R
Reinaut
the spyware reporting tool wouldn't work. (it wouldn't
send, it said 'check your proxy settings, but i am in a
university network.)
So i post the problem here.
please send the report to the the people who handle this. i
am VERY concerned about this worm hacking msn messenger to
make people install spyware/virus.
filename: mssmmspgr.exe
description: a worm that hacks msn messenger (or accounts
using it, which have weak passwords) and advises all
contacts to download a file and run it. As they think it is
from there friends, most people will actually do this, as
they think msn is extremely secure.
website explaining the problem:
http://www.sarc.com/avcenter/venc/data/w32.kelvir.aj.html
this website fits my experience on all points.
website how i got infected:
http://take-a-look.unitedlegion.us/gallery.php?email=MYEMAIL
with MYEMAIL replaced by any email adrress.
as this program also intstall a keylogger and steals game
keys, it can be classified as spyware.
i advise ms to fix messenger, so it doesn't get the unsafe
imago that internet explorer already has.
i did a virus scan (using eTrust antivirus) and a spyware
scan(ms antispyware) but they didn't detect it. Both were
updated April the 29 2005 (which is today). I did find the
file manually.
i also post my raw scanning file here. i know this is a
threat to me cause all you who read this now know my
system, but i am more concerned about this spyware problem
and i hope i can trust all who read this not to abuse the
data sent. moderator: please delete this data as soon as
you have sent it to the report reading people. i blocked
the maliscious program before generating this data
<MSSSRT version="1.0.501" createdate="29/04/2005 0:03:12"
os="XP.2600" user=""><Audit><AutoRunAudit>
<StartupFiles>
<StartupFile path="C:\Documents and Settings\All Users\Menu
Start\Programma's\Opstarten\Adobe Reader Snelle
start.lnk" nam="Adobe Acrobat SpeedLauncher
(reader_sl.exe)" pub="Adobe Systems Incorporated"
md5="deb88aef013dd1eefb462d7cad642166" ver="7.0.0.0"
sz="29696" is="0" gfp="">c:\program files\adobe\acrobat
7.0\reader\reader_sl.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All Users\Menu
Start\Programma's\Opstarten\Microsoft Office.lnk"
nam="Microsoft Office 2000 component (osa9.exe)"
pub="Microsoft Corporation"
md5="d76068bcc59818b7d36e99ef8ae70a37" ver="9.0.3720"
sz="65588" is="0" gfp="">c:\program files\microsoft
office\office\osa9.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All Users\Menu
Start\Programma's\Opstarten\Poort voor Symantec Fax
Starter Edition.lnk" nam="Symantec Fax Starter Edition Port
Launcher (olfsnt40.exe)" pub="Microsoft Corporation"
md5="ebdefaf28aa7580c4f2452171aaf16b9" ver="9.0.98.0105"
sz="46077" is="0" gfp="">c:\program files\microsoft
office\office\1043\olfsnt40.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All Users\Menu
Start\Programma's\Opstarten\Service Manager.lnk"
nam="SQL Server Service Manager (sqlmangr.exe)"
pub="Microsoft Corporation"
md5="a6455adf66ee2fdd53b81aae74f40c4c"
ver="2000.080.0760.00" sz="74308" is="0" gfp="">c:\program
files\microsoft sql
server\80\tools\binn\sqlmangr.exe</StartupFile>
</StartupFiles>
<StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ATIPTA" dat="C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe" nam="ATI Desktop Control Panel
(atiptaxx.exe)" pub="ATI Technologies, Inc."
md5="00d38dcbab0bec5a5b61583054dbe129" ver="6.14.10.5085"
sz="335872" is="0" gfp="">c:\program files\ati
technologies\ati control
panel\atiptaxx.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Cmaudio" dat="RunDll32 cmicnfg.cpl,CMICtrlWnd"
nam="CmiCnfg DLL (cmicnfg.cpl)" pub="C-Media Corporation"
md5="3d92420404783a4df8da7d88d923a5d3" ver="1, 0, 41, 6"
sz="2453504" is="0"
gfp="">c:\windows\cmicnfg.cpl</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Realtime Monitor"
dat="C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s" nam="None
(realmon.exe)" pub="Computer Associates International,
Inc." md5="c85d3f6e59cafd86c2aba9592622e372"
ver="7.0.139.0" sz="385024" is="0"
gfp="">c:\progra~1\ca\etrust~1\realmon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NeroFilterCheck"
dat="C:\WINDOWS\system32\NeroCheck.exe" nam="NeroCheck
(nerocheck.exe)" pub="Ahead Software Gmbh"
md5="3e4c03cefad8de135263236b61a49c90" ver="1, 0, 0, 2"
sz="155648" is="0"
gfp="">c:\windows\system32\nerocheck.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="PCMService" dat=""C:\Program Files\Home
Cinema\PowerCinema\PCMService.exe"" nam="PCMService
MFC Application (pcmservice.exe)" pub="None"
md5="b79ee0b8339eecc228d8f362aca0f2ed" ver="1, 0, 0, 1"
sz="61440" is="0" gfp="">c:\program files\home
cinema\powercinema\pcmservice.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="CHotkey" dat="mHotkey.exe" nam="Chicony Multimedia
Driver (mhotkey.exe)" pub="Chicony"
md5="94229807ad00a72b50195f1d3dfb205f" ver="3, 0, 0, 8"
sz="508416" is="0"
gfp="">c:\windows\mhotkey.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ledpointer" dat="CNYHKey.exe" nam="Chicony Multimedia
Driver (cnyhkey.exe)" pub="Chicony"
md5="785fd48cec69d07bcd2c1b2c112f00c9" ver="2, 2, 0, 0"
sz="5794816" is="0"
gfp="">c:\windows\cnyhkey.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Dit" dat="Dit.exe" nam="Customized Icon and Label
(dit.exe)" pub="ICSI Technology Ltd."
md5="748b9439fde6e1c161e109dcf5908066" ver="V2.01.0402"
sz="86016" is="0"
gfp="">c:\windows\dit.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="GameDrive" dat="C:\Program
Files\FarStone\GameDrive\gdtask.exe /AutoRestore"
nam="VirtualDrive VDTask (gdtask.exe)" pub="FarStone
Technology Inc." md5="b24d751f961478481027c9fc87a5b6f5"
ver="7, 0, 0, 1" sz="139264" is="0" gfp="">c:\program
files\farstone\gamedrive\gdtask.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Microsoft Works Update Detection" dat="C:\Program
Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe" nam="Microsoft Works Update Detection
(wkufind.exe)" pub="Microsoft Corporation"
md5="a53cb3e22848b3ed199f99448d3942c4" ver="9.00.0609.0"
sz="50688" is="0" gfp="">c:\program files\common
files\microsoft shared\works
shared\wkufind.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="QuickTime Task" dat=""C:\Program
Files\QuickTime\qttask.exe" -atboottime"
nam="qttask.exe" pub="Apple Computer, Inc."
md5="76a3a30b58405c2c6d833895253a51a9" ver="6.5.1"
sz="98304" is="0" gfp="">c:\program
files\quicktime\qttask.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SunJavaUpdateSched" dat="C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe" nam="Java(TM) 2
Platform Standard Edition binary (jusched.exe)" pub="Sun
Microsystems, Inc." md5="1f6573d67dd5dc06dd29ec7fcf81dc6f"
ver="5.0.20.9" sz="36975" is="0" gfp="">c:\program
files\java\jre1.5.0_02\bin\jusched.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="gcasServ" dat=""C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501"
sz="469824" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="websx" dat="C:\Program Files\websx\int411540.exe
-auto" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="UserFaultCheck" dat="%systemroot%\system32\dumprep 0
-u" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ctfmon.exe" dat="C:\WINDOWS\system32\ctfmon.exe"
nam="CTF Loader (ctfmon.exe)" pub="Microsoft Corporation"
md5="7de46c9c40abb58c8fdfe0212a3bf2b4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="15360" is="0"
gfp="">c:\windows\system32\ctfmon.exe</StartupFileRegistry>
</StartupFilesRegistry>
<WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Aanmeldingstoepassing
Userinit (userinit.exe)" pub="Microsoft Corporation"
md5="de7a0ee4a6a28e6dfe3118eb22468da6" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="24576" is="0"
gfp="">c:\windows\system32\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles>
</StartupWinIniFiles>
<StartupSysIniFiles>
</StartupSysIniFiles>
</AutoRunAudit>
<InternetExplorerAudit version="6.0.2900.2180">
<BrowserHelperObjects>
<BHO ex="1" clsid="{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"
prog="AcroIEHelper.AcroIEHlprObj.1" val="AcroIEHlprObj
Class" nam="Adobe Acrobat IE Helper Version 7.0 for ActiveX
(acroiehelper.dll)" pub="Adobe Systems Incorporated"
md5="42729c3de75a7a51fc6f9ef6546c9199"
ver="7.0.0.2004121400" sz="63136" is="0" gfp="">c:\program
files\adobe\acrobat 7.0\activex\acroiehelper.dll</BHO>
</BrowserHelperObjects>
<IEToolbars>
</IEToolbars>
<IEExtensions>
</IEExtensions>
<IEExplorerBars>
<IEExplorerBar ex="1"
clsid="{4D5C8C25-D075-11d0-B416-00C04FB90376}" prog=""
val="&Tip van de dag" nam="Objecten- en
besturingselementenbibliotheek Shell Doc (shdocvw.dll)"
pub="Microsoft Corporation"
md5="ad2b9fb9c9799da2ee39172f724ab2d9" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="1483264" is="0"
gfp="">c:\windows\system32\shdocvw.dll</IEExplorerBar>
</IEExplorerBars>
<IEShellBrowsers>
<IEShellBrowser ex="0" clsid="
" prog=""
val="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEShellBrowser>
<IEShellBrowser ex="1"
clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}" prog=""
val="&Adres" nam="Shell Browser-bibliotheek voor
gebruikersinterface (browseui.dll)" pub="Microsoft
Corporation" md5="4c818b7b5d37f6c4197793f46a6a9cd4"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="1017344" is="0"
gfp="">c:\windows\system32\browseui.dll</IEShellBrowser>
</IEShellBrowsers>
<IEWebBrowsers>
<IEWebBrowser ex="1"
clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}" prog=""
val="&Adres" nam="Shell Browser-bibliotheek voor
gebruikersinterface (browseui.dll)" pub="Microsoft
Corporation" md5="4c818b7b5d37f6c4197793f46a6a9cd4"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="1017344" is="0"
gfp="">c:\windows\system32\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="
" prog=""
val="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEWebBrowser>
<IEWebBrowser ex="0"
clsid="{014DA6C9-189F-421A-88CD-07CFE51CFF10}" prog=""
val="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEWebBrowser>
<IEWebBrowser ex="0" clsid="
" prog=""
val="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEWebBrowser>
</IEWebBrowsers>
<IEMenuExts>
</IEMenuExts>
<IEURLSearchHooks>
</IEURLSearchHooks>
<IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Start
Page">http://www.reinaut.tk/</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Search
Page">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Page_URL"></IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore Local
Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore Search
Bar">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Search_URL"></IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
HomeOldSP"></IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Start
Page">http://www.reinaut.tk/</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search
Page">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.aldi.com/</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Local
Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search
Bar">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
HomeOldSP"></IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
CustomizeSearch"></IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
SearchAssistant"></IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
CustomizeSearch">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust..htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
SearchAssistant">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst..htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\SearchUrl"></IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\SearchUrl"></IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs mozilla"></IEURL>
</IEURLs>
</InternetExplorerAudit>
<SystemAudit>
<ShellExecuteHooks>
<ShellExecuteHook ex="1"
clsid="{AEB6717E-7E19-11d0-97EE-00C04FD91972}" prog=""
val="URL Exec Hook" nam="Gemeenschappelijk DLL-bestand van
Windows Shell (shell32.dll)" pub="Microsoft Corporation"
md5="c03d3f709c07547363812c7c569c1919" ver="6.00.2900.2620
(xpsp_sp2_gdr.050225-1820)" sz="8497152" is="0"
gfp="">C:\WINDOWS\system32\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="1"
clsid="{9EF34FF2-3396-4527-9D27-04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1"
nam="Microsoft AntiSpyware Shell Extension
(shellextension.dll)" pub="Microsoft Corporation"
md5="08cee315ea2a24e77d68b2b055f73a94" ver="1.00.0501"
sz="93408" is="0" gfp="">c:\program files\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
<ShellOpenCommands>
<ShellOpenCommand
val="HCR\exefile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\comfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\batfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINDOWS\System32\mshta.exe
"%1" %*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\piffile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\txtfile\shell\open\command">%SystemRoot%\system32\NOTEPAD.EXE
%1</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:6
/Open "%L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:9
/Open "%L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mailto\shell\open\command">"%ProgramFiles%\Outlook
Express\msimn.exe" /mailurl:%1</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe"
-nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\http\shell\open\command">C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
-url "%1"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\https\shell\open\command">C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
-url "%1"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\ftp\shell\open\command">C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
-url "%1"</ShellOpenCommand>
</ShellOpenCommands>
<ActiveXInstalls>
<ActiveXInstall clsid="DirectAnimation Java Classes"
prog="" nam=""
codebase="file://C:\WINDOWS\Java\classes\dajava.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall clsid="Microsoft XML Parser for Java"
prog="" nam=""
codebase="file://C:\WINDOWS\Java\classes\xmldso.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{166B1BCA-3F9C-11CF-8075-444553540000}"
prog="SWCtl.SWCtl.8.5.1" nam="Shockwave ActiveX Control"
codebase="http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{17492023-C23A-453E-A040-C7C580BBF700}"
prog="LegitCheckControl.LegitCheck.1" nam="Windows Genuine
Advantage Validation Tool"
codebase="http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409">
<Files>
<File ex="1" nam="PidGen (GWFSPidGen.DLL)" pub="Microsoft"
md5="0244da7bc93595d90e801f9caa338c2f" ver="1, 5, 0, 42"
sz="23304" is="0"
gfp="">C:\WINDOWS\system32\GWFSPidGen.DLL</File>
<File ex="1" nam="Windows Genuine Advantage Validation
(LegitCheckControl.DLL)" pub="Microsoft Corporation"
md5="40fc24cef49eaf0ebc7c51c67f89a952" ver="1.0.0058.6"
sz="346888" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\LegitCheckControl.DLL</File>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{2FC9A21E-2069-4E47-8235-36318989DB13}"
prog="PPSDKActiveXScanner.MainScreen"
nam="PPSDKActiveXScanner.MainScreen"
codebase="http://www.my-etrust.com/includes/pscanner/axscanner.cab">
<Files>
<File ex="1" nam="Windows Common Controls ActiveX Control
DLL (mscomctl.ocx)" pub="Microsoft Corporation"
md5="774a15583db1ad44c5ee32309c840c96" ver="6.01.9545"
sz="1077344" is="0"
gfp="">C:\WINDOWS\System32\mscomctl.ocx</File>
<File ex="1" nam="Visual Basic Virtual Machine
(msvbvm60.dll)" pub="Microsoft Corporation"
md5="e9d39625088f1ebc844bb56dcb14269f" ver="6.00.9690"
sz="1392671" is="0"
gfp="">C:\WINDOWS\system32\msvbvm60.dll</File>
<File ex="1" nam="An ActiveX implementation of Pest
Patrol's PPSDK scanning functionality.
