. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ lanmanworkstation Hiermee worden netwerkverbindingen van clients naar externe servers tot stand gebracht en in stand gehouden. Als deze service is gestopt, zijn deze verbindingen niet beschikbaar. Als deze service is uitgeschakeld, zullen alle services die van deze voorziening afhankelijk zijn niet kunnen worden gestart. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ LmHosts Hiermee wordt ondersteuning geboden voor NetBIOS via TCP/IP (NetBT) en NetBIOS-naamomzetting inschakelen. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ LogWatch Event Log Watch (Not verified) Computer Associates c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe

+ MDM Hiermee wordt lokale en externe foutopsporing ondersteund voor foutopsporingsprogramma's voor Visual Studio en scripts. Als deze service is gestopt, functioneren de foutopsporingsprogramma's niet juist. Microsoft Corporation c:\program files\common files\microsoft shared\vs7debug\mdm.exe

+ NeroNET NeroNET Server Application (Not verified) Ahead Software AG c:\program files\ahead\neronet\neronet.exe

+ PDSched PDSched Module (Not verified) Raxco Software, Inc. c:\program files\raxco\perfectdisk\pdsched.exe

+ PhotoshopElementsDeviceConnect Photoshop Elements Organizer launch utility on device arrival. c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe

+ PlugPlay Hiermee kan een computer wijzigingen in de hardwareconfiguratie herkennen en zich aanpassen zonder of met weinig invoer van de gebruiker. Als de service wordt gestopt of uitgeschakeld wordt de computer instabiel. Microsoft Windows Publisher c:\windows\system32\services.exe

+ PolicyAgent Hiermee wordt het IP-beveiligingsbeleid beheerd en de stuurprogramma's voor ISAKMP/Oakley (IKE) en IP-beveiliging gestart. Microsoft Windows Publisher c:\windows\system32\lsass.exe

+ ProtectedStorage Hiermee wordt beveiligde opslag voor vertrouwelijke gegevens, zoals persoonlijke sleutels, geboden om toegang door niet-gemachtigde services, processen of gebruikers te voorkomen Microsoft Windows Publisher c:\windows\system32\lsass.exe

+ RpcSs Hiermee worden endpoint-toewijzing en andere RPC-services geboden Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ SamSs Hiermee worden beveiligingsgegevens voor lokale gebruikersaccounts opgeslagen Microsoft Windows Publisher c:\windows\system32\lsass.exe

+ Schedule Hiermee kan een gebruiker geautomatiseerde taken configureren en plannen op deze computer. Als deze service wordt gestopt, kunnen deze taken niet op de geplande tijd worden uitgevoerd. Als de service wordt uitgeschakeld, kunnen de services die afhankelijk van deze service niet worden gestart. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ seclogon Hiermee kunnen processen met alternatieve referenties worden gestart. Als deze service wordt gestopt, is dit type aanmelding niet beschikbaar. Als deze service wordt uitgeschakeld, kunnen services die van deze service afhankelijk zijn niet worden gestart. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ SENS Hiermee worden systeemgebeurtenissen, zoals Windows-aanmelding, netwerk- en energiegebeurtenissen getraceerd en worden abonnees van het COM+-gebeurtenissysteem gewa*****uwd als deze gebeurtenissen optreden Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ SharedAccess Hiermee worden services ten behoeve van netwerkadresomzetting, adressering, naamomzetting en/of preventie van onrechtmatige toegang geboden voor computers in thuis- of bedrijfsnetwerken. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ ShellHWDetection Generic Host Process for Win32 Services Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Spooler Hiermee worden bestanden in het geheugen geladen om later te worden afgedrukt Microsoft Windows XP Publisher c:\windows\system32\spoolsv.exe

+ srservice Hiermee worden herstelfuncties voor het apparaat uitgevoerd. Als u de service wilt stoppen, kunt u Systeemherstel uitschakelen in het tabblad Systeemherstel in Deze computer->Eigenschappen Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ stisvc Hiermee kunnen scanners en camera's afbeeldingen opnemen Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ svcWRSSSDK Provides core functionality to Webroot Spy Sweeper. This service must be enabled and started for Spy Sweeper to function. (Not verified) Webroot Software, Inc. c:\program files\webroot\spy sweeper\wrsssdk.exe

+ Themes Hiermee beschikt u over een voorziening waarmee u de gebruikerservaring kunt beheren. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ TrkWks Hiermee worden koppelingen tussen NTFS-bestanden op een computer of tussen computers in een netwerkdomein onderhouden. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ UleadBurningHelper ULCDRSvr (Not verified) Ulead Systems, Inc. c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe

+ UMWdf Activeert USD's (User Mode Drivers) voor Windows. Microsoft Windows Component Publisher c:\windows\system32\wdfmgr.exe

+ W32Time Zorgt voor de datum- en tijdsynchronisatie van alle clients en servers binnen het netwerk. Als de service is gestopt, is de datum- en tijdsynchronisatie onbeschikbaar. Als de service wordt uitgeschakeld, kunnen de services die afhankelijk van deze service niet worden gestart.

Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ WebClient Hiermee kunnen Windows-programma's bestanden op het Internet maken, lezen en wijzigen. Als deze service wordt gestopt, zijn deze functies niet beschikbaar. Als deze service wordt uitgeschakeld, kunnen services die van deze service afhankelijk zijn niet starten. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ winmgmt Dit is een gemeenschappelijke interface en objectmodel voor toegang tot beheergegevens over besturingssystemen, apparaten, toepassingen en services. Als deze service wordt gestopt zal de meeste windows-software niet juist werken. Als deze service wordt uitgeschakeld, kunnen services die van de service afhankelijk zijn niet worden gestart. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ wscsvc Hiermee kunt u instellingen en configuraties van systeembeveiliging controleren. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ wuauserv Schakelt de mogelijkheid in om essentiële Windows-updates via Windows Update te downloaden en te installeren. Als deze services is uitgeschakeld, kan het besturingssysteem handmatig worden bijgewerkt via de website Windows Update. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ WZCSVC Configureert de 802.11-adapters automatisch. Microsoft Windows Publisher c:\windows\system32\svchost.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Adresboek 6 Outlook Express Setup-bibliotheek Microsoft Windows Publisher c:\program files\outlook express\setup50.exe

+ Fax ADVPACK Microsoft Windows Publisher c:\windows\system32\advpack.dll

+ Internet Explorer Windows NT User Data Migration Tool Microsoft Windows Publisher c:\windows\system32\shmgrate.exe

+ Internet Explorer 6 Hulpprogramma voor gebruikersafhankelijke installatie voor IE 5.0 Microsoft Windows Publisher c:\windows\system32\ie4uinit.exe

+ Microsoft Outlook Express 6 Outlook Express Setup-bibliotheek Microsoft Windows Publisher c:\program files\outlook express\setup50.exe

+ Microsoft Windows Media Player ADVPACK Microsoft Windows Publisher c:\windows\system32\advpack.dll

+ NetMeeting 3.01 ADVPACK Microsoft Windows Publisher c:\windows\system32\advpack.dll

+ Outlook Express Windows NT User Data Migration Tool Microsoft Windows Publisher c:\windows\system32\shmgrate.exe

+ Themes Setup Microsoft© Register Server Microsoft Windows Publisher c:\windows\system32\regsvr32.exe

+ Windows Desktop Update Microsoft© Register Server Microsoft Windows Publisher c:\windows\system32\regsvr32.exe

+ Windows Media Player Hulpprogramma voor Microsoft Windows Media Player Setup Microsoft Windows Component Publisher c:\windows\inf\unregmp2.exe

+ Windows Messenger 4.7 ADVPACK Microsoft Windows Publisher c:\windows\system32\advpack.dll

HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Cache-daemon voor onderdeelcategorieën Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Preloader van browseui Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ CDBurn Gemeenschappelijk DLL-bestand van Windows Shell Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ PostBootReminder Gemeenschappelijk DLL-bestand van Windows Shell Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ SysTray Systray-shellserviceobject Microsoft Windows Publisher c:\windows\system32\stobject.dll

+ WebCheck Website Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ shell32.dll Gemeenschappelijk DLL-bestand van Windows Shell Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ %DESC_PublishDropTarget% Wizard Afbeeldingen afdrukken Microsoft Windows Publisher c:\windows\system32\photowiz.dll

+ &Adres Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ &Personen... Personen zoeken Microsoft Windows Publisher c:\program files\outlook express\wabfind.dll

+ .CAB file viewer Shell-extensie Cab-bestandsviewer Microsoft Windows Publisher c:\windows\system32\cabview.dll

+ Aangepaste MRU-lijst voor AutoAanvullen Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Address EditBox Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Afdrukken via het web bestellen Wizard Netwerkverbinding maken / Netwerklocaties Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ Audio Media Properties Handler DLL-bestand Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ Auto Update Property Sheet Extension Configuratiescherm voor automatische updates Microsoft Windows XP Publisher c:\windows\system32\wuaucpl.cpl

+ BandProxy Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Cachemap van ActiveX Objectbesturing Viewer Microsoft Windows Publisher c:\windows\system32\occache.dll

+ Catalyst Context Menu extension ACE Context Menu c:\program files\ati technologies\ati.ace\atiacmxx.dll

+ CD Copy Shell Extension IDisc Shellextension (Not verified) Pinnacle Systems, Inc. c:\windows\system32\shellext\cdwshext.dll

+ CD Wizard Shell Extension IDisc Shellextension (Not verified) Pinnacle Systems, Inc. c:\windows\system32\shellext\cdwshext.dll

+ CDF Extension Copy Hook Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Channel Menu Viewer voor definitiebestanden van kanalen Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Channel Properties Viewer voor definitiebestanden van kanalen Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Code Download Agent Website Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Compatibiliteitspagina Tab Shell-uitbreidings-dll voor compatibiliteit Microsoft Windows Publisher c:\windows\system32\slayerxp.dll

+ Compressed (zipped) Folder Right Drag Handler Gecomprimeerde mappen Microsoft Windows Publisher c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder SendTo Target Gecomprimeerde mappen Microsoft Windows Publisher c:\windows\system32\zipfldr.dll

+ Configuratiescherm-uitbreiding Beeldscherm-panning File not found: deskpan.dll

+ Configuratiescherm-uitbreiding Beeldschermadapter Geavanceerde eigenschappen voor beeldscherm Microsoft Windows Publisher c:\windows\system32\deskadp.dll

+ Configuratiescherm-uitbreiding Monitor Geavanceerde eigenschappen voor beeldscherm Microsoft Windows Publisher c:\windows\system32\deskmon.dll

+ ConnectionAgent Website Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Crypto PKO-extensie Crypto-shelluitbreidingen Microsoft Windows Publisher c:\windows\system32\cryptext.dll

+ Crypto-handtekeningextensie Crypto-shelluitbreidingen Microsoft Windows Publisher c:\windows\system32\cryptext.dll

