Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijack logje...

juisterr
7 antwoorden
  • Ik heb veel last van Internet popup van drivercleaner…

    Logfile of HijackThis v1.99.1
    Scan saved at 10:52:15, on 16-3-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\DOCUME~1\Noname\APPLIC~1\WNSXS~1\chkntfs.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\eMule\emule.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Noname\Bureaublad\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: 0 - {84568764-9BE1-458A-9294-6ACB44FDD244} - C:\Program Files\Messenger\labunuwip.dll
    O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang NL
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [win320866-5307230] C:\WINDOWS\win320866-5307230.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe
    O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{D02FC~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{D02FC~1\reboot.ini -l0x13
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.6.8\webbuying.exe
    O4 - HKCU\..\Run: [Cbir] "C:\DOCUME~1\Noname\APPLIC~1\WNSXS~1\chkntfs.exe" -vt yazb
    O4 - Startup: Snelkoppeling naar Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:3b34235e9d]
    O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll
    O4 - HKCU\..\Run: [Cbir] "C:\DOCUME~1\Noname\APPLIC~1\WNSXS~1\chkntfs.exe" -vt yazb
    [/b:3b34235e9d]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Verwijder de volgende directories:

    C:\Program Files\[b:3b34235e9d]Web Buying\[/b:3b34235e9d]
    C:\DOCUME~1\Noname\APPLIC~1\[b:3b34235e9d]WNSXS~1[/b:3b34235e9d]


    Herstart de computer!



    Download [b:3b34235e9d]ComboScan[/b:3b34235e9d][/color:3b34235e9d] naar je [b:3b34235e9d]Bureaublad[/b:3b34235e9d] (by Deckard).[list:3b34235e9d]
    [*:3b34235e9d][b:3b34235e9d]Sluit[/b:3b34235e9d] alle toepassingen en vensters.
    [*:3b34235e9d][b:3b34235e9d]Dubbelklik[/b:3b34235e9d] op [b:3b34235e9d]Comboscan.exe[/b:3b34235e9d] om het te activeren, en volg de aanwijzingen.
    [*:3b34235e9d]Wanneer de scan volledig is, zal een tekstbestand - [b:3b34235e9d]ComboScan.txt[/b:3b34235e9d] - openen.
    [*:3b34235e9d]Kopiëer [b:3b34235e9d](Ctrl+A gevolgd door Ctrl+C)[/b:3b34235e9d] en plak [b:3b34235e9d](Ctrl+V)[/b:3b34235e9d] de inhoud van [b:3b34235e9d]ComboScan.txt[/b:3b34235e9d] in je volgende antwoord.
    [/list:u:3b34235e9d][b:3b34235e9d]Opmerking:[/b:3b34235e9d][/color:3b34235e9d] Sommige firewalls [b:3b34235e9d]kunnen[/b:3b34235e9d] waarschuwen dat [b:3b34235e9d]sigcheck.exe[/b:3b34235e9d] probeert verbinding te maken met het internet
    - zorg dat [b:3b34235e9d]sigcheck.exe[/b:3b34235e9d] toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus Comboscan als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de Comboscan je Antivirus even uit te schakelen)
  • ComboScan v20070306.20 run by Noname on 2007-03-17 at 23:11:43
    Computer is in Normal Mode.
    ——————————————————————————–

    – System Restore ————————————————————–

    Successfully created ComboScan Restore Point.


    – Last 5 Restore Point(s) –
    17: 2007-03-17 22:12:03 UTC - RP27 - ComboScan Restore Point
    16: 2007-03-17 15:38:51 UTC - RP26 - Software Distribution Service 2.0
    15: 2007-03-17 15:24:01 UTC - RP25 - Herstelbewerking
    14: 2007-03-17 15:21:33 UTC - RP24 - Herstelbewerking
    13: 2007-03-16 23:04:05 UTC - RP23 - Software Distribution Service 2.0


    – First Restore Point –
    1: 2007-03-02 10:02:20 UTC - RP11 - Removed Pando.


    Performed disk cleanup.


    – HijackThis (run as Noname.exe) ———————————————-

    Logfile of HijackThis v1.99.1
    Scan saved at 23:12:23, on 17-3-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Documents and Settings\Noname\Bureaublad\comboscan.exe
    C:\DOCUME~1\Noname\BUREAU~1\HIJACK~1\Noname.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang NL
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - Startup: Snelkoppeling naar Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    – File Associations ———————————————————–

    .bat - batfile - "%1" %*
    .chm - chm.file - "C:\WINDOWS\hh.exe" %1
    .cmd - cmdfile - "%1" %*
    .com - comfile - "%1" %*
    .exe - exefile - "%1" %*
    .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
    .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
    .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
    .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
    .lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
    .pif - piffile - "%1" %*
    .reg - regfile - regedit.exe "%1"
    .scr - scrfile - "%1" /S
    .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
    .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


    – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ———————

    2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - C:\WINDOWS\system32\drivers\AegisP.sys
    3R AR5211 (Atheros Wireless Network Adapter Service) - C:\WINDOWS\system32\drivers\ar5211.sys
    3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
    3R BoiHwsetup (Access 32bits INT15 routine) - C:\WINDOWS\system32\drivers\BoiHwSetup.sys
    3R CAMCAUD (Conexant AMC 3D Environmental Audio) - C:\WINDOWS\system32\drivers\camc6aud.sys
    3R CAMCHALA - C:\WINDOWS\system32\drivers\camc6hal.sys
    2R DLABOIOM - C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    1R DLACDBHM - C:\WINDOWS\system32\drivers\DLACDBHM.SYS
    2R DLADResN - C:\WINDOWS\system32\DLA\DLADResN.SYS
    2R DLAIFS_M - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    2R DLAOPIOM - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    2R DLAPoolM - C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    1R DLARTL_N - C:\WINDOWS\system32\drivers\DLARTL_N.SYS
    2R DLAUDFAM - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    2R DLAUDF_M - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    0R DRVMCDB - C:\WINDOWS\system32\drivers\DRVMCDB.SYS
    2R DRVNDDM - C:\WINDOWS\system32\drivers\DRVNDDM.SYS
    3R HidUsb (Microsoft HID Class-stuurprogramma) - C:\WINDOWS\system32\drivers\hidusb.sys
    3R HSFHWATI - C:\WINDOWS\system32\drivers\HSFHWATI.sys
    3R HSF_DPV - C:\WINDOWS\system32\drivers\HSF_DPV.sys
    1R intelppm (Intel GV3-processorstuurprogramma) - C:\WINDOWS\system32\drivers\intelppm.sys
    3R Iviaspi (IVI ASPI Shell) - C:\WINDOWS\system32\drivers\iviaspi.sys
    0S kl1 - C:\WINDOWS\system32\Drivers\kl1.sys (not found)
    3R KLIF - C:\WINDOWS\system32\drivers\klif.sys
    2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
    3R mouhid (Stuurprogramma voor muis-HID) - C:\WINDOWS\system32\drivers\mouhid.sys
    2R Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - C:\WINDOWS\system32\drivers\Netdevio.sys
    3R Pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
    0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
    3R qkbfiltr (Quanta HotKey Keyboard Filter Driver) - C:\WINDOWS\system32\drivers\qkbfiltr.sys
    3R qmofiltr (Quanta HotKey Mouse Filter Driver) - C:\WINDOWS\system32\drivers\qmofiltr.sys
    3S RTL8023xp (Realtek 10/100/1000 NIC Family all in one NDIS XP Driver) - C:\WINDOWS\system32\drivers\Rtlnicxp.sys
    3S rtl8139 (NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter) - C:\WINDOWS\system32\drivers\RTL8139.sys
    0R srescan - C:\WINDOWS\system32\ZoneLabs\srescan.sys
    3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
    3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
    3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
    3S USBSTOR (Stuurprogramma voor USB-massaopslag) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
    1R vsdatant - C:\WINDOWS\system32\vsdatant.sys
    3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
    3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
    3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys


    – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ——————–

    2R ACS (Atheros-clienthulpprogramma) - C:\WINDOWS\system32\acs.exe
    3S aspnet_state (ASP.NET-statusservice) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
    2R CFSvcs (ConfigFree Service) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
    3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    2R vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
    2R WMDM PMSP Service - C:\WINDOWS\system32\MsPMSPSv.exe