(PPSDKActiveXScanner.ocx)" pub="Pest Patrol Inc."
md5="d3f092c4c6e08a63807af5770d2f4828" ver="1.05.0005"
sz="670320" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\PPSDKActiveXScanner.ocx</File>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}"
prog="OPUCatalog.OPUCatalog11.1" nam="Office Update
Installation Engine"
codebase="http://office.microsoft.com/officeupdate/content/opuc2.cab">
<Files>
<File ex="1" nam="Microsoft Office Update Detection Engine
(opuc.dll)" pub="Microsoft Corporation"
md5="20393d64f69f26361a97fd9afb3c9243" ver="11.0.6466"
sz="326656" is="0" gfp="">C:\WINDOWS\opuc.dll</File>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{56336BCB-3D8A-11D6-A00B-0050DA18DE71}"
prog="RealDownloadExpress.IE.1" nam="RdxIE Class"
codebase="http://software-dl.real.com/23b2b94751f7cd2f3306/netzip/RdxIE601.cab">
<Files>
<File ex="1" nam="RdxIE Module (RdxIE.dll)"
pub="RealNetworks, Inc."
md5="c350fd4b920362062bd39ea31007acfb" ver="6.0.0.10"
sz="520349" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\RdxIE.dll</File>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{7B297BFD-85E4-4092-B2AF-16A91B2EA103}"
prog="WebScan.WScanCtl.1" nam="WScanCtl Class"
codebase="http://www3.ca.com/securityadvisor/virusinfo/webscan.cab">
<Files>
<File ex="1" nam="None (Arclib.dll)" pub="Computer
Associates International, Inc."
md5="f40e2fbcb5201b77d906d269451a6d02" ver="7.2.0.18"
sz="220032" is="0" gfp="">C:\Program
Files\CA\SharedComponents\ScanEngine\Arclib.dll</File>
<File ex="1" nam="WebScan ActiveX (webscan.dll)"
pub="Computer Associates Intl."
md5="83272041a03a9d4381faab718ab1bef7" ver="1, 1, 0, 1045"
sz="180282" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\webscan.dll</File>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{8AD9C840-044E-11D1-B3E9-00805F499D93}" prog=""
nam="Java Plug-in 1.5.0_02"
codebase="http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{9F1C11AA-197B-4942-BA54-47A8489BB47F}" prog=""
nam=""
codebase="http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38030.3040509259">
<Files>
<File ex="1" nam="Windows Update Control Engine
(iuengine.dll)" pub="Microsoft Corporation"
md5="eabba3a4e51bef7785b23ed335c9f13f" ver="5.4.3790.2182
built by: srv03_rtm(ntvbl04)" sz="185624" is="0"
gfp="">C:\WINDOWS\System32\iuengine.dll</File>
<File ex="0" nam=" (iuctl.dll)" pub="" md5="" ver="" sz=""
is="0" gfp="">C:\WINDOWS\System32\iuctl.dll</File>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}" prog=""
nam="Java Plug-in 1.4.2_06"
codebase="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}" prog=""
nam="Java Plug-in 1.5.0_02"
codebase="http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{D27CDB6E-AE6D-11CF-96B8-444553540000}"
prog="ShockwaveFlash.ShockwaveFlash.1" nam="Shockwave Flash
Object"
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{F2A84794-EE6D-447B-8C21-3BA1DC77C5B4}"
prog="Sdkinst.SDKInstall.1" nam="SDKInstall Class"
codebase="http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab">
<Files>
<File ex="1" nam="SDK Update System Version Control
(appversions.dll)" pub="Microsoft Corporation"
md5="141487d8ba46fa62a8f925070a5a47f4" ver="5.2.3790.0"
sz="50288" is="0" gfp="">C:\WINDOWS\appversions.dll</File>
<File ex="1" nam="SDK Update ActiveX Control (sdkinst.dll)"
pub="Microsoft Corporation"
md5="8d832143c494cc1230fb99071c6c76e5" ver="5.2.3790.0"
sz="303224" is="0" gfp="">C:\WINDOWS\sdkinst.dll</File>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{FF982A6F-FB83-42FE-B4BD-1941C499F194}"
prog="AppVersions.Versions.1" nam="Versions Class"
codebase="http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab">
<Files>
<File ex="1" nam="SDK Update System Version Control
(appversions.dll)" pub="Microsoft Corporation"
md5="141487d8ba46fa62a8f925070a5a47f4" ver="5.2.3790.0"
sz="50288" is="0" gfp="">C:\WINDOWS\appversions.dll</File>
<File ex="1" nam="SDK Update ActiveX Control (sdkinst.dll)"
pub="Microsoft Corporation"
md5="8d832143c494cc1230fb99071c6c76e5" ver="5.2.3790.0"
sz="303224" is="0" gfp="">C:\WINDOWS\sdkinst.dll</File>
</Files>
</ActiveXInstall>
</ActiveXInstalls>
<PROTOCOLSFilters>
<PROTOCOLSFilter ex="1"
clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1"
filter="application/octet-stream"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft
..NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="05c32ac00bcfe08248fa870e7cc3590e"
ver="2.0.50215.44 (beta2.050215-4400)" sz="253952" is="0"
gfp="">C:\WINDOWS\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1"
filter="application/x-complus"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft
..NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="05c32ac00bcfe08248fa870e7cc3590e"
ver="2.0.50215.44 (beta2.050215-4400)" sz="253952" is="0"
gfp="">C:\WINDOWS\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1"
filter="application/x-msdownload"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft
..NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="05c32ac00bcfe08248fa870e7cc3590e"
ver="2.0.50215.44 (beta2.050215-4400)" sz="253952" is="0"
gfp="">C:\WINDOWS\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" prog=""
filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog=""
filter="deflate"
val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog=""
filter="gzip" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog=""
filter="lzdhtml"
val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" prog=""
filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
nam="Gemeenschappelijk DLL-bestand van Windows Shell
(shell32.dll)" pub="Microsoft Corporation"
md5="c03d3f709c07547363812c7c569c1919" ver="6.00.2900.2620
(xpsp_sp2_gdr.050225-1820)" sz="8497152" is="0"
gfp="">c:\windows\system32\shell32.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
<PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1"
clsid="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="about" val="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML-viewer (mshtml.dll)" pub="Microsoft
Corporation" md5="d9c48bc1dbbe8154703c6cb078044d08"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="3010560" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}" prog=""
filter="cdl" val="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{CD00020A-8B95-11D1-82DB-00C04FB1625D}"
prog="CDO.KnowledgePluggable.1" filter="cdo"
val="{CD00020A-8B95-11D1-82DB-00C04FB1625D}" nam="Microsoft
SharePoint Portal Server Object Model (pkmcdo.dll)"
pub="Microsoft Corporation"
md5="623d03d48a2da1bc03764d6d7fc88542" ver="10.145.7329.0"
sz="868352" is="0" gfp="">c:\program files\common
files\microsoft shared\web
folders\pkmcdo.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{12D51199-0DB5-46FE-A120-47A3D7D937CC}" prog=""
filter="dvd" val="{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
nam="ActiveX-besturingselement voor videogegevensstromen
(msvidctl.dll)" pub="Microsoft Corporation"
md5="e6d8bd7fc8a21bfcb1f237486e4a445a" ver="6.05.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="1432576" is="0"
gfp="">c:\windows\system32\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="file" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="ftp" val="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="gopher"
val="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="http" val="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="https" val="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" filter="its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" nam="Microsoft
InfoTech Storage System Library (itss.dll)" pub="Microsoft
Corporation" md5="10836fd0553cf6fe5e82c77c690a7e5c"
ver="5.2.3790.1221 (dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="javascript"
val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft
(R) HTML-viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="d9c48bc1dbbe8154703c6cb078044d08" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="3010560" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="local" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="mailto"
val="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft
(R) HTML-viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="d9c48bc1dbbe8154703c6cb078044d08" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="3010560" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{05300401-BCBC-11d0-85E3-00C04FD85AB4}" prog=""
filter="mhtml" val="{05300401-BCBC-11d0-85E3-00C04FD85AB4}"
nam="Microsoft Internet Messaging API (inetcomm.dll)"
pub="Microsoft Corporation"
md5="6dfa932d9ff7b4c78d7da49d98f3fb52" ver="6.00.2900.2527
(xpsp_sp2_gdr.040919-1056)" sz="679424" is="0"
gfp="">c:\windows\system32\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="mk" val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{314111c7-a502-11d2-bbca-00c04f8ec294}" prog=""
filter="ms-help"
val="{314111c7-a502-11d2-bbca-00c04f8ec294}" nam="Microsoft
Help Data Services Module (hxds.dll)" pub="Microsoft
Corporation" md5="79792682da67deeda41320f6de78682c"
ver="2.05.50215.44 (beta2.050215-4400)" sz="860672" is="0"
gfp="">c:\program files\common files\microsoft
shared\help\hxds.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" filter="ms-its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" nam="Microsoft
InfoTech Storage System Library (itss.dll)" pub="Microsoft
Corporation" md5="10836fd0553cf6fe5e82c77c690a7e5c"
ver="5.2.3790.1221 (dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{0A9007C0-4076-11D3-8789-0000F8105754}"
prog="Microsoft.ITSS.URLProtocol" filter="ms-itss"
val="{0A9007C0-4076-11D3-8789-0000F8105754}" nam="Microsoft
InfoTech Storage System Library (msitss.dll)"
pub="Microsoft Corporation"
md5="fbfef8d1ccfe1b12c0303f0c4b67eb97" ver="5.40.1171.1"
sz="221184" is="0" gfp="">c:\program files\common
files\microsoft shared\information
retrieval\msitss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="res" val="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML-viewer (mshtml.dll)" pub="Microsoft
Corporation" md5="d9c48bc1dbbe8154703c6cb078044d08"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="3010560" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{76E67A63-06E9-11D2-A840-006008059382}" prog=""
filter="sysimage"
val="{76E67A63-06E9-11D2-A840-006008059382}" nam="Microsoft
(R) HTML-viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="d9c48bc1dbbe8154703c6cb078044d08" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="3010560" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}" prog=""
filter="tv" val="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
nam="ActiveX-besturingselement voor videogegevensstromen
(msvidctl.dll)" pub="Microsoft Corporation"
md5="e6d8bd7fc8a21bfcb1f237486e4a445a" ver="6.05.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="1432576" is="0"
gfp="">c:\windows\system32\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="vbscript"
val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft
(R) HTML-viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="d9c48bc1dbbe8154703c6cb078044d08" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="3010560" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}"
prog="Wia.WiaProtocol.1" filter="wia"
val="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" nam="WIA
Scripting Layer (wiascr.dll)" pub="Microsoft Corporation"
md5="25fd68fce7a2fd3ae7c65d2e25075b68" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="75776" is="0"
gfp="">c:\windows\system32\wiascr.dll</PROTOCOLSHandler>
</PROTOCOLSHandlers>
<PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" namespace="mk" namespacefilter="NameSpace
Filter for MK
MSITStore:..."
val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" nam="Microsoft
InfoTech Storage System Library (itss.dll)" pub="Microsoft
Corporation" md5="10836fd0553cf6fe5e82c77c690a7e5c"
ver="5.2.3790.1221 (dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
<TCPIPParamaters>
<TCPIPParamater
val="DataBasePath">%SystemRoot%\System32\drivers\etc</TCPIPParamater>
<TCPIPParamater val="Domain"></TCPIPParamater>
<TCPIPParamater val="NameServer"></TCPIPParamater>
<TCPIPParamater val="SearchList"></TCPIPParamater>
<TCPIPParamater val="VXD MSTCP: NameServer"></TCPIPParamater>
</TCPIPParamaters>
<InternetSettings>
<InternetSetting val="ProxyEnable">0</InternetSetting>
<InternetSetting val="ProxyServer"></InternetSetting>
<InternetSetting val="ProxyOverride"></InternetSetting>
<InternetSetting val="User Agent">Mozilla/4.0 (compatible;
MSIE 6.0; Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain Count">1</InternetSetting>
</InternetSettings>
<IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles"></IESetting>
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles"></IESetting>
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles"></IESetting>
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles"></IESetting>
</IESettings>
<AppInitDLLs val="">
</AppInitDLLs>
<ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1"
clsid="{7849596a-48ea-486e-8937-a2a3009f31a9}" prog=""
val="PostBootReminder" nam="Gemeenschappelijk DLL-bestand
van Windows Shell (shell32.dll)" pub="Microsoft
Corporation" md5="c03d3f709c07547363812c7c569c1919"
ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)"
sz="8497152" is="0"
gfp="">c:\windows\system32\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{fbeb8a05-beee-4442-804e-409d6c4515e9}" prog=""
val="CDBurn" nam="Gemeenschappelijk DLL-bestand van Windows
Shell (shell32.dll)" pub="Microsoft Corporation"
md5="c03d3f709c07547363812c7c569c1919" ver="6.00.2900.2620
(xpsp_sp2_gdr.050225-1820)" sz="8497152" is="0"
gfp="">c:\windows\system32\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" prog=""
val="WebCheck" nam="Website Monitor (webcheck.dll)"
pub="Microsoft Corporation"
md5="a3d67cbdfd1d25a14c5a59b2d6003310" ver="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" sz="279552" is="0"
gfp="">c:\windows\system32\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{35CEC8A3-2BE6-11D2-8773-92E220524153}" prog=""
val="SysTray" nam="Systray-shellserviceobject
(stobject.dll)" pub="Microsoft Corporation"
md5="8255711a95c01c66bbbe3d94c4d50ed2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="122368" is="0"
gfp="">c:\windows\system32\stobject.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks>
</ScheduledTasks>
<Services>
<Service ex="1" disp="Application Layer Gateway-service"
desc="Hiermee wordt ondersteuning geboden voor
protocolinvoegtoepassingen van derden voor
Internet-verbinding delen en Windows Firewall."
nam="Application Layer Gateway Service (alg.exe)"
pub="Microsoft Corporation"
md5="15cff49392f765356ebbf05d87ffb6b2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\System32\alg.exe</Service>
<Service ex="1" disp="ASP.NET State Service" desc="Provides
support for out-of-process session states for ASP.NET. If
this service is stopped, out-of-process requests will not
be processed. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Microsoft ASP.NET State Server (aspnet_state.exe)"
pub="Microsoft Corporation"
md5="be52212fb916a31f5193a58b2d2efd90" ver="2.0.50215.44
(beta2.050215-4400)" sz="22016" is="0"
gfp="">C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\aspnet_state.exe</Service>
<Service ex="1" disp="Indexing-service" desc="Hiermee kunt
u een index maken van de inhoud en eigenschappen van
bestanden op lokale en externe computers. Een flexibele
zoektaal zorgt ervoor dat u snel toegang tot bestanden
krijgt." nam="Content Index service (cisvc.exe)"
pub="Microsoft Corporation"
md5="81700207389cbe1911a5eaee9fc812ce" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5632" is="0"
gfp="">C:\WINDOWS\System32\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Hiermee kan
Plakboeken gegevens opslaan en deze delen met externe
computers. Als de service wordt gestopt kan Plakboeken geen
gegevens met externe computers delen. Als de service wordt
uitgeschakeld, kunnen services die van deze service
afhankelijk zijn niet worden gestart." nam="Windows NT DDE
Server (clipsrv.exe)" pub="Microsoft Corporation"
md5="64d5673c075dd40e2f55387ee9b0cad7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="33280" is="0"
gfp="">C:\WINDOWS\system32\clipsrv.exe</Service>
<Service ex="1" disp=".NET Runtime Optimization Service
v2.0.50215_X86" desc="Provides support for optimizing
managed assemblies using NGEN technology." nam="Microsoft
Common Language Runtime Service Host (mscorsvw.exe)"
pub="Microsoft Corporation"
md5="5a85194e1fccee5e7146421b4e3ad52b" ver="2.0.50215.44
(beta2.050215-4400)" sz="56320" is="0"
gfp="">C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\mscorsvw.exe</Service>
<Service ex="1" disp="COM+-systeemtoepassing" desc="De
configuratie en tracering van COM+-onderdelen beheren. Als
de service wordt gestopt, functioneren de meeste
COM+-onderdelen niet goed. Als deze service wordt
uitgeschakeld, kunnen services die expliciet hiervan
afhankelijk zijn, niet worden gestart." nam="COM Surrogate
(dllhost.exe)" pub="Microsoft Corporation"
md5="dac52b0d256e0d48ed589dda9133ec79" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Logical Disk Manager
Administrative-service" desc="Hiermee worden vaste schijven
en volumes geconfigureerd. De service is alleen actief
tijdens de configuratie en wordt daarna gestopt."