+ Darwin App Publisher Shell Toepassingsbeheer Microsoft Windows Publisher c:\windows\system32\appwiz.cpl

+ DfsShell Distributed File System-shelluitbreiding Microsoft Windows Publisher c:\windows\system32\dfsshlex.dll

+ Directory Context Menu Verbs Gemeenschappelijk gebruikersinterface van Active Directory Microsoft Windows Publisher c:\windows\system32\dsuiext.dll

+ Directory Object Find Zoeken in Active Directory Microsoft Windows Publisher c:\windows\system32\dsquery.dll

+ Directory Property UI Gemeenschappelijk gebruikersinterface van Active Directory Microsoft Windows Publisher c:\windows\system32\dsuiext.dll

+ Directory Query UI Zoeken in Active Directory Microsoft Windows Publisher c:\windows\system32\dsquery.dll

+ Directory Start/Search Find Zoeken in Active Directory Microsoft Windows Publisher c:\windows\system32\dsquery.dll

+ Disk Quota UI DLL-bestand voor gebruikersinterface van Windows Shell Schijfquota Microsoft Windows Publisher c:\windows\system32\dskquoui.dll

+ Display TroubleShoot CPL Extension Geavanceerde eigenschappen voor beeldschermprestaties Microsoft Windows Publisher c:\windows\system32\deskperf.dll

+ Downloadstatus Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ E-mail Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Eigenschappenblad voor OLE-docbestand Eigenschappenblad voor OLE-docbestand Microsoft Windows Publisher c:\windows\system32\docprop.dll

+ Eigenschappenvenster van multimediabestand Het onderdeel Stuurprogramma's van het Configuratiescherm Microsoft Windows Publisher c:\windows\system32\mmsys.cpl

+ Explorer-band Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Extensions Manager Folder Extensions Manager Microsoft Windows XP Publisher c:\windows\system32\extmgr.dll

+ Favorites Band Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Fonts Windows-map Lettertypen Microsoft Windows Publisher c:\windows\system32\fontext.dll

+ FTP Folders Webview Microsoft Internet Explorer FTP-mapuitbreiding voor Shell Microsoft Windows Publisher c:\windows\system32\msieftp.dll

+ Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll

+ GDI- en bestand-- The nicest hobby on Earth ;) --tractieprogramma voor miniaturen Windows-viewer voor afbeeldingen en faxen Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Gebruikersaccounts Wizard Netwerkverbinding maken / Netwerklocaties Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ Gebruikersondersteuning Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Gecomprimeerde map Gecomprimeerde mappen Microsoft Windows Publisher c:\windows\system32\zipfldr.dll

+ Geplande taken DLL-interfacebestand voor Taakplanner Microsoft Windows Publisher c:\windows\system32\mstask.dll

+ Geschiedenis Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Globale mapinstellingen Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Handler-object voor kanalen Viewer voor definitiebestanden van kanalen Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Help en ondersteuning Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Help en ondersteuning Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Het Internet Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Het tabblad Beveiliging Shell-uitbreiding Beveiliging Microsoft Windows Publisher c:\windows\system32\rshx32.dll

+ Het tabblad Beveiliging Beveiligingsgebruikersinterface van Active Directory Microsoft Windows Publisher c:\windows\system32\dssec.dll

+ Het tabblad Beveiliging voor printers Shell-uitbreiding Beveiliging Microsoft Windows Publisher c:\windows\system32\rshx32.dll

+ HTML-extractie voor miniatuurweergaven Windows-viewer voor afbeeldingen en faxen Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Hulpprogramma met opties voor registerboomstructuur Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ HyperTerminal-pictogramuitbreiding HyperTerminal Applet Library Microsoft Windows Publisher c:\windows\system32\hticons.dll

+ ICC-profiel DLL-bestand voor gebruikersinterface van Microsoft Color Matching System Microsoft Windows Publisher c:\windows\system32\icmui.dll

+ ICM-monitorbeheer DLL-bestand voor gebruikersinterface van Microsoft Color Matching System Microsoft Windows Publisher c:\windows\system32\icmui.dll

+ ICM-printerbeheer DLL-bestand voor gebruikersinterface van Microsoft Color Matching System Microsoft Windows Publisher c:\windows\system32\icmui.dll

+ ICM-scannerbeheer DLL-bestand voor gebruikersinterface van Microsoft Color Matching System Microsoft Windows Publisher c:\windows\system32\icmui.dll

+ IE4 Suite-welkomstscherm Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Informatie over de handler voor miniatuurweergaven (DOCFILES) Windows-viewer voor afbeeldingen en faxen Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ InoShell File not found: C:\Program Files\CA\eTrust Antivirus\InoShell.dll

+ Internet Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Internet Name Space Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ InternetShortcut Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ ISFBand OC Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Kanaal-bestand Viewer voor definitiebestanden van kanalen Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Kanaal-snelkoppeling Viewer voor definitiebestanden van kanalen Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Knipselgegevensverwerker van shell Knipselobject-handler van Shell Microsoft Windows Publisher c:\windows\system32\shscrap.dll

+ Lettertypen Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Lijst voor AutoAanvullen: Microsoft Geschiedenis Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Lijst voor AutoAanvullen: Microsoft Shell-map Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Map met abonnementen Website Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Map Off line bestanden Gebruikersinterface voor caching aan clientzijde Microsoft Windows Publisher c:\windows\system32\cscui.dll

+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Windows Publisher c:\windows\msagent\agentpsh.dll