    – Files created between 2007-02-17 and 2007-03-17 —————————–

    2007-03-17 22:59:48 0 d——– C:\Program Files\Common Files\NSV
    2007-03-17 16:48:23 0 d——– C:\WINDOWS\LastGood
    2007-03-17 16:27:24 0 d——– C:\[audioconvert 2.0] Serials<_AUDIO~1.0_S>
    2007-03-17 16:27:23 0 d——– C:\fixwareout<FIXWAR~1>
    2007-03-16 10:51:00 0 d——– C:\Rustbfix
    2007-03-16 09:27:18 0 d——– C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc<SMARTS~1>
    2007-03-16 09:27:17 0 d——– C:\Program Files\SmartSound Software<SMARTS~1>
    2007-03-16 09:12:19 0 d——– C:\Documents and Settings\All Users\Application Data\Pinnacle
    2007-03-16 09:10:24 0 d——– C:\Program Files\Pinnacle
    2007-03-14 22:43:36 0 d——– C:\Program Files\Stardock
    2007-03-14 22:36:00 0 d——– C:\Program Files\Gabest
    2007-03-12 16:22:27 0 d——– C:\WINDOWS\system32\bund1
    2007-03-12 16:22:13 0 d——– C:\Program Files\MediaCoder<MEDIAC~1>
    2007-03-11 22:53:22 0 d——– C:\Program Files\Babylon(2)<BABYLO~1>
    2007-03-11 22:53:22 0 d——– C:\Documents and Settings\All Users\Application Data\Babylon
    2007-03-11 22:52:41 0 d——– C:\Documents and Settings\Noname\Application Data\Babylon
    2007-03-11 22:38:52 0 d——– C:\Program Files\RAR Password Cracker<RARPAS~1>
    2007-03-11 22:36:56 0 d——– C:\Program Files\VoipBuster.com<VOIPBU~1.COM>
    2007-03-11 19:52:00 4349952 –a—— C:\Documents and Settings\Noname
    tuser.dat
    2007-03-10 23:40:09 86016 –a—— C:\WINDOWS\unvise32qt.exe<UNVISE~1.EXE>
    2007-03-10 23:37:54 0 d——– C:\Documents and Settings\All Users\Application Data\QuickTime<QUICKT~1>
    2007-03-10 23:35:37 0 d——– C:\Program Files\QuickTime<QUICKT~1>
    2007-03-10 23:24:49 3062 –a—— C:\WINDOWS\system32\tmp.reg
    2007-03-10 23:23:32 79360 –a—— C:\WINDOWS\system32\swxcacls.exe
    2007-03-10 23:23:32 40960 –a—— C:\WINDOWS\system32\swsc.exe
    2007-03-10 23:23:32 135168 –a—— C:\WINDOWS\system32\swreg.exe
    2007-03-10 23:23:32 288417 –a—— C:\WINDOWS\system32\SrchSTS.exe
    2007-03-10 23:23:32 53248 –a—— C:\WINDOWS\system32\Process.exe
    2007-03-10 23:23:32 51200 –a—— C:\WINDOWS\system32\dumphive.exe
    2007-03-07 14:15:54 0 d——– C:\WINDOWS\.jagex_cache_32<JAGEX_~1>
    2007-03-06 22:06:31 0 d——– C:\WINDOWS\Flash Menu Factory<FLASHM~1>
    2007-03-06 22:06:31 0 d——– C:\Program Files\Flash Menu Factory<FLASHM~1>
    2007-03-06 19:18:57 0 d——– C:\Program Files\GIF Movie Gear<GIFMOV~1>
    2007-03-05 22:56:47 102400 –a—— C:\WINDOWS\system32\tsccvid.dll
    2007-03-05 22:56:44 0 d——– C:\WINDOWS\system32\QuickTime<QUICKT~1>
    2007-03-05 22:56:12 0 d——– C:\Documents and Settings\All Users\Application Data\TechSmith<TECHSM~1>
    2007-03-05 22:55:02 0 d——– C:\Program Files\TechSmith<TECHSM~1>
    2007-03-04 15:23:11 0 d——– C:\Program Files\Windows Media Connect 2<WINDOW~4>
    2007-03-04 15:11:35 0 d——– C:\WINDOWS\system32\LogFiles
    2007-03-04 15:11:35 0 d——– C:\WINDOWS\system32\drivers\UMDF
    2007-03-02 20:03:15 0 d——– C:\Documents and Settings\Noname\Application Data\AdobeUM
    2007-03-02 10:53:02 0 d——– C:\Program Files\Video Convert Master<VIDEOC~1>
    2007-03-01 17:14:09 817664 —h—– C:\WINDOWS\system32\wodfamoh.dll
    2007-03-01 17:13:51 0 d——– C:\Program Files\Abrosoft
    2007-02-28 22:42:23 0 d—s—- C:\Documents and Settings\Noname\UserData
    2007-02-28 21:51:51 0 d——– C:\Documents and Settings\All Users\Application Data\TEMP
    2007-02-28 21:51:02 0 d——– C:\Program Files\Flash Favorite<FLASHF~1>
    2007-02-28 10:46:52 20480 –a—— C:\WINDOWS\system32\VBUTILLight.dll<VBUTIL~1.DLL>