nam="Proces voor de Logical Disk Manager-service
(dmadmin.exe)" pub="Microsoft Corp., Veritas Software"
md5="97bebe57053254d565da19d558eff626"
ver="2600.2180.503.0" sz="225280" is="0"
gfp="">C:\WINDOWS\System32\dmadmin.exe</Service>
<Service ex="1" disp="Event Log" desc="Hiermee kunnen
gebeurtenisberichten die worden uitgegeven door
programma's en onderdelen van Windows worden
weergegeven in Logboeken. Deze service kan niet worden
gestopt." nam="Services en controllertoepassingen
(services.exe)" pub="Microsoft Corporation"
md5="39991cd3c17b7529d039151a88e84499" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108544" is="0"
gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="Fax" desc="Hiermee kunt u faxen
verzenden en ontvangen met de faxapparaten op deze computer
of op het netwerk." nam="Fax Service (fxssvc.exe)"
pub="Microsoft Corporation"
md5="385357b341c6dd85ae94e65b83d81856" ver="5.2.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="268288" is="0"
gfp="">C:\WINDOWS\system32\fxssvc.exe</Service>
<Service ex="1" disp="COM-service voor IMAPI cd-branders"
desc="Deze service beheert het beschrijven van cd's
via de IMAPI-interface. Als deze service wordt gestopt,
kunnen er met deze computer geen cd worden gebrand. Als
deze service wordt uitgeschakeld, kunnen services die van
deze service afhankelijk zijn niet worden gestart."
nam="API voor het beschrijven van cd's (imapi.exe)"
pub="Microsoft Corporation"
md5="f85149aa4afea9200484715cf15f568d" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="150016" is="0"
gfp="">C:\WINDOWS\System32\imapi.exe</Service>
<Service ex="1" disp="eTrust Antivirus RPC Server" desc=""
nam="None (InoRpc.exe)" pub="Computer Associates
International, Inc." md5="b611cb7fe91ebb8ad31c89b14912c35b"
ver="7.0.139.0" sz="144864" is="0" gfp="">C:\Program
Files\CA\eTrust Antivirus\InoRpc.exe</Service>
<Service ex="1" disp="eTrust Antivirus Realtime Server"
desc="" nam="None (InoRT.exe)" pub="Computer Associates
International, Inc." md5="79b8597f87e7fa5ac27ad31a0d6370d3"
ver="7.0.139.0" sz="408645" is="0" gfp="">C:\Program
Files\CA\eTrust Antivirus\InoRT.exe</Service>
<Service ex="1" disp="eTrust Antivirus Job Server" desc=""
nam="None (InoTask.exe)" pub="Computer Associates
International, Inc." md5="2d3d70de3e4ef543e82c10abf8f14cb3"
ver="7.0.139.0" sz="184320" is="0" gfp="">C:\Program
Files\CA\eTrust Antivirus\InoTask.exe</Service>
<Service ex="1" disp="Machine Debug Manager" desc="Supports
local and remote debugging for Visual Studio and script
debuggers. If this service is stopped, the debuggers will
not function properly." nam="Machine Debug Manager
(mdm.exe)" pub="Microsoft Corporation"
md5="5eb02af758e270177de0d2a6832846f1" ver="7.00.9466"
sz="315392" is="0" gfp="">C:\Program Files\Common
Files\Microsoft Shared\VS7Debug\mdm.exe</Service>
<Service ex="1" disp="NetMeeting Remote Desktop Sharing"
desc="Hiermee kunnen gemachtigde personen dit
Windows-bureaublad extern benaderen via NetMeeting."
nam="NetMeeting Extern bureaublad delen (mnmsrvc.exe)"
pub="Microsoft Corporation"
md5="8ca3298ee96d6b75f28c991518dc2dd9" ver="5.1.2600.2180"
sz="32768" is="0"
gfp="">C:\WINDOWS\System32\mnmsrvc.exe</Service>
<Service ex="0" disp="MSDTC" desc="" nam=" (msdtc.exe)"
pub="" md5="" ver="" sz="" is="0"
gfp="">C:\MSSQL\BINN\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Hiermee
worden toepassingen die als een Windows Installer-pakket
(*.msi) worden aangeboden, toegevoegd, aangepast en
verwijderd. Als deze service is uitgeschakeld, kunnen
services die van deze service afhankelijk zijn, niet worden
gestart." nam="Windows installer (msiexec.exe)"
pub="Microsoft Corporation"
md5="f5f0146580e7023adb963879840777f8" ver="3.1.4000.1823"
sz="78848" is="0"
gfp="">C:\WINDOWS\system32\msiexec.exe</Service>
<Service ex="1" disp="SQL Server (SQLEXPRESS)"
desc="Microsoft SQL Server Database Engine" nam="SQL Server
Windows NT (sqlservr.exe)" pub="Microsoft Corporation"
md5="ce50e6dc9e99aa9392de80e3c29b765a"
ver="2000.090.1116.00" sz="26884824" is="0"
gfp="">c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe</Service>
<Service ex="1" disp="MSSQLServer" desc="" nam="SQL Server
Windows NT (sqlservr.exe)" pub="Microsoft Corporation"
md5="f80eec5e1d6cdf82cb974daada0c57dd"
ver="2000.080.0760.00" sz="7520337" is="0"
gfp="">C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe</Service>
<Service ex="1" disp="MSSQLServerADHelper"
desc="MSSQLServerADHelper is a helper service for
integration with Active Directories." nam="Microsoft SQL
Server Active Directory Helper Service (sqladhlp90.exe)"
pub="Microsoft Corporation"
md5="5c1c1c30d4617d0a973a447358028d35"
ver="2000.090.1116.00" sz="41688" is="0" gfp="">c:\Program
Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe</Service>
<Service ex="1" disp="Network DDE" desc="Hiermee wordt
netwerktransport en netwerkbeveiliging geboden voor
dynamische gegevensuitwisseling (DDE) voor programma's
die op dezelfde computer of verschillende computers worden
uitgevoerd. Als de service wordt gestopt, zijn
DDE-transport en -beveiliging niet beschikbaar. Als deze
service wordt uitgeschakeld, kunnen services die van deze
service afhankelijk zijn niet worden gestart."
nam="Netwerk-DDE - DDE-communicatie (netdde.exe)"
pub="Microsoft Corporation"
md5="7e61d52d2d9259c63dfb6c156719d3b4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="113664" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Hiermee
worden gedeelde netwerkshares voor dynamische
gegevensuitwisseling (DDE) beheerd. Als deze service wordt
gestopt, zijn de DDE-netwerkshares niet beschikbaar. Als de
service wordt uitgeschakeld, kunnen services die van deze
service afhankelijk zijn niet worden gestart."
nam="Netwerk-DDE - DDE-communicatie (netdde.exe)"
pub="Microsoft Corporation"
md5="7e61d52d2d9259c63dfb6c156719d3b4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="113664" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Net Logon" desc="Hiermee wordt
ondersteuning geboden voor indirecte verificatie van
accountaanmeldingsgebeurtenissen voor computers in een
domein." nam="LSA Shell (lsass.exe)" pub="Microsoft
Corporation" md5="34a82debefb057fcccbe15f619fc98a7"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312"
is="0" gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="NT LM Security Support Provider"
desc="Hiermee wordt beveiliging geboden voor
RPC-programma's (Remote procedure call) die andere
transporten gebruiken dan named pipes." nam="LSA Shell
(lsass.exe)" pub="Microsoft Corporation"
md5="34a82debefb057fcccbe15f619fc98a7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="Plug and Play" desc="Hiermee kan een
computer wijzigingen in de hardwareconfiguratie herkennen
en zich aanpassen zonder of met weinig invoer van de
gebruiker. Als de service wordt gestopt of uitgeschakeld
wordt de computer instabiel." nam="Services en
controllertoepassingen (services.exe)" pub="Microsoft
Corporation" md5="39991cd3c17b7529d039151a88e84499"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="108544"
is="0" gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="IPSEC-services" desc="Hiermee wordt
het IP-beveiligingsbeleid beheerd en de
stuurprogramma's voor ISAKMP/Oakley (IKE) en
IP-beveiliging gestart." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="34a82debefb057fcccbe15f619fc98a7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="Protected Storage" desc="Hiermee
wordt beveiligde opslag voor vertrouwelijke gegevens, zoals
persoonlijke sleutels, geboden om toegang door
niet-gemachtigde services, processen of gebruikers te
voorkomen" nam="LSA Shell (lsass.exe)" pub="Microsoft
Corporation" md5="34a82debefb057fcccbe15f619fc98a7"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312"
is="0" gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Helpsessiebeheer voor Extern
bureaublad" desc="Hiermee wordt de voorziening Hulp op
afstand aangestuurd. Als deze service is gestopt, is Hulp
op afstand niet beschikbaar. Raadpleeg alvorens deze
service te stoppen eerst het tabblad Afhankelijkheden van
het dialoogvenster met eigenschappen." nam="Microsoft
Helpsessiebeheer voor Extern bureaublad (sessmgr.exe)"
pub="Microsoft Corporation"
md5="a81b92d6ae9f0433b14a54dbf63a1ff3" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="142336" is="0"
gfp="">C:\WINDOWS\system32\sessmgr.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC) Locator"
desc="Hiermee wordt de database van de RPC Name-service
beheerd." nam="Rpc Locator (locator.exe)" pub="Microsoft
Corporation" md5="69b970645e78c1ed5fa7caf34a1a13e6"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="75264"
is="0" gfp="">C:\WINDOWS\System32\locator.exe</Service>
<Service ex="1" disp="QoS RSVP" desc="Hiermee wordt
functionaliteit voor de configuratie van netwerksignalen en
besturings van lokaal verkeer verkregen voor
programma's en besturingshulpprogramma's die
geschikt zijn voor QoS" nam="Microsoft RSVP (rsvp.exe)"
pub="Microsoft Corporation"
md5="ad1b5f1b99fff08c99f443d784711a81" ver="5.1.2600.0
(xpclient.010817-1148)" sz="132608" is="0"
gfp="">C:\WINDOWS\System32\rsvp.exe</Service>
<Service ex="0" disp="RTE : TAPI" desc="" nam="
(RTETPISv.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">c:\fotowin\RTETPISv.exe</Service>
<Service ex="1" disp="Security Accounts Manager"
desc="Hiermee worden beveiligingsgegevens voor lokale
gebruikersaccounts opgeslagen" nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="34a82debefb057fcccbe15f619fc98a7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Smart Card" desc="Hiermee wordt de
toegang tot een smartcard beheerd die in een smartcardlezer
is geplaatst die aan de computer is gekoppeld. Als de
service wordt gestopt, kunnen er geen smartcards worden
gelezen. Als de service wordt uitgeschakeld, kunnen
services die van deze service afhankelijk zijn niet worden
gestart." nam="Smartcard-bronbeheerserver (SCardSvr.exe)"
pub="Microsoft Corporation"
md5="11344a685293c0a5d228de5381cd9e5d" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="98304" is="0"
gfp="">C:\WINDOWS\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Eenvoudige TCP/IP-services"
desc="Hiermee wordt ondersteuning geboden voor de volgende
TCP/IP-services: Character Generator, Daytime Discard, Echo
en Quote of the Day." nam="TCP/IP Services Application
(tcpsvcs.exe)" pub="Microsoft Corporation"
md5="46d8aad86cf13a292900e4b2efa7aafa" ver="5.1.2600.0
(xpclient.010817-1148)" sz="19456" is="0"
gfp="">C:\WINDOWS\System32\tcpsvcs.exe</Service>
<Service ex="1" disp="SNMP-service" desc="Deze service
bevat agenten die de activiteit van netwerkapparaten
controleren en rapporteren aan het
netwerkconsolewerkstation." nam="SNMP-service (snmp.exe)"
pub="Microsoft Corporation"
md5="01e715733296ff80b91fda9722fb2997" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="32768" is="0"
gfp="">C:\WINDOWS\System32\snmp.exe</Service>
<Service ex="1" disp="SNMP Trap-service" desc="Hiermee
worden trap-berichten ontvangen die zijn gemaakt door
lokale of externe SNMP-agenten en de berichten doorgestuurd
naar SNMP-beheerprogramma's die worden uitgevoerd op
deze computer." nam="SNMP Trap Service (snmptrap.exe)"
pub="Microsoft Corporation"
md5="579a6e49f2a447a4c02427022a8766a4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="8704" is="0"
gfp="">C:\WINDOWS\System32\snmptrap.exe</Service>
<Service ex="1" disp="Print Spooler" desc="Hiermee worden
bestanden in het geheugen geladen om later te worden
afgedrukt" nam="Spooler SubSystem App (spoolsv.exe)"
pub="Microsoft Corporation"
md5="cccb8b94b17466efb9dc27f42625b0e5" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">C:\WINDOWS\system32\spoolsv.exe</Service>
<Service ex="1" disp="SQL Browser" desc="Provides SQL
Server connection information to client computers."
nam="SQL Browser Service EXE (sqlbrowser.exe)"
pub="Microsoft Corporation"
md5="ccf9dfb9b32ae33847df737cfe232722"
ver="2000.090.1116.00" sz="151768" is="0" gfp="">c:\Program
Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe</Service>
<Service ex="1" disp="SQLSERVERAGENT" desc=""
nam="Microsoft SQL Server Agent (sqlagent.exe)"
pub="Microsoft Corporation"
md5="e3f974bdedc336490a2e6f3a703f016a"
ver="2000.080.0760.00" sz="311872" is="0"
gfp="">C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe</Service>
<Service ex="1" disp="MS Software Shadow Copy Provider"
desc="Beheert schaduwkopieën op basis van software, die
door de Volume Shadow Copy-service zijn gemaakt. Als deze
service is gestopt, kunnen schaduwkopieën op basis van
software niet worden beheerd. Als de service wordt
uitgeschakeld, kunnen services die van deze service
afhankelijk zijn niet worden gestart." nam="COM Surrogate
(dllhost.exe)" pub="Microsoft Corporation"
md5="dac52b0d256e0d48ed589dda9133ec79" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Performance Logs and Alerts"
desc="Hiermee worden prestatiegegevens verzameld die zijn
gebaseerd op voorgeconfigureerde schemaparameters.