+ Microsoft AutoAanvullen Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Browser Architecture Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Windows Publisher c:\program files\common files\system\ole db\oledb32.dll

+ Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft Internet-werkbalk Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Office HTML Icon Handler Microsoft Office XP component Microsoft Corporation c:\program files\microsoft office\office10\msohev.dll

+ Microsoft Url-geschiedenisservice Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Microsoft Url-zoeken Hook Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Microsoft-browserbalk Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft-container met meervoudige lijst voor AutoAanvullen Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Midi Properties Handler DLL-bestand Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ MMC Icon Handler MMC Shell Extension DLL Microsoft Windows Publisher c:\windows\system32\mmcshext.dll

+ MRU-lijst voor AutoAanvullen Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ MyDocs Copy Hook De gebruikersinterface van de map Mijn documenten Microsoft Windows Publisher c:\windows\system32\mydocs.dll

+ MyDocs Drop Target De gebruikersinterface van de map Mijn documenten Microsoft Windows Publisher c:\windows\system32\mydocs.dll

+ MyDocs Properties De gebruikersinterface van de map Mijn documenten Microsoft Windows Publisher c:\windows\system32\mydocs.dll

+ Netwerkverbindingen Shell voor Netwerkverbindingen Microsoft Windows Publisher c:\windows\system32\netshell.dll

+ Netwerkverbindingen Shell voor Netwerkverbindingen Microsoft Windows Publisher c:\windows\system32\netshell.dll

+ Offline Files Folder Options Gebruikersinterface voor caching aan clientzijde Microsoft Windows Publisher c:\windows\system32\cscui.dll

+ Offline Files Menu Gebruikersinterface voor caching aan clientzijde Microsoft Windows Publisher c:\windows\system32\cscui.dll

+ Parser voor adresbalk Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ PhotoToys Windows XP PowerToys (Not verified) Microsoft Corporation c:\windows\system32\phototoys.dll

+ PlusPack CPL Extension Windows Thema-API Microsoft Windows Publisher c:\windows\system32\themeui.dll

+ Pop-upbalk Volgen Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Portable Media Devices Shell-uitbreiding voor draagbare media-apparaten Microsoft Windows Component Publisher c:\windows\system32\audiodev.dll

+ Portable Media Devices Menu Shell-uitbreiding voor draagbare media-apparaten Microsoft Windows Component Publisher c:\windows\system32\audiodev.dll

+ PostAgent Website Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Previous Versions Eigenschappenpagina van vorige versies Microsoft Windows Publisher c:\windows\system32\twext.dll

+ Previous Versions Property Page Eigenschappenpagina van vorige versies Microsoft Windows Publisher c:\windows\system32\twext.dll

+ Programma voor inventarisatie van geïnstalleerde toepassingen Shell Toepassingsbeheer Microsoft Windows Publisher c:\windows\system32\appwiz.cpl

+ Remote Sessions CPL Extension DLL-bestand voor externe sessies Microsoft Windows Publisher c:\windows\system32\remotepg.dll

+ Scanners en camera's Gebruikersinterface van de shellmap van de replicatieapparaten Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scanners en camera's Gebruikersinterface van de shellmap van de replicatieapparaten Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scanners en camera's Gebruikersinterface van de shellmap van de replicatieapparaten Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scanners en camera's Gebruikersinterface van de shellmap van de replicatieapparaten Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scanners en camera's Gebruikersinterface van de shellmap van de replicatieapparaten Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Schijfkopieer-uitbreiding Windows DiskCopy Microsoft Windows Publisher c:\windows\system32\diskcopy.dll

+ Search Assistant OC Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Sendmail service E-mail verzenden Microsoft Windows Publisher c:\windows\system32\sendmail.dll

+ Sendmail service E-mail verzenden Microsoft Windows Publisher c:\windows\system32\sendmail.dll

+ Set Program Access and Defaults Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Shell Automation Inproc Service Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Shell DeskBar Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Shell DeskBarApp Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Shell DocObject Viewer Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Shell Extensions for RealOne Player RealOne Player Shell Extensions (Not verified) RealNetworks c:\program files\real\realplayer\rpshellext.dll

+ Shell Image Data Factory Windows-viewer voor afbeeldingen en faxen Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Shell Image Property Handler Windows-viewer voor afbeeldingen en faxen Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Shell Image Verbs Windows-viewer voor afbeeldingen en faxen Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Shell properties for a DS object Zoeken in Active Directory Microsoft Windows Publisher c:\windows\system32\dsquery.dll

+ Shell Rebar BandSite Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Shell Toepassingsbeheer Shell Toepassingsbeheer Microsoft Windows Publisher c:\windows\system32\appwiz.cpl

+ Shell-object voor publicatiewizard Wizard Netwerkverbinding maken / Netwerklocaties Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ Shell-uitbreiding voor Web Printer DLL-bestand voor gebruikersinterface voor afdrukken Microsoft Windows Publisher c:\windows\system32\printui.dll

+ Shell-uitbreidingen voor delen Shell-uitbreidingen voor delen Microsoft Windows Publisher c:\windows\system32\ntshrui.dll

+ Shell-uitbreidingen voor delen Shell-uitbreidingen voor delen Microsoft Windows Publisher c:\windows\system32\ntshrui.dll

+ Shell-uitbreidingen voor Microsoft Windows Network-objecten Gebruikersinterface voor netwerkobjectshell Microsoft Windows Publisher c:\windows\system32\ntlanui2.dll

+ Shell-uitbreidingen voor Windows Script Host Microsoft ® Shell Extension for Windows Script Host Microsoft Windows Publisher c:\windows\system32\wshext.dll

+ Sitemenu van shell-band Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Subscription Mgr Website Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Systeembeheer Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Taakbalk en menu Start Gemeenschappelijk DLL-bestand van Windows Shell Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ Tasks Folder Icon Handler DLL-interfacebestand voor Taakplanner Microsoft Windows Publisher c:\windows\system32\mstask.dll

+ Tasks Folder Shell Extension DLL-interfacebestand voor Taakplanner Microsoft Windows Publisher c:\windows\system32\mstask.dll

+ Tijdelijke Internet-bestanden Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Tijdelijke Internet-bestanden Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Toegankelijk Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ TrayAgent Website Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ TridentImageExtractor Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Uitgebreide shell-map Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Uitgebreide shell-map 2 Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Uitvoeren... Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Video Media Properties Handler DLL-bestand Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ Video Thumbnail Extractor DLL-bestand Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ Wav Properties Handler DLL-bestand Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ WebCheck Website Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ WebCheck SyncMgr Handler Website Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ WebCheckChannelAgent Website Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ WebCheckWebCrawler Website Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Webmappen Microsoft Web Folders (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\web folders\mson-- The nicest hobby on Earth ;) --t.dll

+ Werkmap Windows Werkmap Microsoft Windows Publisher c:\windows\system32\syncui.dll

+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Starter Microsoft Windows Component Publisher c:\windows\system32\wmpshell.dll

+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Starter Microsoft Windows Component Publisher c:\windows\system32\wmpshell.dll

+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Starter Microsoft Windows Component Publisher c:\windows\system32\wmpshell.dll

+ WinRAR shell extension c:\program files\winrar\rarext.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll

+ Wizard Passport Wizard Netwerkverbinding maken / Netwerklocaties Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ Wizard Webpublicaties Wizard Netwerkverbinding maken / Netwerklocaties Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ Zinio Magazine Column Provider c:\program files\common files\zinio\zshext.dll

+ Zinio Shell Extension c:\program files\common files\zinio\zshext.dll

+ Zinio Shell Extension UI Object c:\program files\common files\zinio\zshext.dll

+ Zoekbalk Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Zoeken Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Zoeken binnen deelvenster Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Zoeken op het web Shell Browser-bibliotheek voor gebruikersinterface Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems, Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

+ Google Toolbar Helper Google Werkbalk voor Internet Explorer-clients (Not verified) Google Inc. c:\program files\google\googletoolbar2.dll

+ MSNToolBandBHO MSN Toolbar extension (Not verified) Microsoft Corporation c:\program files\msn apps\msn toolbar\01.02.4000.1001\nl\msntb.dll

+ ST st (Not verified) Microsoft Corporation c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll

+ WsftpBrowserHelper Class wsbho2k0 Module (Not verified) Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421 c:\program files\ipswitch\ws_ftp home\wsbho2k0.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ shdocvw.dll Objecten- en besturingselementenbibliotheek Shell Doc Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ 0 MSN Toolbar extension (Not verified) Microsoft Corporation c:\program files\msn apps\msn toolbar\01.02.4000.1001\nl\msntb.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ Windows Messenger Windows Messenger Microsoft Windows XP Publisher c:\program files\messenger\msmsgs.exe

Task Scheduler

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk * Hulpprogramma voor automatische controle Microsoft Windows Publisher c:\windows\system32\autochk.exe

+ PDBoot.exe PerfectDisk Boot Time Defragmentation (Not verified) Raxco Software, Inc. c:\windows\system32\pdboot.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Windows Publisher c:\windows\system32\ntsd.exe

HKLM\SOFTWARE\Microsoft\Command Processor\Autorun

HKCU\SOFTWARE\Microsoft\Command Processor\Autorun

HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32 Geavanceerde Windows 32 basis-API Microsoft Windows Publisher c:\windows\system32\advapi32.dll

+ comdlg32 DLL voor gedeelde dialoogvensters Microsoft Windows Publisher c:\windows\system32\comdlg32.dll

+ DllDirectory c:\windows\system32

+ gdi32 GDI Client DLL Microsoft Windows Publisher c:\windows\system32\gdi32.dll

+ imagehlp Windows NT Image Helper Microsoft Windows Publisher c:\windows\system32\imagehlp.dll

+ kernel32 DLL-bestand voor Windows NT BASE API-client Microsoft Windows Publisher c:\windows\system32\kernel32.dll

+ lz32 LZ Expand/Compress API DLL Microsoft Windows Publisher c:\windows\system32\lz32.dll

+ ole32 Microsoft OLE voor Windows Microsoft Windows XP Publisher c:\windows\system32\ole32.dll

+ oleaut32 Microsoft Windows Publisher c:\windows\system32\oleaut32.dll

+ olecli32 DLL-bestand voor het koppelen en insluiten van objecten (OLE) Microsoft Windows XP Publisher c:\windows\system32\olecli32.dll

+ olecnv32 Microsoft OLE for Windows Microsoft Windows XP Publisher c:\windows\system32\olecnv32.dll

+ olesvr32 Object Linking and Embedding Server Library Microsoft Windows Publisher c:\windows\system32\olesvr32.dll

+ olethk32 Microsoft OLE for Windows Microsoft Windows Publisher c:\windows\system32\olethk32.dll

+ rpcrt4 Remote Procedure Call Runtime Microsoft Windows Publisher c:\windows\system32\rpcrt4.dll

+ shell32 Gemeenschappelijk DLL-bestand van Windows Shell Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ url Shellextensie-DLL voor Internet-snelkoppeling Microsoft Windows Publisher c:\windows\system32\url.dll