Vervolgens worden de gegevens naar een logboek geschreven
of wordt een alarm geactiveerd. Als deze service wordt
gestopt, worden er geen prestatiegegevens verzameld. Als
deze service wordt uitgeschakeld, kunnen de services die
expliciet van deze service afhankelijk zijn, niet starten."
nam="Performance Logs and Alerts-service (smlogsvc.exe)"
pub="Microsoft Corporation"
md5="c4d7d00c5ea67a557c95c44e3a226bad" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="92160" is="0"
gfp="">C:\WINDOWS\system32\smlogsvc.exe</Service>
<Service ex="1" disp="Windows User Mode Driver Framework"
desc="Enables Windows user mode drivers." nam="Windows User
Mode Driver Manager (wdfmgr.exe)" pub="Microsoft
Corporation" md5="c81b8635dee0d3ef5f64b3dd643023a5"
ver="5.2.3790.1230 built by: DNSRV(bld4act)" sz="38912"
is="0" gfp="">C:\WINDOWS\system32\wdfmgr.exe</Service>
<Service ex="1" disp="Uninterruptible Power Supply"
desc="Hiermee wordt een noodvoeding (UPS) beheerd die op de
computer is aangesloten" nam="UPS Service (ups.exe)"
pub="Microsoft Corporation"
md5="5124d4054c62991a65d616f202965740" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="18432" is="0"
gfp="">C:\WINDOWS\System32\ups.exe</Service>
<Service ex="1" disp="Volume Shadow Copy" desc="Hiermee
kunnen schaduwkopieën van volumes die door
back-uptoepassingen en voor andere doeleinden worden
gebruikt, worden beheerd en geïmplementeerd. Als deze
service wordt gestopt, zijn de schaduwkopieën niet
beschikbaar voor het maken van een back-up en de back-up
kan mogelijk mislukken. Als deze service wordt
uitgeschakeld, kunnen services die van deze service
afhankelijk zijn niet starten." nam="Microsoft Volume
Shadow Copy-service (vssvc.exe)" pub="Microsoft
Corporation" md5="faec7a09c545a16b7534ff57cc8e2a4a"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="292864"
is="0" gfp="">C:\WINDOWS\System32\vssvc.exe</Service>
<Service ex="1" disp="Windows Media Connect (WMC)"
desc="Voorziet Universal Plug and Play-apparaten van
gedeelde multimediainhoud" nam="Windows Media Connect
(mswmccds.exe)" pub="Microsoft Corporation"
md5="20263dafd033d30f151bb87568386769" ver="5.1.2600.1
built by: DNSRV(bld4act)" sz="483328" is="0"
gfp="">c:\program files\windows media
connect\mswmccds.exe</Service>
<Service ex="1" disp="Windows Media Connect (WMC) Helper"
desc="Controleert het netwerk op nieuwe rendererapparaten
voor UPnP-media." nam="Windows Media Connect (mswmcls.exe)"
pub="Microsoft Corporation"
md5="1dd015a69235dcfae18b5f98fb50be23" ver="5.1.2600.1
built by: DNSRV(bld4act)" sz="28160" is="0"
gfp="">C:\Program Files\Windows Media
Connect\mswmcls.exe</Service>
<Service ex="1" disp="WMI-prestatieadapter" desc="Biedt
informatie over het DLL-prestatiebestand van WMI High
Performance-providers." nam="WMI-prestatieadapterservice
(wmiapsrv.exe)" pub="Microsoft Corporation"
md5="2398e9f520df78a96fcd577f3a261e98" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="126464" is="0"
gfp="">C:\WINDOWS\System32\wbem\wmiapsrv.exe</Service>
<Service ex="1" disp="X10 Device Network Service" desc=""
nam="X10 Module (x10nets.exe)" pub="X10"
md5="5a0c788c5bc5f2c993cb60940adcf95e" ver="1, 0, 0, 1"
sz="20480" is="0"
gfp="">C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe</Service>
</Services>
</SystemAudit>
<ProcessesAudit>
<Processes>
<Process ex="1" pid="468" nam="Windows NT Session Manager
(smss.exe)" pub="Microsoft Corporation"
md5="610205ca596bb9707181479459290935" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="50688" is="0"
gfp="">c:\windows\system32\smss.exe</Process>
<Process ex="1" pid="520" nam="Client Server Runtime
Process (csrss.exe)" pub="Microsoft Corporation"
md5="16a07525f4f3e6c4cd3e033e50c0233b" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="6144" is="0"
gfp="">C:\WINDOWS\system32\csrss.exe</Process>
<Process ex="1" pid="544" nam="Toepassing Windows
NT-aanmelding (winlogon.exe)" pub="Microsoft Corporation"
md5="732ed791711df9c9dd15e5515bc681b8" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="504832" is="0"
gfp="">c:\windows\system32\winlogon.exe</Process>
<Process ex="1" pid="588" nam="Services en
controllertoepassingen (services.exe)" pub="Microsoft
Corporation" md5="39991cd3c17b7529d039151a88e84499"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="108544"
is="0" gfp="">c:\windows\system32\services.exe</Process>
<Process ex="1" pid="600" nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="34a82debefb057fcccbe15f619fc98a7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">c:\windows\system32\lsass.exe</Process>
<Process ex="1" pid="768" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="ab8c6d89a897bacba4657fdf00e344a6" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="816" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="ab8c6d89a897bacba4657fdf00e344a6" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="888" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="ab8c6d89a897bacba4657fdf00e344a6" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1000" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="ab8c6d89a897bacba4657fdf00e344a6" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1096" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="ab8c6d89a897bacba4657fdf00e344a6" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1300" nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="cccb8b94b17466efb9dc27f42625b0e5" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">c:\windows\system32\spoolsv.exe</Process>
<Process ex="1" pid="1352" nam="Smartcard-bronbeheerserver
(scardsvr.exe)" pub="Microsoft Corporation"
md5="11344a685293c0a5d228de5381cd9e5d" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="98304" is="0"
gfp="">C:\WINDOWS\system32\scardsvr.exe</Process>
<Process ex="1" pid="1536" nam="Windows Verkenner
(explorer.exe)" pub="Microsoft Corporation"
md5="a1d7304a87fc3093150f5e3cc7b0f338" ver="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" sz="1035776" is="0"
gfp="">c:\windows\explorer.exe</Process>
<Process ex="1" pid="1608" nam="ATI Desktop Control Panel
(atiptaxx.exe)" pub="ATI Technologies, Inc."
md5="00d38dcbab0bec5a5b61583054dbe129" ver="6.14.10.5085"
sz="335872" is="0" gfp="">c:\program files\ati
technologies\ati control panel\atiptaxx.exe</Process>
<Process ex="1" pid="1624" nam="None (realmon.exe)"
pub="Computer Associates International, Inc."
md5="c85d3f6e59cafd86c2aba9592622e372" ver="7.0.139.0"
sz="385024" is="0"
gfp="">c:\progra~1\ca\etrust~1\realmon.exe</Process>
<Process ex="1" pid="1668" nam="PCMService MFC Application
(pcmservice.exe)" pub="None"
md5="b79ee0b8339eecc228d8f362aca0f2ed" ver="1, 0, 0, 1"
sz="61440" is="0" gfp="">c:\program files\home
cinema\powercinema\pcmservice.exe</Process>
<Process ex="1" pid="1684" nam="Chicony Multimedia Driver
(mhotkey.exe)" pub="Chicony"
md5="94229807ad00a72b50195f1d3dfb205f" ver="3, 0, 0, 8"
sz="508416" is="0" gfp="">c:\windows\mhotkey.exe</Process>
<Process ex="1" pid="1696" nam="Chicony Multimedia Driver
(cnyhkey.exe)" pub="Chicony"
md5="785fd48cec69d07bcd2c1b2c112f00c9" ver="2, 2, 0, 0"
sz="5794816" is="0" gfp="">c:\windows\cnyhkey.exe</Process>
<Process ex="1" pid="1704" nam="Customized Icon and Label
(dit.exe)" pub="ICSI Technology Ltd."
md5="748b9439fde6e1c161e109dcf5908066" ver="V2.01.0402"
sz="86016" is="0" gfp="">c:\windows\dit.exe</Process>
<Process ex="1" pid="1724" nam="VirtualDrive VDTask
(gdtask.exe)" pub="FarStone Technology Inc."
md5="b24d751f961478481027c9fc87a5b6f5" ver="7, 0, 0, 1"
sz="139264" is="0" gfp="">c:\program
files\farstone\gamedrive\gdtask.exe</Process>
<Process ex="1" pid="1736" nam="Microsoft Works Update
Detection (wkufind.exe)" pub="Microsoft Corporation"
md5="a53cb3e22848b3ed199f99448d3942c4" ver="9.00.0609.0"
sz="50688" is="0" gfp="">c:\program files\common
files\microsoft shared\works shared\wkufind.exe</Process>
<Process ex="1" pid="1748" nam="qttask.exe" pub="Apple
Computer, Inc." md5="76a3a30b58405c2c6d833895253a51a9"
ver="6.5.1" sz="98304" is="0" gfp="">c:\program
files\quicktime\qttask.exe</Process>
<Process ex="1" pid="1764" nam="Java(TM) 2 Platform
Standard Edition binary (jusched.exe)" pub="Sun
Microsystems, Inc." md5="1f6573d67dd5dc06dd29ec7fcf81dc6f"
ver="5.0.20.9" sz="36975" is="0" gfp="">c:\program
files\java\jre1.5.0_02\bin\jusched.exe</Process>
<Process ex="1" pid="1772" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501"
sz="469824" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</Process>
<Process ex="1" pid="1808" nam="CTF Loader (ctfmon.exe)"
pub="Microsoft Corporation"
md5="7de46c9c40abb58c8fdfe0212a3bf2b4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="15360" is="0"
gfp="">c:\windows\system32\ctfmon.exe</Process>
<Process ex="1" pid="1880" nam="Symantec Fax Starter
Edition Port Launcher (olfsnt40.exe)" pub="Microsoft
Corporation" md5="ebdefaf28aa7580c4f2452171aaf16b9"
ver="9.0.98.0105" sz="46077" is="0" gfp="">c:\program
files\microsoft office\office\1043\olfsnt40.exe</Process>
<Process ex="1" pid="1908" nam="SQL Server Service Manager
(sqlmangr.exe)" pub="Microsoft Corporation"
md5="a6455adf66ee2fdd53b81aae74f40c4c"
ver="2000.080.0760.00" sz="74308" is="0" gfp="">c:\program
files\microsoft sql server\80\tools\binn\sqlmangr.exe</Process>
<Process ex="1" pid="1940" nam="Microsoft AntiSpyware Data
Service (gcasdtserv.exe)" pub="Microsoft Corporation"
md5="255ca546f8e187c41ebed2aabbeee07c" ver="1.00.0501"
sz="748352" is="0" gfp="">c:\program files\microsoft
antispyware\gcasdtserv.exe</Process>
<Process ex="1" pid="160" nam="Content Index service
(cisvc.exe)" pub="Microsoft Corporation"
md5="81700207389cbe1911a5eaee9fc812ce" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5632" is="0"
gfp="">c:\windows\system32\cisvc.exe</Process>
<Process ex="1" pid="284" nam="None (inorpc.exe)"
pub="Computer Associates International, Inc."
md5="b611cb7fe91ebb8ad31c89b14912c35b" ver="7.0.139.0"
sz="144864" is="0" gfp="">c:\program files\ca\etrust
antivirus\inorpc.exe</Process>
<Process ex="1" pid="308" nam="None (inort.exe)"
pub="Computer Associates International, Inc."
md5="79b8597f87e7fa5ac27ad31a0d6370d3" ver="7.0.139.0"
sz="408645" is="0" gfp="">c:\program files\ca\etrust
antivirus\inort.exe</Process>
<Process ex="1" pid="324" nam="None (inotask.exe)"
pub="Computer Associates International, Inc."
md5="2d3d70de3e4ef543e82c10abf8f14cb3" ver="7.0.139.0"
sz="184320" is="0" gfp="">c:\program files\ca\etrust
antivirus\inotask.exe</Process>
<Process ex="1" pid="652" nam="Machine Debug Manager
(mdm.exe)" pub="Microsoft Corporation"
md5="5eb02af758e270177de0d2a6832846f1" ver="7.00.9466"
sz="315392" is="0" gfp="">c:\program files\common
files\microsoft shared\vs7debug\mdm.exe</Process>
<Process ex="0" pid="960" nam="" pub="" md5="" ver="" sz=""
is="0" gfp=""></Process>
<Process ex="1" pid="1084" nam="TCP/IP Services Application
(tcpsvcs.exe)" pub="Microsoft Corporation"
md5="46d8aad86cf13a292900e4b2efa7aafa" ver="5.1.2600.0
(xpclient.010817-1148)" sz="19456" is="0"
gfp="">c:\windows\system32\tcpsvcs.exe</Process>
<Process ex="1" pid="1660" nam="SNMP-service (snmp.exe)"
pub="Microsoft Corporation"
md5="01e715733296ff80b91fda9722fb2997" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="32768" is="0"
gfp="">c:\windows\system32\snmp.exe</Process>
<Process ex="1" pid="1860" nam="Windows User Mode Driver
Manager (wdfmgr.exe)" pub="Microsoft Corporation"
md5="c81b8635dee0d3ef5f64b3dd643023a5" ver="5.2.3790.1230
built by: DNSRV(bld4act)" sz="38912" is="0"
gfp="">C:\WINDOWS\system32\wdfmgr.exe</Process>
<Process ex="1" pid="2060" nam="X10 Module (x10nets.exe)"
pub="X10" md5="5a0c788c5bc5f2c993cb60940adcf95e" ver="1, 0,
0, 1" sz="20480" is="0"
gfp="">c:\progra~1\common~1\x10\common\x10nets.exe</Process>
<Process ex="1" pid="2324" nam="Microsoft AntiSpyware Main
(giantantispywaremain.exe)" pub="Microsoft Corporation"
md5="1f652552465f84e09d548b499139fe2e" ver="1.00.0501"
sz="4561736" is="0" gfp="">c:\program files\microsoft
antispyware\giantantispywaremain.exe</Process>
<Process ex="1" pid="2556" nam="Firefox (firefox.exe)"
pub="Mozilla" md5="d2a8dbb74649b1a911de679955a5a1c5"
ver="1.0.2" sz="6627428" is="0" gfp="">c:\program
files\mozilla firefox\firefox.exe</Process>
<Process ex="1" pid="2984" nam="Application Layer Gateway
Service (alg.exe)" pub="Microsoft Corporation"
md5="15cff49392f765356ebbf05d87ffb6b2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\system32\alg.exe</Process>
<Process ex="1" pid="2640" nam="Indexing Service filter
daemon (cidaemon.exe)" pub="Microsoft Corporation"
md5="be671428f1d15c6cb28b0cb50b9d3a6a" ver="5.1.2600.0
(xpclient.010817-1148)" sz="8192" is="0"
gfp="">c:\windows\system32\cidaemon.exe</Process>
<Process ex="1" pid="3280" nam="Microsoft Suspected Spyware
Reporting Tool (msssrt.exe)" pub="Microsoft Corporation"
md5="464528294c858e175e8f82371117e8e1" ver="1.00.0501"
sz="400184" is="0" gfp="">c:\program files\microsoft
antispyware\msssrt.exe</Process>
<Process ex="1" pid="2684" nam="Microsoft Suspected Spyware
Reporting Tool (msssrt.exe)" pub="Microsoft Corporation"
md5="464528294c858e175e8f82371117e8e1" ver="1.00.0501"
sz="400184" is="0" gfp="">c:\program files\microsoft
antispyware\msssrt.exe</Process>
</Processes>
</ProcessesAudit>
</Audit>
</MSSSRT>
send, it said 'check your proxy settings, but i am in a
university network.)
So i post the problem here.
please send the report to the the people who handle this. i
am VERY concerned about this worm hacking msn messenger to
make people install spyware/virus.
filename: mssmmspgr.exe
description: a worm that hacks msn messenger (or accounts
using it, which have weak passwords) and advises all
contacts to download a file and run it. As they think it is
from there friends, most people will actually do this, as
they think msn is extremely secure.
website explaining the problem:
http://www.sarc.com/avcenter/venc/data/w32.kelvir.aj.html
this website fits my experience on all points.
website how i got infected:
http://take-a-look.unitedlegion.us/gallery.php?email=MYEMAIL
with MYEMAIL replaced by any email adrress.
as this program also intstall a keylogger and steals game
keys, it can be classified as spyware.
i advise ms to fix messenger, so it doesn't get the unsafe
imago that internet explorer already has.
i did a virus scan (using eTrust antivirus) and a spyware
scan(ms antispyware) but they didn't detect it. Both were
updated April the 29 2005 (which is today). I did find the
file manually.
i also post my raw scanning file here. i know this is a
threat to me cause all you who read this now know my
system, but i am more concerned about this spyware problem
and i hope i can trust all who read this not to abuse the
data sent. moderator: please delete this data as soon as
you have sent it to the report reading people. i blocked
the maliscious program before generating this data
<MSSSRT version="1.0.501" createdate="29/04/2005 0:03:12"
os="XP.2600" user=""><Audit><AutoRunAudit>
<StartupFiles>
<StartupFile path="C:\Documents and Settings\All Users\Menu
Start\Programma's\Opstarten\Adobe Reader Snelle
start.lnk" nam="Adobe Acrobat SpeedLauncher
(reader_sl.exe)" pub="Adobe Systems Incorporated"
md5="deb88aef013dd1eefb462d7cad642166" ver="7.0.0.0"
sz="29696" is="0" gfp="">c:\program files\adobe\acrobat
7.0\reader\reader_sl.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All Users\Menu
Start\Programma's\Opstarten\Microsoft Office.lnk"
nam="Microsoft Office 2000 component (osa9.exe)"
pub="Microsoft Corporation"
md5="d76068bcc59818b7d36e99ef8ae70a37" ver="9.0.3720"
sz="65588" is="0" gfp="">c:\program files\microsoft
office\office\osa9.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All Users\Menu
Start\Programma's\Opstarten\Poort voor Symantec Fax
Starter Edition.lnk" nam="Symantec Fax Starter Edition Port
Launcher (olfsnt40.exe)" pub="Microsoft Corporation"
md5="ebdefaf28aa7580c4f2452171aaf16b9" ver="9.0.98.0105"
sz="46077" is="0" gfp="">c:\program files\microsoft
office\office\1043\olfsnt40.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All Users\Menu
Start\Programma's\Opstarten\Service Manager.lnk"
nam="SQL Server Service Manager (sqlmangr.exe)"
pub="Microsoft Corporation"
md5="a6455adf66ee2fdd53b81aae74f40c4c"
ver="2000.080.0760.00" sz="74308" is="0" gfp="">c:\program
files\microsoft sql
server\80\tools\binn\sqlmangr.exe</StartupFile>
</StartupFiles>
<StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ATIPTA" dat="C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe" nam="ATI Desktop Control Panel
(atiptaxx.exe)" pub="ATI Technologies, Inc."
md5="00d38dcbab0bec5a5b61583054dbe129" ver="6.14.10.5085"
sz="335872" is="0" gfp="">c:\program files\ati
technologies\ati control
panel\atiptaxx.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Cmaudio" dat="RunDll32 cmicnfg.cpl,CMICtrlWnd"
nam="CmiCnfg DLL (cmicnfg.cpl)" pub="C-Media Corporation"
md5="3d92420404783a4df8da7d88d923a5d3" ver="1, 0, 41, 6"
sz="2453504" is="0"
gfp="">c:\windows\cmicnfg.cpl</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Realtime Monitor"
dat="C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s" nam="None
(realmon.exe)" pub="Computer Associates International,
Inc." md5="c85d3f6e59cafd86c2aba9592622e372"
ver="7.0.139.0" sz="385024" is="0"
gfp="">c:\progra~1\ca\etrust~1\realmon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NeroFilterCheck"
dat="C:\WINDOWS\system32\NeroCheck.exe" nam="NeroCheck
(nerocheck.exe)" pub="Ahead Software Gmbh"
md5="3e4c03cefad8de135263236b61a49c90" ver="1, 0, 0, 2"
sz="155648" is="0"
gfp="">c:\windows\system32\nerocheck.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="PCMService" dat=""C:\Program Files\Home
Cinema\PowerCinema\PCMService.exe"" nam="PCMService
MFC Application (pcmservice.exe)" pub="None"
md5="b79ee0b8339eecc228d8f362aca0f2ed" ver="1, 0, 0, 1"
sz="61440" is="0" gfp="">c:\program files\home
cinema\powercinema\pcmservice.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="CHotkey" dat="mHotkey.exe" nam="Chicony Multimedia
Driver (mhotkey.exe)" pub="Chicony"
md5="94229807ad00a72b50195f1d3dfb205f" ver="3, 0, 0, 8"
sz="508416" is="0"
gfp="">c:\windows\mhotkey.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ledpointer" dat="CNYHKey.exe" nam="Chicony Multimedia
Driver (cnyhkey.exe)" pub="Chicony"
md5="785fd48cec69d07bcd2c1b2c112f00c9" ver="2, 2, 0, 0"
sz="5794816" is="0"
gfp="">c:\windows\cnyhkey.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Dit" dat="Dit.exe" nam="Customized Icon and Label
(dit.exe)" pub="ICSI Technology Ltd."
md5="748b9439fde6e1c161e109dcf5908066" ver="V2.01.0402"
sz="86016" is="0"
gfp="">c:\windows\dit.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="GameDrive" dat="C:\Program
Files\FarStone\GameDrive\gdtask.exe /AutoRestore"
nam="VirtualDrive VDTask (gdtask.exe)" pub="FarStone
Technology Inc." md5="b24d751f961478481027c9fc87a5b6f5"
ver="7, 0, 0, 1" sz="139264" is="0" gfp="">c:\program
files\farstone\gamedrive\gdtask.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Microsoft Works Update Detection" dat="C:\Program
Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe" nam="Microsoft Works Update Detection
(wkufind.exe)" pub="Microsoft Corporation"
md5="a53cb3e22848b3ed199f99448d3942c4" ver="9.00.0609.0"
sz="50688" is="0" gfp="">c:\program files\common
files\microsoft shared\works
shared\wkufind.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="QuickTime Task" dat=""C:\Program
Files\QuickTime\qttask.exe" -atboottime"
nam="qttask.exe" pub="Apple Computer, Inc."
md5="76a3a30b58405c2c6d833895253a51a9" ver="6.5.1"
sz="98304" is="0" gfp="">c:\program
files\quicktime\qttask.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SunJavaUpdateSched" dat="C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe" nam="Java(TM) 2
Platform Standard Edition binary (jusched.exe)" pub="Sun
Microsystems, Inc." md5="1f6573d67dd5dc06dd29ec7fcf81dc6f"
ver="5.0.20.9" sz="36975" is="0" gfp="">c:\program
files\java\jre1.5.0_02\bin\jusched.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="gcasServ" dat=""C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501"
sz="469824" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="websx" dat="C:\Program Files\websx\int411540.exe
-auto" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="UserFaultCheck" dat="%systemroot%\system32\dumprep 0
-u" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ctfmon.exe" dat="C:\WINDOWS\system32\ctfmon.exe"
nam="CTF Loader (ctfmon.exe)" pub="Microsoft Corporation"
md5="7de46c9c40abb58c8fdfe0212a3bf2b4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="15360" is="0"
gfp="">c:\windows\system32\ctfmon.exe</StartupFileRegistry>
</StartupFilesRegistry>
<WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Aanmeldingstoepassing
Userinit (userinit.exe)" pub="Microsoft Corporation"
md5="de7a0ee4a6a28e6dfe3118eb22468da6" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="24576" is="0"
gfp="">c:\windows\system32\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles>
</StartupWinIniFiles>
<StartupSysIniFiles>
</StartupSysIniFiles>
</AutoRunAudit>
<InternetExplorerAudit version="6.0.2900.2180">
<BrowserHelperObjects>
<BHO ex="1" clsid="{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"
prog="AcroIEHelper.AcroIEHlprObj.1" val="AcroIEHlprObj
Class" nam="Adobe Acrobat IE Helper Version 7.0 for ActiveX
(acroiehelper.dll)" pub="Adobe Systems Incorporated"
md5="42729c3de75a7a51fc6f9ef6546c9199"
ver="7.0.0.2004121400" sz="63136" is="0" gfp="">c:\program
files\adobe\acrobat 7.0\activex\acroiehelper.dll</BHO>
</BrowserHelperObjects>
<IEToolbars>
</IEToolbars>
<IEExtensions>
</IEExtensions>
<IEExplorerBars>
<IEExplorerBar ex="1"
clsid="{4D5C8C25-D075-11d0-B416-00C04FB90376}" prog=""
val="&Tip van de dag" nam="Objecten- en
besturingselementenbibliotheek Shell Doc (shdocvw.dll)"
pub="Microsoft Corporation"
md5="ad2b9fb9c9799da2ee39172f724ab2d9" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="1483264" is="0"
gfp="">c:\windows\system32\shdocvw.dll</IEExplorerBar>
</IEExplorerBars>
<IEShellBrowsers>
<IEShellBrowser ex="0" clsid="
" prog=""
val="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEShellBrowser>
<IEShellBrowser ex="1"
clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}" prog=""
val="&Adres" nam="Shell Browser-bibliotheek voor
gebruikersinterface (browseui.dll)" pub="Microsoft
Corporation" md5="4c818b7b5d37f6c4197793f46a6a9cd4"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="1017344" is="0"
gfp="">c:\windows\system32\browseui.dll</IEShellBrowser>
</IEShellBrowsers>
<IEWebBrowsers>
<IEWebBrowser ex="1"
clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}" prog=""
val="&Adres" nam="Shell Browser-bibliotheek voor
gebruikersinterface (browseui.dll)" pub="Microsoft
Corporation" md5="4c818b7b5d37f6c4197793f46a6a9cd4"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="1017344" is="0"
gfp="">c:\windows\system32\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="
" prog=""
val="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEWebBrowser>
<IEWebBrowser ex="0"
clsid="{014DA6C9-189F-421A-88CD-07CFE51CFF10}" prog=""
val="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEWebBrowser>
<IEWebBrowser ex="0" clsid="
" prog=""
val="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEWebBrowser>
</IEWebBrowsers>
<IEMenuExts>
</IEMenuExts>
<IEURLSearchHooks>
</IEURLSearchHooks>
<IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Start
Page">http://www.reinaut.tk/</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Search
Page">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Page_URL"></IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore Local
Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore Search
Bar">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Search_URL"></IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
HomeOldSP"></IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Start
Page">http://www.reinaut.tk/</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search
Page">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.aldi.com/</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Local
Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search
Bar">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
HomeOldSP"></IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
CustomizeSearch"></IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
SearchAssistant"></IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
CustomizeSearch">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust..htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
SearchAssistant">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst..htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\SearchUrl"></IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\SearchUrl"></IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs mozilla"></IEURL>
</IEURLs>
</InternetExplorerAudit>
<SystemAudit>
<ShellExecuteHooks>
<ShellExecuteHook ex="1"
clsid="{AEB6717E-7E19-11d0-97EE-00C04FD91972}" prog=""
val="URL Exec Hook" nam="Gemeenschappelijk DLL-bestand van
Windows Shell (shell32.dll)" pub="Microsoft Corporation"
md5="c03d3f709c07547363812c7c569c1919" ver="6.00.2900.2620
(xpsp_sp2_gdr.050225-1820)" sz="8497152" is="0"
gfp="">C:\WINDOWS\system32\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="1"
clsid="{9EF34FF2-3396-4527-9D27-04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1"
nam="Microsoft AntiSpyware Shell Extension
(shellextension.dll)" pub="Microsoft Corporation"
md5="08cee315ea2a24e77d68b2b055f73a94" ver="1.00.0501"
sz="93408" is="0" gfp="">c:\program files\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
<ShellOpenCommands>
<ShellOpenCommand
val="HCR\exefile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\comfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\batfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINDOWS\System32\mshta.exe
"%1" %*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\piffile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\txtfile\shell\open\command">%SystemRoot%\system32\NOTEPAD.EXE
%1</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:6
/Open "%L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:9
/Open "%L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mailto\shell\open\command">"%ProgramFiles%\Outlook
Express\msimn.exe" /mailurl:%1</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe"
-nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\http\shell\open\command">C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
-url "%1"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\https\shell\open\command">C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
-url "%1"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\ftp\shell\open\command">C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
-url "%1"</ShellOpenCommand>
</ShellOpenCommands>
<ActiveXInstalls>
<ActiveXInstall clsid="DirectAnimation Java Classes"
prog="" nam=""
codebase="file://C:\WINDOWS\Java\classes\dajava.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall clsid="Microsoft XML Parser for Java"
prog="" nam=""
codebase="file://C:\WINDOWS\Java\classes\xmldso.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{166B1BCA-3F9C-11CF-8075-444553540000}"
prog="SWCtl.SWCtl.8.5.1" nam="Shockwave ActiveX Control"
codebase="http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{17492023-C23A-453E-A040-C7C580BBF700}"
prog="LegitCheckControl.LegitCheck.1" nam="Windows Genuine
Advantage Validation Tool"
codebase="http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409">
<Files>
<File ex="1" nam="PidGen (GWFSPidGen.DLL)" pub="Microsoft"
md5="0244da7bc93595d90e801f9caa338c2f" ver="1, 5, 0, 42"
sz="23304" is="0"
gfp="">C:\WINDOWS\system32\GWFSPidGen.DLL</File>
<File ex="1" nam="Windows Genuine Advantage Validation
(LegitCheckControl.DLL)" pub="Microsoft Corporation"
md5="40fc24cef49eaf0ebc7c51c67f89a952" ver="1.0.0058.6"
sz="346888" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\LegitCheckControl.DLL</File>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{2FC9A21E-2069-4E47-8235-36318989DB13}"
prog="PPSDKActiveXScanner.MainScreen"
nam="PPSDKActiveXScanner.MainScreen"
codebase="http://www.my-etrust.com/includes/pscanner/axscanner.cab">
<Files>
<File ex="1" nam="Windows Common Controls ActiveX Control
DLL (mscomctl.ocx)" pub="Microsoft Corporation"
md5="774a15583db1ad44c5ee32309c840c96" ver="6.01.9545"
sz="1077344" is="0"
gfp="">C:\WINDOWS\System32\mscomctl.ocx</File>
<File ex="1" nam="Visual Basic Virtual Machine
(msvbvm60.dll)" pub="Microsoft Corporation"
md5="e9d39625088f1ebc844bb56dcb14269f" ver="6.00.9690"
sz="1392671" is="0"
gfp="">C:\WINDOWS\system32\msvbvm60.dll</File>
<File ex="1" nam="An ActiveX implementation of Pest
Patrol's PPSDK scanning functionality.