+ urlmon OLE32-extensies voor Win32 Microsoft Windows XP Publisher c:\windows\system32\urlmon.dll

+ user32 DLL-bestand voor Windows XP USER API-client Microsoft Windows XP Publisher c:\windows\system32\user32.dll

+ version Version Checking and File Installation Libraries Microsoft Windows Publisher c:\windows\system32\version.dll

+ wininet Internet-extensies voor Win32 Microsoft Windows XP Publisher c:\windows\system32\wininet.dll

+ wldap32 Win32 LDAP API DLL Microsoft Windows Publisher c:\windows\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ AtiExtEvent ATI External Event Utility DLL Module Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\ati2evxx.dll

+ cscdll Off line netwerk-agent Microsoft Windows Publisher c:\windows\system32\cscdll.dll

+ ScCertProp Algemeen DLL-bestand voor het ontvangen van Winlogon-wa*****uwingen Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

+ Schedule Algemeen DLL-bestand voor het ontvangen van Winlogon-wa*****uwingen Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

+ SensLogn Algemeen DLL-bestand voor het ontvangen van Winlogon-wa*****uwingen Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

+ termsrv Algemeen DLL-bestand voor het ontvangen van Winlogon-wa*****uwingen Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

+ wlballoon Algemeen DLL-bestand voor het ontvangen van Winlogon-wa*****uwingen Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

HKCU\Control Panel\Desktop\Scrnsave.exe

+ C:\WINDOWS\system32\Aquari~1.scr c:\windows\system32\aquarium screensaver.scr

HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{3F460919-DF26-406E-9CC9-26706059177D}] DATAGRAM 6 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{3F460919-DF26-406E-9CC9-26706059177D}] SEQPACKET 6 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{4299AC48-BBA9-4EF9-B5CF-A9300E2772D1}] DATAGRAM 4 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{4299AC48-BBA9-4EF9-B5CF-A9300E2772D1}] SEQPACKET 4 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{4850029F-27AC-4E4A-829A-C5198E2266C9}] DATAGRAM 9 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{4850029F-27AC-4E4A-829A-C5198E2266C9}] SEQPACKET 9 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C77534E-E87D-4C61-9955-BDAFC1A47674}] DATAGRAM 5 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C77534E-E87D-4C61-9955-BDAFC1A47674}] SEQPACKET 5 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{8641FE8C-1DD4-46BF-93DF-774B98BCCF48}] DATAGRAM 8 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{8641FE8C-1DD4-46BF-93DF-774B98BCCF48}] SEQPACKET 8 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{867DE5EB-DEF7-4D85-A111-E998D0753C3D}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{867DE5EB-DEF7-4D85-A111-E998D0753C3D}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{97FE9408-1720-46B7-AA3A-CFC05688048D}] DATAGRAM 7 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{97FE9408-1720-46B7-AA3A-CFC05688048D}] SEQPACKET 7 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B320E90C-DE49-487F-8A7A-76896D75C834}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B320E90C-DE49-487F-8A7A-76896D75C834}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E8923623-58F3-489D-AD8B-7BAD4CFD8F4E}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E8923623-58F3-489D-AD8B-7BAD4CFD8F4E}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E8C9694F-85E6-4142-AAA3-0280204B1954}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E8C9694F-85E6-4142-AAA3-0280204B1954}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service-aanbieder Microsoft Windows Publisher c:\windows\system32\mswsock.dll

Ok. We can get that later then. I see nothing so let;s go to the next step and test for rootkits. IF ntohijgn there, then we'll try some maintenance and see where that takes us.


Two programs I want to see please :

Try this app: blacklight Beta from here:

http://www.f-secure.com/blacklight/try.shtml

click "I accept" at bottom of page which takes you to download site.
Download the app to the desktop.
Double click it, accept the agreement, make sure "scan through windows explorer IS checked then hit "scan"
It should only take at most 5 minuites.

[b]If any results Don't rename anything yet!
Sometimes legit items are listed along with baddies.
Just hit next> finish.

Log will be created on desktop that starts with fsbl-datetime.log

Post the results in your next reply please.

-------------
Download Rootkitreveal
http://www.sysinternals.com/utilities/rootkitrevealer.html


Extract rootkitreveal

Double click on rootkit revealer and press scan.

It will take some time to do a complete scan. When finished press file/save and post the contents of the log please.

blacklight Beta did not find items. So there was made no logfile

rootkitreveal found 6 items. Unfortunately, the saving of the file gives an system error! "tell Microsoft about the error.... etc".
So what now ? ? ?

Rootkit reveal will find items and often they are harmless. Can you run it again and then copy what it found please?

I don't no whats going on. Every time when I try to save the log,I receive the message: "Toolkit utility has to be ended" and "Tell Microsoft about your problem"

Can I send you the output (7 lines) as screenprint by email ?

Sure you can.

Let me know who yo are so I remember.

Katie_3232ATHotmail.com

Change the AT to an @ so the address works.

OK I have send you the email. with output from TOOLKIT and ANTIVIR

See if you can delete this folder:

C:\Program Files\winsupdater


The other is in your restore points and we'll get to that later.

Post a startuplist too please. In Hijackthis press the Config Button
Click Misc Tools
Check both boxes next to the Generate StartupList log and then click the generate startuplist log button.

Paste the contents into your next reply here.


-------

Let's have you run McAffee's stinger.

Follow the directions and get the download on this page:
http://vil.nai.com/vil/stinger

Please create a log and post that.