(PPSDKActiveXScanner.ocx)" pub="Pest Patrol Inc."
md5="d3f092c4c6e08a63807af5770d2f4828" ver="1.05.0005"
sz="670320" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\PPSDKActiveXScanner.ocx</File>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}"
prog="OPUCatalog.OPUCatalog11.1" nam="Office Update
Installation Engine"
codebase="http://office.microsoft.com/officeupdate/content/opuc2.cab">
<Files>
<File ex="1" nam="Microsoft Office Update Detection Engine
(opuc.dll)" pub="Microsoft Corporation"
md5="20393d64f69f26361a97fd9afb3c9243" ver="11.0.6466"
sz="326656" is="0" gfp="">C:\WINDOWS\opuc.dll</File>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{56336BCB-3D8A-11D6-A00B-0050DA18DE71}"
prog="RealDownloadExpress.IE.1" nam="RdxIE Class"
codebase="http://software-dl.real.com/23b2b94751f7cd2f3306/netzip/RdxIE601.cab">
<Files>
<File ex="1" nam="RdxIE Module (RdxIE.dll)"
pub="RealNetworks, Inc."
md5="c350fd4b920362062bd39ea31007acfb" ver="6.0.0.10"
sz="520349" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\RdxIE.dll</File>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{7B297BFD-85E4-4092-B2AF-16A91B2EA103}"
prog="WebScan.WScanCtl.1" nam="WScanCtl Class"
codebase="http://www3.ca.com/securityadvisor/virusinfo/webscan.cab">
<Files>
<File ex="1" nam="None (Arclib.dll)" pub="Computer
Associates International, Inc."
md5="f40e2fbcb5201b77d906d269451a6d02" ver="7.2.0.18"
sz="220032" is="0" gfp="">C:\Program
Files\CA\SharedComponents\ScanEngine\Arclib.dll</File>
<File ex="1" nam="WebScan ActiveX (webscan.dll)"
pub="Computer Associates Intl."
md5="83272041a03a9d4381faab718ab1bef7" ver="1, 1, 0, 1045"
sz="180282" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\webscan.dll</File>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{8AD9C840-044E-11D1-B3E9-00805F499D93}" prog=""
nam="Java Plug-in 1.5.0_02"
codebase="http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{9F1C11AA-197B-4942-BA54-47A8489BB47F}" prog=""
nam=""
codebase="http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38030.3040509259">
<Files>
<File ex="1" nam="Windows Update Control Engine
(iuengine.dll)" pub="Microsoft Corporation"
md5="eabba3a4e51bef7785b23ed335c9f13f" ver="5.4.3790.2182
built by: srv03_rtm(ntvbl04)" sz="185624" is="0"
gfp="">C:\WINDOWS\System32\iuengine.dll</File>
<File ex="0" nam=" (iuctl.dll)" pub="" md5="" ver="" sz=""
is="0" gfp="">C:\WINDOWS\System32\iuctl.dll</File>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}" prog=""
nam="Java Plug-in 1.4.2_06"
codebase="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}" prog=""
nam="Java Plug-in 1.5.0_02"
codebase="http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{D27CDB6E-AE6D-11CF-96B8-444553540000}"
prog="ShockwaveFlash.ShockwaveFlash.1" nam="Shockwave Flash
Object"
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{F2A84794-EE6D-447B-8C21-3BA1DC77C5B4}"
prog="Sdkinst.SDKInstall.1" nam="SDKInstall Class"
codebase="http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab">
<Files>
<File ex="1" nam="SDK Update System Version Control
(appversions.dll)" pub="Microsoft Corporation"
md5="141487d8ba46fa62a8f925070a5a47f4" ver="5.2.3790.0"
sz="50288" is="0" gfp="">C:\WINDOWS\appversions.dll</File>
<File ex="1" nam="SDK Update ActiveX Control (sdkinst.dll)"
pub="Microsoft Corporation"
md5="8d832143c494cc1230fb99071c6c76e5" ver="5.2.3790.0"
sz="303224" is="0" gfp="">C:\WINDOWS\sdkinst.dll</File>
</Files>
</ActiveXInstall>
<ActiveXInstall
clsid="{FF982A6F-FB83-42FE-B4BD-1941C499F194}"
prog="AppVersions.Versions.1" nam="Versions Class"
codebase="http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab">
<Files>
<File ex="1" nam="SDK Update System Version Control
(appversions.dll)" pub="Microsoft Corporation"
md5="141487d8ba46fa62a8f925070a5a47f4" ver="5.2.3790.0"
sz="50288" is="0" gfp="">C:\WINDOWS\appversions.dll</File>
<File ex="1" nam="SDK Update ActiveX Control (sdkinst.dll)"
pub="Microsoft Corporation"
md5="8d832143c494cc1230fb99071c6c76e5" ver="5.2.3790.0"
sz="303224" is="0" gfp="">C:\WINDOWS\sdkinst.dll</File>
</Files>
</ActiveXInstall>
</ActiveXInstalls>
<PROTOCOLSFilters>
<PROTOCOLSFilter ex="1"
clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1"
filter="application/octet-stream"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft
..NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="05c32ac00bcfe08248fa870e7cc3590e"
ver="2.0.50215.44 (beta2.050215-4400)" sz="253952" is="0"
gfp="">C:\WINDOWS\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1"
filter="application/x-complus"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft
..NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="05c32ac00bcfe08248fa870e7cc3590e"
ver="2.0.50215.44 (beta2.050215-4400)" sz="253952" is="0"
gfp="">C:\WINDOWS\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1"
filter="application/x-msdownload"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft
..NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="05c32ac00bcfe08248fa870e7cc3590e"
ver="2.0.50215.44 (beta2.050215-4400)" sz="253952" is="0"
gfp="">C:\WINDOWS\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" prog=""
filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog=""
filter="deflate"
val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog=""
filter="gzip" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog=""
filter="lzdhtml"
val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" prog=""
filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
nam="Gemeenschappelijk DLL-bestand van Windows Shell
(shell32.dll)" pub="Microsoft Corporation"
md5="c03d3f709c07547363812c7c569c1919" ver="6.00.2900.2620
(xpsp_sp2_gdr.050225-1820)" sz="8497152" is="0"
gfp="">c:\windows\system32\shell32.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
<PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1"
clsid="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="about" val="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML-viewer (mshtml.dll)" pub="Microsoft
Corporation" md5="d9c48bc1dbbe8154703c6cb078044d08"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="3010560" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}" prog=""
filter="cdl" val="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{CD00020A-8B95-11D1-82DB-00C04FB1625D}"
prog="CDO.KnowledgePluggable.1" filter="cdo"
val="{CD00020A-8B95-11D1-82DB-00C04FB1625D}" nam="Microsoft
SharePoint Portal Server Object Model (pkmcdo.dll)"
pub="Microsoft Corporation"
md5="623d03d48a2da1bc03764d6d7fc88542" ver="10.145.7329.0"
sz="868352" is="0" gfp="">c:\program files\common
files\microsoft shared\web
folders\pkmcdo.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{12D51199-0DB5-46FE-A120-47A3D7D937CC}" prog=""
filter="dvd" val="{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
nam="ActiveX-besturingselement voor videogegevensstromen
(msvidctl.dll)" pub="Microsoft Corporation"
md5="e6d8bd7fc8a21bfcb1f237486e4a445a" ver="6.05.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="1432576" is="0"
gfp="">c:\windows\system32\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="file" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="ftp" val="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="gopher"
val="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="http" val="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="https" val="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" filter="its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" nam="Microsoft
InfoTech Storage System Library (itss.dll)" pub="Microsoft
Corporation" md5="10836fd0553cf6fe5e82c77c690a7e5c"
ver="5.2.3790.1221 (dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="javascript"
val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft
(R) HTML-viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="d9c48bc1dbbe8154703c6cb078044d08" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="3010560" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="local" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="mailto"
val="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft
(R) HTML-viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="d9c48bc1dbbe8154703c6cb078044d08" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="3010560" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{05300401-BCBC-11d0-85E3-00C04FD85AB4}" prog=""
filter="mhtml" val="{05300401-BCBC-11d0-85E3-00C04FD85AB4}"
nam="Microsoft Internet Messaging API (inetcomm.dll)"
pub="Microsoft Corporation"
md5="6dfa932d9ff7b4c78d7da49d98f3fb52" ver="6.00.2900.2527
(xpsp_sp2_gdr.040919-1056)" sz="679424" is="0"
gfp="">c:\windows\system32\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="mk" val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32-extensies voor Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="e6f1a8af742d4120ac65adb9b1356320" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="605184" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{314111c7-a502-11d2-bbca-00c04f8ec294}" prog=""
filter="ms-help"
val="{314111c7-a502-11d2-bbca-00c04f8ec294}" nam="Microsoft
Help Data Services Module (hxds.dll)" pub="Microsoft
Corporation" md5="79792682da67deeda41320f6de78682c"
ver="2.05.50215.44 (beta2.050215-4400)" sz="860672" is="0"
gfp="">c:\program files\common files\microsoft
shared\help\hxds.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" filter="ms-its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" nam="Microsoft
InfoTech Storage System Library (itss.dll)" pub="Microsoft
Corporation" md5="10836fd0553cf6fe5e82c77c690a7e5c"
ver="5.2.3790.1221 (dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{0A9007C0-4076-11D3-8789-0000F8105754}"
prog="Microsoft.ITSS.URLProtocol" filter="ms-itss"
val="{0A9007C0-4076-11D3-8789-0000F8105754}" nam="Microsoft
InfoTech Storage System Library (msitss.dll)"
pub="Microsoft Corporation"
md5="fbfef8d1ccfe1b12c0303f0c4b67eb97" ver="5.40.1171.1"
sz="221184" is="0" gfp="">c:\program files\common
files\microsoft shared\information
retrieval\msitss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="res" val="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML-viewer (mshtml.dll)" pub="Microsoft
Corporation" md5="d9c48bc1dbbe8154703c6cb078044d08"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="3010560" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{76E67A63-06E9-11D2-A840-006008059382}" prog=""
filter="sysimage"
val="{76E67A63-06E9-11D2-A840-006008059382}" nam="Microsoft
(R) HTML-viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="d9c48bc1dbbe8154703c6cb078044d08" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="3010560" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}" prog=""
filter="tv" val="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
nam="ActiveX-besturingselement voor videogegevensstromen
(msvidctl.dll)" pub="Microsoft Corporation"
md5="e6d8bd7fc8a21bfcb1f237486e4a445a" ver="6.05.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="1432576" is="0"
gfp="">c:\windows\system32\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="vbscript"
val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft
(R) HTML-viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="d9c48bc1dbbe8154703c6cb078044d08" ver="6.00.2900.2627
(xpsp_sp2_gdr.050309-1648)" sz="3010560" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}"
prog="Wia.WiaProtocol.1" filter="wia"
val="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" nam="WIA
Scripting Layer (wiascr.dll)" pub="Microsoft Corporation"
md5="25fd68fce7a2fd3ae7c65d2e25075b68" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="75776" is="0"
gfp="">c:\windows\system32\wiascr.dll</PROTOCOLSHandler>
</PROTOCOLSHandlers>
<PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" namespace="mk" namespacefilter="NameSpace
Filter for MK
MSITStore:..."val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" nam="Microsoft
InfoTech Storage System Library (itss.dll)" pub="Microsoft
Corporation" md5="10836fd0553cf6fe5e82c77c690a7e5c"
ver="5.2.3790.1221 (dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
<TCPIPParamaters>
<TCPIPParamater
val="DataBasePath">%SystemRoot%\System32\drivers\etc</TCPIPParamater>
<TCPIPParamater val="Domain"></TCPIPParamater>
<TCPIPParamater val="NameServer"></TCPIPParamater>
<TCPIPParamater val="SearchList"></TCPIPParamater>
<TCPIPParamater val="VXD MSTCP: NameServer"></TCPIPParamater>
</TCPIPParamaters>
<InternetSettings>
<InternetSetting val="ProxyEnable">0</InternetSetting>
<InternetSetting val="ProxyServer"></InternetSetting>
<InternetSetting val="ProxyOverride"></InternetSetting>
<InternetSetting val="User Agent">Mozilla/4.0 (compatible;
MSIE 6.0; Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain Count">1</InternetSetting>
</InternetSettings>
<IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles"></IESetting>
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles"></IESetting>
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles"></IESetting>
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles"></IESetting>
</IESettings>
<AppInitDLLs val="">
</AppInitDLLs>
<ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1"
clsid="{7849596a-48ea-486e-8937-a2a3009f31a9}" prog=""
val="PostBootReminder" nam="Gemeenschappelijk DLL-bestand
van Windows Shell (shell32.dll)" pub="Microsoft
Corporation" md5="c03d3f709c07547363812c7c569c1919"
ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)"
sz="8497152" is="0"
gfp="">c:\windows\system32\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{fbeb8a05-beee-4442-804e-409d6c4515e9}" prog=""
val="CDBurn" nam="Gemeenschappelijk DLL-bestand van Windows
Shell (shell32.dll)" pub="Microsoft Corporation"
md5="c03d3f709c07547363812c7c569c1919" ver="6.00.2900.2620
(xpsp_sp2_gdr.050225-1820)" sz="8497152" is="0"
gfp="">c:\windows\system32\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" prog=""
val="WebCheck" nam="Website Monitor (webcheck.dll)"
pub="Microsoft Corporation"
md5="a3d67cbdfd1d25a14c5a59b2d6003310" ver="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" sz="279552" is="0"
gfp="">c:\windows\system32\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{35CEC8A3-2BE6-11D2-8773-92E220524153}" prog=""
val="SysTray" nam="Systray-shellserviceobject
(stobject.dll)" pub="Microsoft Corporation"
md5="8255711a95c01c66bbbe3d94c4d50ed2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="122368" is="0"
gfp="">c:\windows\system32\stobject.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks>
</ScheduledTasks>
<Services>
<Service ex="1" disp="Application Layer Gateway-service"
desc="Hiermee wordt ondersteuning geboden voor
protocolinvoegtoepassingen van derden voor
Internet-verbinding delen en Windows Firewall."
nam="Application Layer Gateway Service (alg.exe)"
pub="Microsoft Corporation"
md5="15cff49392f765356ebbf05d87ffb6b2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\System32\alg.exe</Service>
<Service ex="1" disp="ASP.NET State Service" desc="Provides
support for out-of-process session states for ASP.NET. If
this service is stopped, out-of-process requests will not
be processed. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Microsoft ASP.NET State Server (aspnet_state.exe)"
pub="Microsoft Corporation"
md5="be52212fb916a31f5193a58b2d2efd90" ver="2.0.50215.44
(beta2.050215-4400)" sz="22016" is="0"
gfp="">C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\aspnet_state.exe</Service>
<Service ex="1" disp="Indexing-service" desc="Hiermee kunt
u een index maken van de inhoud en eigenschappen van
bestanden op lokale en externe computers. Een flexibele
zoektaal zorgt ervoor dat u snel toegang tot bestanden
krijgt." nam="Content Index service (cisvc.exe)"
pub="Microsoft Corporation"
md5="81700207389cbe1911a5eaee9fc812ce" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5632" is="0"
gfp="">C:\WINDOWS\System32\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Hiermee kan
Plakboeken gegevens opslaan en deze delen met externe
computers. Als de service wordt gestopt kan Plakboeken geen
gegevens met externe computers delen. Als de service wordt
uitgeschakeld, kunnen services die van deze service
afhankelijk zijn niet worden gestart." nam="Windows NT DDE
Server (clipsrv.exe)" pub="Microsoft Corporation"
md5="64d5673c075dd40e2f55387ee9b0cad7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="33280" is="0"
gfp="">C:\WINDOWS\system32\clipsrv.exe</Service>
<Service ex="1" disp=".NET Runtime Optimization Service
v2.0.50215_X86" desc="Provides support for optimizing
managed assemblies using NGEN technology." nam="Microsoft
Common Language Runtime Service Host (mscorsvw.exe)"
pub="Microsoft Corporation"
md5="5a85194e1fccee5e7146421b4e3ad52b" ver="2.0.50215.44
(beta2.050215-4400)" sz="56320" is="0"
gfp="">C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\mscorsvw.exe</Service>
<Service ex="1" disp="COM+-systeemtoepassing" desc="De
configuratie en tracering van COM+-onderdelen beheren. Als
de service wordt gestopt, functioneren de meeste
COM+-onderdelen niet goed. Als deze service wordt
uitgeschakeld, kunnen services die expliciet hiervan
afhankelijk zijn, niet worden gestart." nam="COM Surrogate
(dllhost.exe)" pub="Microsoft Corporation"
md5="dac52b0d256e0d48ed589dda9133ec79" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Logical Disk Manager
Administrative-service" desc="Hiermee worden vaste schijven
en volumes geconfigureerd. De service is alleen actief
tijdens de configuratie en wordt daarna gestopt."
nam="Proces voor de Logical Disk Manager-service
(dmadmin.exe)" pub="Microsoft Corp., Veritas Software"
md5="97bebe57053254d565da19d558eff626"
ver="2600.2180.503.0" sz="225280" is="0"
gfp="">C:\WINDOWS\System32\dmadmin.exe</Service>
<Service ex="1" disp="Event Log" desc="Hiermee kunnen
gebeurtenisberichten die worden uitgegeven door
programma's en onderdelen van Windows worden
weergegeven in Logboeken. Deze service kan niet worden
gestopt." nam="Services en controllertoepassingen
(services.exe)" pub="Microsoft Corporation"
md5="39991cd3c17b7529d039151a88e84499" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108544" is="0"
gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="Fax" desc="Hiermee kunt u faxen
verzenden en ontvangen met de faxapparaten op deze computer
of op het netwerk." nam="Fax Service (fxssvc.exe)"
pub="Microsoft Corporation"
md5="385357b341c6dd85ae94e65b83d81856" ver="5.2.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="268288" is="0"
gfp="">C:\WINDOWS\system32\fxssvc.exe</Service>
<Service ex="1" disp="COM-service voor IMAPI cd-branders"
desc="Deze service beheert het beschrijven van cd's
via de IMAPI-interface. Als deze service wordt gestopt,
kunnen er met deze computer geen cd worden gebrand. Als
deze service wordt uitgeschakeld, kunnen services die van
deze service afhankelijk zijn niet worden gestart."
nam="API voor het beschrijven van cd's (imapi.exe)"
pub="Microsoft Corporation"
md5="f85149aa4afea9200484715cf15f568d" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="150016" is="0"
gfp="">C:\WINDOWS\System32\imapi.exe</Service>
<Service ex="1" disp="eTrust Antivirus RPC Server" desc=""
nam="None (InoRpc.exe)" pub="Computer Associates
International, Inc." md5="b611cb7fe91ebb8ad31c89b14912c35b"
ver="7.0.139.0" sz="144864" is="0" gfp="">C:\Program
Files\CA\eTrust Antivirus\InoRpc.exe</Service>
<Service ex="1" disp="eTrust Antivirus Realtime Server"
desc="" nam="None (InoRT.exe)" pub="Computer Associates
International, Inc." md5="79b8597f87e7fa5ac27ad31a0d6370d3"
ver="7.0.139.0" sz="408645" is="0" gfp="">C:\Program
Files\CA\eTrust Antivirus\InoRT.exe</Service>
<Service ex="1" disp="eTrust Antivirus Job Server" desc=""
nam="None (InoTask.exe)" pub="Computer Associates
International, Inc." md5="2d3d70de3e4ef543e82c10abf8f14cb3"
ver="7.0.139.0" sz="184320" is="0" gfp="">C:\Program
Files\CA\eTrust Antivirus\InoTask.exe</Service>
<Service ex="1" disp="Machine Debug Manager" desc="Supports
local and remote debugging for Visual Studio and script
debuggers. If this service is stopped, the debuggers will
not function properly." nam="Machine Debug Manager
(mdm.exe)" pub="Microsoft Corporation"
md5="5eb02af758e270177de0d2a6832846f1" ver="7.00.9466"
sz="315392" is="0" gfp="">C:\Program Files\Common
Files\Microsoft Shared\VS7Debug\mdm.exe</Service>
<Service ex="1" disp="NetMeeting Remote Desktop Sharing"
desc="Hiermee kunnen gemachtigde personen dit
Windows-bureaublad extern benaderen via NetMeeting."
nam="NetMeeting Extern bureaublad delen (mnmsrvc.exe)"
pub="Microsoft Corporation"
md5="8ca3298ee96d6b75f28c991518dc2dd9" ver="5.1.2600.2180"
sz="32768" is="0"
gfp="">C:\WINDOWS\System32\mnmsrvc.exe</Service>
<Service ex="0" disp="MSDTC" desc="" nam=" (msdtc.exe)"
pub="" md5="" ver="" sz="" is="0"
gfp="">C:\MSSQL\BINN\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Hiermee
worden toepassingen die als een Windows Installer-pakket
(*.msi) worden aangeboden, toegevoegd, aangepast en
verwijderd. Als deze service is uitgeschakeld, kunnen
services die van deze service afhankelijk zijn, niet worden
gestart." nam="Windows installer (msiexec.exe)"
pub="Microsoft Corporation"
md5="f5f0146580e7023adb963879840777f8" ver="3.1.4000.1823"
sz="78848" is="0"
gfp="">C:\WINDOWS\system32\msiexec.exe</Service>
<Service ex="1" disp="SQL Server (SQLEXPRESS)"
desc="Microsoft SQL Server Database Engine" nam="SQL Server
Windows NT (sqlservr.exe)" pub="Microsoft Corporation"
md5="ce50e6dc9e99aa9392de80e3c29b765a"
ver="2000.090.1116.00" sz="26884824" is="0"
gfp="">c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe</Service>
<Service ex="1" disp="MSSQLServer" desc="" nam="SQL Server
Windows NT (sqlservr.exe)" pub="Microsoft Corporation"
md5="f80eec5e1d6cdf82cb974daada0c57dd"
ver="2000.080.0760.00" sz="7520337" is="0"
gfp="">C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe</Service>
<Service ex="1" disp="MSSQLServerADHelper"
desc="MSSQLServerADHelper is a helper service for
integration with Active Directories." nam="Microsoft SQL
Server Active Directory Helper Service (sqladhlp90.exe)"
pub="Microsoft Corporation"
md5="5c1c1c30d4617d0a973a447358028d35"
ver="2000.090.1116.00" sz="41688" is="0" gfp="">c:\Program
Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe</Service>
<Service ex="1" disp="Network DDE" desc="Hiermee wordt
netwerktransport en netwerkbeveiliging geboden voor
dynamische gegevensuitwisseling (DDE) voor programma's
die op dezelfde computer of verschillende computers worden
uitgevoerd. Als de service wordt gestopt, zijn
DDE-transport en -beveiliging niet beschikbaar. Als deze
service wordt uitgeschakeld, kunnen services die van deze
service afhankelijk zijn niet worden gestart."
nam="Netwerk-DDE - DDE-communicatie (netdde.exe)"
pub="Microsoft Corporation"
md5="7e61d52d2d9259c63dfb6c156719d3b4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="113664" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Hiermee
worden gedeelde netwerkshares voor dynamische
gegevensuitwisseling (DDE) beheerd. Als deze service wordt
gestopt, zijn de DDE-netwerkshares niet beschikbaar. Als de
service wordt uitgeschakeld, kunnen services die van deze
service afhankelijk zijn niet worden gestart."
nam="Netwerk-DDE - DDE-communicatie (netdde.exe)"
pub="Microsoft Corporation"
md5="7e61d52d2d9259c63dfb6c156719d3b4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="113664" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Net Logon" desc="Hiermee wordt
ondersteuning geboden voor indirecte verificatie van
accountaanmeldingsgebeurtenissen voor computers in een
domein." nam="LSA Shell (lsass.exe)" pub="Microsoft
Corporation" md5="34a82debefb057fcccbe15f619fc98a7"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312"
is="0" gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="NT LM Security Support Provider"
desc="Hiermee wordt beveiliging geboden voor
RPC-programma's (Remote procedure call) die andere
transporten gebruiken dan named pipes." nam="LSA Shell
(lsass.exe)" pub="Microsoft Corporation"
md5="34a82debefb057fcccbe15f619fc98a7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="Plug and Play" desc="Hiermee kan een
computer wijzigingen in de hardwareconfiguratie herkennen
en zich aanpassen zonder of met weinig invoer van de
gebruiker. Als de service wordt gestopt of uitgeschakeld
wordt de computer instabiel." nam="Services en
controllertoepassingen (services.exe)" pub="Microsoft
Corporation" md5="39991cd3c17b7529d039151a88e84499"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="108544"
is="0" gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="IPSEC-services" desc="Hiermee wordt
het IP-beveiligingsbeleid beheerd en de
stuurprogramma's voor ISAKMP/Oakley (IKE) en
IP-beveiliging gestart." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="34a82debefb057fcccbe15f619fc98a7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="Protected Storage" desc="Hiermee
wordt beveiligde opslag voor vertrouwelijke gegevens, zoals
persoonlijke sleutels, geboden om toegang door
niet-gemachtigde services, processen of gebruikers te
voorkomen" nam="LSA Shell (lsass.exe)" pub="Microsoft
Corporation" md5="34a82debefb057fcccbe15f619fc98a7"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312"
is="0" gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Helpsessiebeheer voor Extern
bureaublad" desc="Hiermee wordt de voorziening Hulp op
afstand aangestuurd. Als deze service is gestopt, is Hulp
op afstand niet beschikbaar. Raadpleeg alvorens deze
service te stoppen eerst het tabblad Afhankelijkheden van
het dialoogvenster met eigenschappen." nam="Microsoft
Helpsessiebeheer voor Extern bureaublad (sessmgr.exe)"
pub="Microsoft Corporation"
md5="a81b92d6ae9f0433b14a54dbf63a1ff3" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="142336" is="0"
gfp="">C:\WINDOWS\system32\sessmgr.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC) Locator"
desc="Hiermee wordt de database van de RPC Name-service
beheerd." nam="Rpc Locator (locator.exe)" pub="Microsoft
Corporation" md5="69b970645e78c1ed5fa7caf34a1a13e6"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="75264"
is="0" gfp="">C:\WINDOWS\System32\locator.exe</Service>
<Service ex="1" disp="QoS RSVP" desc="Hiermee wordt
functionaliteit voor de configuratie van netwerksignalen en
besturings van lokaal verkeer verkregen voor
programma's en besturingshulpprogramma's die
geschikt zijn voor QoS" nam="Microsoft RSVP (rsvp.exe)"
pub="Microsoft Corporation"
md5="ad1b5f1b99fff08c99f443d784711a81" ver="5.1.2600.0
(xpclient.010817-1148)" sz="132608" is="0"
gfp="">C:\WINDOWS\System32\rsvp.exe</Service>
<Service ex="0" disp="RTE : TAPI" desc="" nam="
(RTETPISv.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">c:\fotowin\RTETPISv.exe</Service>
<Service ex="1" disp="Security Accounts Manager"
desc="Hiermee worden beveiligingsgegevens voor lokale
gebruikersaccounts opgeslagen" nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="34a82debefb057fcccbe15f619fc98a7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Smart Card" desc="Hiermee wordt de
toegang tot een smartcard beheerd die in een smartcardlezer
is geplaatst die aan de computer is gekoppeld. Als de
service wordt gestopt, kunnen er geen smartcards worden
gelezen. Als de service wordt uitgeschakeld, kunnen
services die van deze service afhankelijk zijn niet worden
gestart." nam="Smartcard-bronbeheerserver (SCardSvr.exe)"
pub="Microsoft Corporation"
md5="11344a685293c0a5d228de5381cd9e5d" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="98304" is="0"
gfp="">C:\WINDOWS\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Eenvoudige TCP/IP-services"
desc="Hiermee wordt ondersteuning geboden voor de volgende
TCP/IP-services: Character Generator, Daytime Discard, Echo
en Quote of the Day." nam="TCP/IP Services Application
(tcpsvcs.exe)" pub="Microsoft Corporation"
md5="46d8aad86cf13a292900e4b2efa7aafa" ver="5.1.2600.0
(xpclient.010817-1148)" sz="19456" is="0"
gfp="">C:\WINDOWS\System32\tcpsvcs.exe</Service>
<Service ex="1" disp="SNMP-service" desc="Deze service
bevat agenten die de activiteit van netwerkapparaten
controleren en rapporteren aan het
netwerkconsolewerkstation." nam="SNMP-service (snmp.exe)"
pub="Microsoft Corporation"
md5="01e715733296ff80b91fda9722fb2997" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="32768" is="0"
gfp="">C:\WINDOWS\System32\snmp.exe</Service>
<Service ex="1" disp="SNMP Trap-service" desc="Hiermee
worden trap-berichten ontvangen die zijn gemaakt door
lokale of externe SNMP-agenten en de berichten doorgestuurd
naar SNMP-beheerprogramma's die worden uitgevoerd op
deze computer." nam="SNMP Trap Service (snmptrap.exe)"
pub="Microsoft Corporation"
md5="579a6e49f2a447a4c02427022a8766a4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="8704" is="0"
gfp="">C:\WINDOWS\System32\snmptrap.exe</Service>
<Service ex="1" disp="Print Spooler" desc="Hiermee worden
bestanden in het geheugen geladen om later te worden
afgedrukt" nam="Spooler SubSystem App (spoolsv.exe)"
pub="Microsoft Corporation"
md5="cccb8b94b17466efb9dc27f42625b0e5" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">C:\WINDOWS\system32\spoolsv.exe</Service>
<Service ex="1" disp="SQL Browser" desc="Provides SQL
Server connection information to client computers."
nam="SQL Browser Service EXE (sqlbrowser.exe)"
pub="Microsoft Corporation"
md5="ccf9dfb9b32ae33847df737cfe232722"
ver="2000.090.1116.00" sz="151768" is="0" gfp="">c:\Program
Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe</Service>
<Service ex="1" disp="SQLSERVERAGENT" desc=""
nam="Microsoft SQL Server Agent (sqlagent.exe)"
pub="Microsoft Corporation"
md5="e3f974bdedc336490a2e6f3a703f016a"
ver="2000.080.0760.00" sz="311872" is="0"
gfp="">C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe</Service>
<Service ex="1" disp="MS Software Shadow Copy Provider"
desc="Beheert schaduwkopieën op basis van software, die
door de Volume Shadow Copy-service zijn gemaakt. Als deze
service is gestopt, kunnen schaduwkopieën op basis van
software niet worden beheerd. Als de service wordt
uitgeschakeld, kunnen services die van deze service
afhankelijk zijn niet worden gestart." nam="COM Surrogate
(dllhost.exe)" pub="Microsoft Corporation"
md5="dac52b0d256e0d48ed589dda9133ec79" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Performance Logs and Alerts"
desc="Hiermee worden prestatiegegevens verzameld die zijn
gebaseerd op voorgeconfigureerde schemaparameters.