About the RootkitReveler error wehen youtry to save a report. When you try to save the report, select a folder other than My documents. See if that gets rid of the error for you.

I have deleted C:\Program files\winsupdater
and here is the Hijack log:



StartupList report, 5-11-2005, 14:59:46
StartupList version: 1.52.2
Started from : C:\My unzipped files\hijackthis[1]\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Ahead\NeroNET\NeroNET.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVPersonal\INETUPD.EXE
C:\My unzipped files\hijackthis[1]\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Herman Geisink\Menu Start\Programma's\Opstarten]
Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
hp psc 1000 series.lnk = ?
hpoddt01.exe.lnk = ?
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
CHotkey = mHotkey.exe
ledpointer = CNYHKey.exe
Dit = Dit.exe
PCMService = "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
PRISMSTA.EXE = PRISMSTA.EXE START
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
AVGCtrl = "C:\Program Files\AVPersonal\AVGNT.EXE" /min
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
PinnacleDriverCheck = C:\WINDOWS\System32\PSDrvCheck.exe
ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[AutorunsDisabled]
NeroNETTrayIcon = C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exe

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=
SCRNSAVE.EXE=C:\WINDOWS\system32\LEVEND~1.SCR
drivers=

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\Aquari~1.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Register-editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
Ipswitch.WsftpBrowserHelper - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll - {601ED020-FB6C-11D3-87D8-0050DA59922B}
(no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan60.ocx
CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc2.cab

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7899.1631597222

[ING Bank Autorisatiescherm]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AXDigiSign.dll
CODEBASE = http://secure.ingbank.nl/download/DigiSign.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/msnmesse...pdownloader.cab

[Zylom Games Player]
InProcServer32 = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
CODEBASE = http://game16.zylomgames.com/activex/zylomgamesplayer.cab

[Java Plug-in 1.4.2_03]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab

[Java Plug-in 1.4.2_06]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash.ocx
CODEBASE = http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

[aldi-fotoservice-druck_de_bilduebertragung]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ALDI_N~1.OCX
CODEBASE = http://www.aldi-fotoservice-druck.de/uploa...ebertragung.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