Vervolgens worden de gegevens naar een logboek geschreven
of wordt een alarm geactiveerd. Als deze service wordt
gestopt, worden er geen prestatiegegevens verzameld. Als
deze service wordt uitgeschakeld, kunnen de services die
expliciet van deze service afhankelijk zijn, niet starten."
nam="Performance Logs and Alerts-service (smlogsvc.exe)"
pub="Microsoft Corporation"
md5="c4d7d00c5ea67a557c95c44e3a226bad" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="92160" is="0"
gfp="">C:\WINDOWS\system32\smlogsvc.exe</Service>
<Service ex="1" disp="Windows User Mode Driver Framework"
desc="Enables Windows user mode drivers." nam="Windows User
Mode Driver Manager (wdfmgr.exe)" pub="Microsoft
Corporation" md5="c81b8635dee0d3ef5f64b3dd643023a5"
ver="5.2.3790.1230 built by: DNSRV(bld4act)" sz="38912"
is="0" gfp="">C:\WINDOWS\system32\wdfmgr.exe</Service>
<Service ex="1" disp="Uninterruptible Power Supply"
desc="Hiermee wordt een noodvoeding (UPS) beheerd die op de
computer is aangesloten" nam="UPS Service (ups.exe)"
pub="Microsoft Corporation"
md5="5124d4054c62991a65d616f202965740" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="18432" is="0"
gfp="">C:\WINDOWS\System32\ups.exe</Service>
<Service ex="1" disp="Volume Shadow Copy" desc="Hiermee
kunnen schaduwkopieën van volumes die door
back-uptoepassingen en voor andere doeleinden worden
gebruikt, worden beheerd en geïmplementeerd. Als deze
service wordt gestopt, zijn de schaduwkopieën niet
beschikbaar voor het maken van een back-up en de back-up
kan mogelijk mislukken. Als deze service wordt
uitgeschakeld, kunnen services die van deze service
afhankelijk zijn niet starten." nam="Microsoft Volume
Shadow Copy-service (vssvc.exe)" pub="Microsoft
Corporation" md5="faec7a09c545a16b7534ff57cc8e2a4a"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="292864"
is="0" gfp="">C:\WINDOWS\System32\vssvc.exe</Service>
<Service ex="1" disp="Windows Media Connect (WMC)"
desc="Voorziet Universal Plug and Play-apparaten van
gedeelde multimediainhoud" nam="Windows Media Connect
(mswmccds.exe)" pub="Microsoft Corporation"
md5="20263dafd033d30f151bb87568386769" ver="5.1.2600.1
built by: DNSRV(bld4act)" sz="483328" is="0"
gfp="">c:\program files\windows media
connect\mswmccds.exe</Service>
<Service ex="1" disp="Windows Media Connect (WMC) Helper"
desc="Controleert het netwerk op nieuwe rendererapparaten
voor UPnP-media." nam="Windows Media Connect (mswmcls.exe)"
pub="Microsoft Corporation"
md5="1dd015a69235dcfae18b5f98fb50be23" ver="5.1.2600.1
built by: DNSRV(bld4act)" sz="28160" is="0"
gfp="">C:\Program Files\Windows Media
Connect\mswmcls.exe</Service>
<Service ex="1" disp="WMI-prestatieadapter" desc="Biedt
informatie over het DLL-prestatiebestand van WMI High
Performance-providers." nam="WMI-prestatieadapterservice
(wmiapsrv.exe)" pub="Microsoft Corporation"
md5="2398e9f520df78a96fcd577f3a261e98" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="126464" is="0"
gfp="">C:\WINDOWS\System32\wbem\wmiapsrv.exe</Service>
<Service ex="1" disp="X10 Device Network Service" desc=""
nam="X10 Module (x10nets.exe)" pub="X10"
md5="5a0c788c5bc5f2c993cb60940adcf95e" ver="1, 0, 0, 1"
sz="20480" is="0"
gfp="">C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe</Service>
</Services>
</SystemAudit>
<ProcessesAudit>
<Processes>
<Process ex="1" pid="468" nam="Windows NT Session Manager
(smss.exe)" pub="Microsoft Corporation"
md5="610205ca596bb9707181479459290935" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="50688" is="0"
gfp="">c:\windows\system32\smss.exe</Process>
<Process ex="1" pid="520" nam="Client Server Runtime
Process (csrss.exe)" pub="Microsoft Corporation"
md5="16a07525f4f3e6c4cd3e033e50c0233b" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="6144" is="0"
gfp="">C:\WINDOWS\system32\csrss.exe</Process>
<Process ex="1" pid="544" nam="Toepassing Windows
NT-aanmelding (winlogon.exe)" pub="Microsoft Corporation"
md5="732ed791711df9c9dd15e5515bc681b8" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="504832" is="0"
gfp="">c:\windows\system32\winlogon.exe</Process>
<Process ex="1" pid="588" nam="Services en
controllertoepassingen (services.exe)" pub="Microsoft
Corporation" md5="39991cd3c17b7529d039151a88e84499"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="108544"
is="0" gfp="">c:\windows\system32\services.exe</Process>
<Process ex="1" pid="600" nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="34a82debefb057fcccbe15f619fc98a7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">c:\windows\system32\lsass.exe</Process>
<Process ex="1" pid="768" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="ab8c6d89a897bacba4657fdf00e344a6" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="816" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="ab8c6d89a897bacba4657fdf00e344a6" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="888" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="ab8c6d89a897bacba4657fdf00e344a6" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1000" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="ab8c6d89a897bacba4657fdf00e344a6" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1096" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="ab8c6d89a897bacba4657fdf00e344a6" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1300" nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="cccb8b94b17466efb9dc27f42625b0e5" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">c:\windows\system32\spoolsv.exe</Process>
<Process ex="1" pid="1352" nam="Smartcard-bronbeheerserver
(scardsvr.exe)" pub="Microsoft Corporation"
md5="11344a685293c0a5d228de5381cd9e5d" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="98304" is="0"
gfp="">C:\WINDOWS\system32\scardsvr.exe</Process>
<Process ex="1" pid="1536" nam="Windows Verkenner
(explorer.exe)" pub="Microsoft Corporation"
md5="a1d7304a87fc3093150f5e3cc7b0f338" ver="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" sz="1035776" is="0"
gfp="">c:\windows\explorer.exe</Process>
<Process ex="1" pid="1608" nam="ATI Desktop Control Panel
(atiptaxx.exe)" pub="ATI Technologies, Inc."
md5="00d38dcbab0bec5a5b61583054dbe129" ver="6.14.10.5085"
sz="335872" is="0" gfp="">c:\program files\ati
technologies\ati control panel\atiptaxx.exe</Process>
<Process ex="1" pid="1624" nam="None (realmon.exe)"
pub="Computer Associates International, Inc."
md5="c85d3f6e59cafd86c2aba9592622e372" ver="7.0.139.0"
sz="385024" is="0"
gfp="">c:\progra~1\ca\etrust~1\realmon.exe</Process>
<Process ex="1" pid="1668" nam="PCMService MFC Application
(pcmservice.exe)" pub="None"
md5="b79ee0b8339eecc228d8f362aca0f2ed" ver="1, 0, 0, 1"
sz="61440" is="0" gfp="">c:\program files\home
cinema\powercinema\pcmservice.exe</Process>
<Process ex="1" pid="1684" nam="Chicony Multimedia Driver
(mhotkey.exe)" pub="Chicony"
md5="94229807ad00a72b50195f1d3dfb205f" ver="3, 0, 0, 8"
sz="508416" is="0" gfp="">c:\windows\mhotkey.exe</Process>
<Process ex="1" pid="1696" nam="Chicony Multimedia Driver
(cnyhkey.exe)" pub="Chicony"
md5="785fd48cec69d07bcd2c1b2c112f00c9" ver="2, 2, 0, 0"
sz="5794816" is="0" gfp="">c:\windows\cnyhkey.exe</Process>
<Process ex="1" pid="1704" nam="Customized Icon and Label
(dit.exe)" pub="ICSI Technology Ltd."
md5="748b9439fde6e1c161e109dcf5908066" ver="V2.01.0402"
sz="86016" is="0" gfp="">c:\windows\dit.exe</Process>
<Process ex="1" pid="1724" nam="VirtualDrive VDTask
(gdtask.exe)" pub="FarStone Technology Inc."
md5="b24d751f961478481027c9fc87a5b6f5" ver="7, 0, 0, 1"
sz="139264" is="0" gfp="">c:\program
files\farstone\gamedrive\gdtask.exe</Process>
<Process ex="1" pid="1736" nam="Microsoft Works Update
Detection (wkufind.exe)" pub="Microsoft Corporation"
md5="a53cb3e22848b3ed199f99448d3942c4" ver="9.00.0609.0"
sz="50688" is="0" gfp="">c:\program files\common
files\microsoft shared\works shared\wkufind.exe</Process>
<Process ex="1" pid="1748" nam="qttask.exe" pub="Apple
Computer, Inc." md5="76a3a30b58405c2c6d833895253a51a9"
ver="6.5.1" sz="98304" is="0" gfp="">c:\program
files\quicktime\qttask.exe</Process>
<Process ex="1" pid="1764" nam="Java(TM) 2 Platform
Standard Edition binary (jusched.exe)" pub="Sun
Microsystems, Inc." md5="1f6573d67dd5dc06dd29ec7fcf81dc6f"
ver="5.0.20.9" sz="36975" is="0" gfp="">c:\program
files\java\jre1.5.0_02\bin\jusched.exe</Process>
<Process ex="1" pid="1772" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501"
sz="469824" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</Process>
<Process ex="1" pid="1808" nam="CTF Loader (ctfmon.exe)"
pub="Microsoft Corporation"
md5="7de46c9c40abb58c8fdfe0212a3bf2b4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="15360" is="0"
gfp="">c:\windows\system32\ctfmon.exe</Process>
<Process ex="1" pid="1880" nam="Symantec Fax Starter
Edition Port Launcher (olfsnt40.exe)" pub="Microsoft
Corporation" md5="ebdefaf28aa7580c4f2452171aaf16b9"
ver="9.0.98.0105" sz="46077" is="0" gfp="">c:\program
files\microsoft office\office\1043\olfsnt40.exe</Process>
<Process ex="1" pid="1908" nam="SQL Server Service Manager
(sqlmangr.exe)" pub="Microsoft Corporation"
md5="a6455adf66ee2fdd53b81aae74f40c4c"
ver="2000.080.0760.00" sz="74308" is="0" gfp="">c:\program
files\microsoft sql server\80\tools\binn\sqlmangr.exe</Process>
<Process ex="1" pid="1940" nam="Microsoft AntiSpyware Data
Service (gcasdtserv.exe)" pub="Microsoft Corporation"
md5="255ca546f8e187c41ebed2aabbeee07c" ver="1.00.0501"
sz="748352" is="0" gfp="">c:\program files\microsoft
antispyware\gcasdtserv.exe</Process>
<Process ex="1" pid="160" nam="Content Index service
(cisvc.exe)" pub="Microsoft Corporation"
md5="81700207389cbe1911a5eaee9fc812ce" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5632" is="0"
gfp="">c:\windows\system32\cisvc.exe</Process>
<Process ex="1" pid="284" nam="None (inorpc.exe)"
pub="Computer Associates International, Inc."
md5="b611cb7fe91ebb8ad31c89b14912c35b" ver="7.0.139.0"
sz="144864" is="0" gfp="">c:\program files\ca\etrust
antivirus\inorpc.exe</Process>
<Process ex="1" pid="308" nam="None (inort.exe)"
pub="Computer Associates International, Inc."
md5="79b8597f87e7fa5ac27ad31a0d6370d3" ver="7.0.139.0"
sz="408645" is="0" gfp="">c:\program files\ca\etrust
antivirus\inort.exe</Process>
<Process ex="1" pid="324" nam="None (inotask.exe)"
pub="Computer Associates International, Inc."
md5="2d3d70de3e4ef543e82c10abf8f14cb3" ver="7.0.139.0"
sz="184320" is="0" gfp="">c:\program files\ca\etrust
antivirus\inotask.exe</Process>
<Process ex="1" pid="652" nam="Machine Debug Manager
(mdm.exe)" pub="Microsoft Corporation"
md5="5eb02af758e270177de0d2a6832846f1" ver="7.00.9466"
sz="315392" is="0" gfp="">c:\program files\common
files\microsoft shared\vs7debug\mdm.exe</Process>
<Process ex="0" pid="960" nam="" pub="" md5="" ver="" sz=""
is="0" gfp=""></Process>
<Process ex="1" pid="1084" nam="TCP/IP Services Application
(tcpsvcs.exe)" pub="Microsoft Corporation"
md5="46d8aad86cf13a292900e4b2efa7aafa" ver="5.1.2600.0
(xpclient.010817-1148)" sz="19456" is="0"
gfp="">c:\windows\system32\tcpsvcs.exe</Process>
<Process ex="1" pid="1660" nam="SNMP-service (snmp.exe)"
pub="Microsoft Corporation"
md5="01e715733296ff80b91fda9722fb2997" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="32768" is="0"
gfp="">c:\windows\system32\snmp.exe</Process>
<Process ex="1" pid="1860" nam="Windows User Mode Driver
Manager (wdfmgr.exe)" pub="Microsoft Corporation"
md5="c81b8635dee0d3ef5f64b3dd643023a5" ver="5.2.3790.1230
built by: DNSRV(bld4act)" sz="38912" is="0"
gfp="">C:\WINDOWS\system32\wdfmgr.exe</Process>
<Process ex="1" pid="2060" nam="X10 Module (x10nets.exe)"
pub="X10" md5="5a0c788c5bc5f2c993cb60940adcf95e" ver="1, 0,
0, 1" sz="20480" is="0"
gfp="">c:\progra~1\common~1\x10\common\x10nets.exe</Process>
<Process ex="1" pid="2324" nam="Microsoft AntiSpyware Main
(giantantispywaremain.exe)" pub="Microsoft Corporation"
md5="1f652552465f84e09d548b499139fe2e" ver="1.00.0501"
sz="4561736" is="0" gfp="">c:\program files\microsoft
antispyware\giantantispywaremain.exe</Process>
<Process ex="1" pid="2556" nam="Firefox (firefox.exe)"
pub="Mozilla" md5="d2a8dbb74649b1a911de679955a5a1c5"
ver="1.0.2" sz="6627428" is="0" gfp="">c:\program
files\mozilla firefox\firefox.exe</Process>
<Process ex="1" pid="2984" nam="Application Layer Gateway
Service (alg.exe)" pub="Microsoft Corporation"
md5="15cff49392f765356ebbf05d87ffb6b2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\system32\alg.exe</Process>
<Process ex="1" pid="2640" nam="Indexing Service filter
daemon (cidaemon.exe)" pub="Microsoft Corporation"
md5="be671428f1d15c6cb28b0cb50b9d3a6a" ver="5.1.2600.0
(xpclient.010817-1148)" sz="8192" is="0"
gfp="">c:\windows\system32\cidaemon.exe</Process>
<Process ex="1" pid="3280" nam="Microsoft Suspected Spyware
Reporting Tool (msssrt.exe)" pub="Microsoft Corporation"
md5="464528294c858e175e8f82371117e8e1" ver="1.00.0501"
sz="400184" is="0" gfp="">c:\program files\microsoft
antispyware\msssrt.exe</Process>
<Process ex="1" pid="2684" nam="Microsoft Suspected Spyware
Reporting Tool (msssrt.exe)" pub="Microsoft Corporation"
md5="464528294c858e175e8f82371117e8e1" ver="1.00.0501"
sz="400184" is="0" gfp="">c:\program files\microsoft
antispyware\msssrt.exe</Process>
</Processes>
</ProcessesAudit>
</Audit>
</MSSSRT>