61883-eenheidsapparaat: system32\DRIVERS\61883.sys (manual start)
Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system)
Adobe Active File Monitor: C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (autostart)
Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start)
Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway-service: %SystemRoot%\System32\alg.exe (manual start)
AMON: \??\C:\WINDOWS\system32\drivers\amon.sys (manual start)
AntiVir Service: "C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE" (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP-clientprotocol: System32\DRIVERS\arp1394.sys (manual start)
ASAPIW2K: System32\Drivers\ASAPIW2K.sys (manual start)
ASP.NET-statusservice: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac.sys (manual start)
Standaard IDE/ESDI-vasteschijfcontroller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP-client-protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audiostub-stuurprogramma: System32\DRIVERS\audstub.sys (manual start)
AVC-apparaat: system32\DRIVERS\avc.sys (manual start)
avgntdw: \??\C:\PROGRAM FILES\AVPERSONAL\AVGNTDW.SYS (manual start)
AntiVir Update: "C:\Program Files\AVPersonal\AVWUPSRV.EXE" (autostart)
Intelligente achtergrondsoverdrachtservice: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
2Mega Camera, WDM Video Capture: System32\Drivers\Ca100v.sys (manual start)
MEDION (7134) WDM Video Capture: System32\DRIVERS\Cap7134.sys (manual start)
CA License Client: C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (manual start)
CA License Server: C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (manual start)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
Cd-rom-stuurprogramma: System32\DRIVERS\cdrom.sys (system)
Indexing-service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)
COM+-systeemtoepassing: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
AVM FRITZ!web Routing Service: C:\Program Files\Common Files\AVM\de_serv.exe (manual start)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system)
DLBQWESIOPTD: C:\DOCUME~1\HERMAN~1\LOCALS~1\Temp\DLBQWESIOPTD.exe (manual start)
Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.sys (manual start)
Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+-gebeurtenissysteem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Stuurprogramma voor diskettestationcontroller: System32\DRIVERS\fdc.sys (manual start)
VIA Rhine-Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5bv.sys (manual start)
VIA Rhine Family Fast Ethernet Adapter Driver Service: System32\DRIVERS\fetnd5b.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sys (system)
GDGFCR: C:\DOCUME~1\HERMAN~1\LOCALS~1\Temp\GDGFCR.exe (manual start)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys (manual start)
Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class-stuurprogramma: System32\DRIVERS\hidusb.sys (manual start)
IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
IINZDD: C:\DOCUME~1\HERMAN~1\LOCALS~1\Temp\IINZDD.exe (manual start)
Filterstuurprogramma voor het branden van cd's: System32\DRIVERS\imapi.sys (system)
COM-service voor IMAPI cd-branders: C:\WINDOWS\System32\imapi.exe (manual start)
Intel GV3-processorstuurprogramma: System32\DRIVERS\intelppm.sys (system)
Creatix V.9X DSP Data Fax Modem: System32\DRIVERS\ctxs51.sys (manual start)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys (system)
IR Enumerator-service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sys (system)
Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass.sys (system)
Stuurprogramma voor toetsenbord-HID: System32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Event Log Watch: C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Stuurprogramma voor muistypen: System32\DRIVERS\mouclass.sys (system)
Stuurprogramma voor muis-HID: System32\DRIVERS\mouhid.sys (manual start)
WebDav-client-redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Microsoft DV Camera and VCR: System32\DRIVERS\msdv.sys (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start)
BIOS-stuurprogramma voor Microsoft Systeembeheer: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Microsoft MPU-401 MIDI UART-stuurprogramma: system32\drivers\msmpu401.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
RAS NDIS TAPI-stuurprogramma: System32\DRIVERS\ndistapi.sys (manual start)
I/O-protocol van NDIS-gebruikermodus: System32\DRIVERS\ndisuio.sys (manual start)
RAS NDIS WAN-stuurprogramma: System32\DRIVERS\ndiswan.sys (manual start)
NeroNET: C:\Program Files\Ahead\NeroNET\NeroNET.exe -w (autostart)
NetBIOS-interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
AVM FRITZ!web DSL PPP: system32\DRIVERS\NETFWDSL.SYS (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394-stuurprogramma: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NOD32 Kernel Service: "C:\Program Files\Eset\nod32krn.exe" (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Verwisselbare opslag: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
VIA OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.sys (manual start)
PCI Bus-stuurprogramma: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
PDEngine: "C:\Program Files\Raxco\PerfectDisk\PDEngine.exe" (manual start)
PDScheduler: "C:\Program Files\Raxco\PerfectDisk\PDSched.exe" (autostart)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Photoshop Elements Device Connect: C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (autostart)
MEDION TV-TUNER 7134 MK2/3: System32\DRIVERS\PhTVTune.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start)
IPSEC-services: %SystemRoot%\System32\lsass.exe (autostart)
WAN-minipoort (PPTP): System32\DRIVERS\raspptp.sys (manual start)
PRISM 802.11g Driver: System32\DRIVERS\PRISMA00.sys (manual start)
Stuurprogramma voor processor: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Verbindingsbeheer voor RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
PPPOE-RAS-stuurprogramma: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmgr.exe (manual start)
Stuurprogramma voor afspeelfilter van digitale cd-audio: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter-stuurprogramma: System32\DRIVERS\serenum.sys (manual start)
Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sys (system)
Diskettestation voor HD-diskettes: System32\DRIVERS\sfloppy.sys (manual start)
Windows Firewall (WF) / Internet-verbinding delen (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Sony USB-filterstuurrapparaat (SONYPVU1): System32\DRIVERS\SONYPVU1.SYS (manual start)
Microsoft Kernel-audiosplitsing: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Stuurprogramma voor systeemherstelfilter: \SystemRoot\System32\DRIVERS\sr.sys (disabled)
System Restore-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SRV: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery-service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Webroot Spy Sweeper Engine: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)
Software Bus-stuurprogramma: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{E9D6446F-05E1-4D22-A68B-ECA4693B31C9} (manual start)
Microsoft Kernel-systeemaudioapparaat: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys (system)
Stuurprogramma voor terminal-apparaat: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Ulead Burning Helper: C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (autostart)
Telekom ISDN-Adapter (USB): System32\Drivers\ulisa.sys (manual start)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update-stuurprogramma: System32\DRIVERS\update.sys (manual start)
Universele Plug en Play-apparaathost: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
DSC Still Image Capture (CA100): System32\Drivers\Bulk100.sys (manual start)
Microsoft generiek hoofd-USB-stuurprogramma: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
DSC Composite USB Device(CA100): System32\DRIVERS\usbhub.sys (autostart)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
Stuurprogramma voor USB-scanner: System32\DRIVERS\usbscan.sys (manual start)
Stuurprogramma voor USB-massaopslag: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VAFXILY: C:\DOCUME~1\HERMAN~1\LOCALS~1\Temp\VAFXILY.exe (manual start)
Grafische VGA-adapter.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
VXLCNNTHVR: C:\DOCUME~1\HERMAN~1\LOCALS~1\Temp\VXLCNNTHVR.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sys (manual start)
WAN Network Driver: System32\DRIVERS\wandrv.sys (manual start)
Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start)
ISDN PCI CAPI: System32\DRIVERS\WDMCAPI.sys (system)
NDIS WAN miniport: System32\DRIVERS\wdmwanmp.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
WINFLASH: \??\D:\Tools\Winflash\WinFlash.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Media Connect (WMC): c:\program files\windows media connect\mswmccds.exe (manual start)
Windows Media Connect (WMC) Helper: C:\Program Files\Windows Media Connect\mswmcls.exe (manual start)
Serienummerservice voor draagbare media: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI-prestatieadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatische updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
X10 Device Network Service: C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (manual start)
%DESCRIPTION%: System32\Drivers\x10uif.sys (manual start)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
YDEEBQGT: C:\DOCUME~1\HERMAN~1\LOCALS~1\Temp\YDEEBQGT.exe (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = PDBoot.exe

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------



Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 40.332 bytes
Report generated in 0,141 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

About RootkitReveler: the programm runs about 20 min. but after the save i receive everytime the same error message. Also at saving in other maps.
Very strange

In what other applications doyou have this problem please?

Let's see what Event Viewer has on this.

go to Start >Run and type
Eventvwr.msc

Press enter

Double click on Application in the left pane.
Look in the right pane for an item regarding your errors.

Double click on that error to get the properties page for that error.

What does it say?

If you want to copy it, look at the icon which looks like two pages and click on it.

That copies it to your clipboard. Paste that in here.


Please do not paste in a ton of old errors that have nothing to do with this.

Although if you do get a recurring error, please do poaste that in


I see the leftover services Rootkit Revealer creates. They would have been cleaned up if the program had shutdown properly.