    2007-02-28 10:46:52 28672 –a—— C:\WINDOWS\system32\SmartMenuXP.dll<SMARTM~1.DLL>
    2007-02-28 10:46:51 172032 –a—— C:\WINDOWS\system32\MP2enc.dll
    2007-02-28 10:46:51 0 d——– C:\WINDOWS\system32\ac
    2007-02-28 10:46:50 0 d——– C:\Program Files\AudioConvert<AUDIOC~1>
    2007-02-28 10:40:29 0 d——– C:\Program Files\WinAVI VideoConverter<WINAVI~1>
    2007-02-27 22:28:28 0 d——– C:\Program Files\MOVAVI
    2007-02-27 22:28:18 0 d——– C:\Program Files\ConvertMovie 4.0<CONVER~1.0>
    2007-02-27 21:02:58 0 d——– C:\Program Files\Common Files\Nullsoft
    2007-02-27 20:01:49 0 d——– C:\Program Files\AliveMedia<ALIVEM~1>
    2007-02-27 19:43:38 0 d——– C:\Program Files\Web Page Maker V2<WEBPAG~1>
    2007-02-27 19:35:47 0 d——– C:\Documents and Settings\Noname\Application Data\vlc
    2007-02-27 19:20:27 0 d——– C:\Program Files\VideoLAN
    2007-02-27 18:32:50 0 d——– C:\Program Files\UltraMenu<ULTRAM~1>
    2007-02-27 16:09:14 0 d——– C:\Program Files\MSN Messenger<MSNMES~1>
    2007-02-27 15:32:55 1994752 —–n— C:\WINDOWS\UNNMP.exe
    2007-02-27 15:27:54 2019328 —–n— C:\WINDOWS\UNNeroVision.exe<UNNERO~1.EXE>
    2007-02-27 15:27:54 24064 —–n— C:\WINDOWS\system32\msxml3a.dll
    2007-02-27 15:27:25 0 d——– C:\Documents and Settings\All Users\Application Data\Ahead
    2007-02-27 15:09:06 0 d——– C:\Documents and Settings\Noname\Application Data\Ahead
    2007-02-27 15:02:31 364544 –a—— C:\WINDOWS\system32\TwnLib4.dll
    2007-02-27 15:02:31 471040 –a—— C:\WINDOWS\system32\imagXRA7.dll
    2007-02-27 15:02:31 262144 –a—— C:\WINDOWS\system32\imagXR7.dll
    2007-02-27 15:02:31 476320 –a—— C:\WINDOWS\system32\imagXpr7.dll
    2007-02-27 15:02:31 32768 –a—— C:\WINDOWS\system32\BCGPOleAcc.dll<BCGPOL~1.DLL>
    2007-02-27 15:02:31 2605056 –a—— C:\WINDOWS\system32\BCGCBPRO800u.dll<BCGCBP~2.DLL>
    2007-02-27 15:02:31 2600960 –a—— C:\WINDOWS\system32\BCGCBPRO800.dll<BCGCBP~1.DLL>
    2007-02-27 15:02:30 1568768 –a—— C:\WINDOWS\system32\imagX7.dll
    2007-02-27 15:02:28 0 d——– C:\Program Files\Nero
    2007-02-27 14:42:13 106496 –a—— C:\WINDOWS\system32\TwnLib20.dll
    2007-02-27 14:38:55 38912 —–n— C:\WINDOWS\system32\picn20.dll
    2007-02-27 14:38:51 544768 —–n— C:\WINDOWS\system32\imagx5.dll
    2007-02-27 14:38:51 569344 —–n— C:\WINDOWS\system32\imagr5.dll
    2007-02-27 14:38:50 283920 —–n— C:\WINDOWS\system32\ImagXpr5.dll
    2007-02-27 14:38:45 155648 –a—— C:\WINDOWS\system32\NeroCheck.exe<NEROCH~1.EXE>
    2007-02-27 14:38:45 0 d——– C:\Program Files\Common Files\Ahead
    2007-02-27 14:38:37 0 d——– C:\Program Files\Ahead
    2007-02-27 14:09:53 0 d——– C:\WINDOWS\Downloaded Installations<DOWNLO~2>
    2007-02-27 14:06:48 101888 –a—— C:\WINDOWS\system32\VB6STKIT.DLL
    2007-02-27 14:06:48 119568 –a—— C:\WINDOWS\system32\VB6FR.DLL
    2007-02-27 14:06:48 21504 –a—— C:\WINDOWS\system32\TABCTFR.DLL
    2007-02-27 14:06:48 15360 –a—— C:\WINDOWS\system32\inetfr.DLL
    2007-02-27 14:06:45 141312 –a—— C:\WINDOWS\system32\MSCMCFR.DLL
    2007-02-27 14:06:45 59904 –a—— C:\WINDOWS\system32\Mscc2fr.dll
    2007-02-27 14:06:44 32768 –a—— C:\WINDOWS\system32\CMDLGFR.DLL
    2007-02-27 13:57:10 4103032 –a—— C:\WINDOWS\system32\SpoonUninstall.exe<SPOONU~1.EXE>
    2007-02-27 13:56:54 0 d——– C:\Program Files\Illustrate<ILLUST~1>
    2007-02-27 11:52:32 0 d——– C:\Program Files\PhotoFiltre<PHOTOF~1>
    2007-02-27 09:58:22 0 d——– C:\Program Files\Common Files\xing shared<XINGSH~1>
    2007-02-27 09:57:42 0 d——– C:\Program Files\Common Files\Real
    2007-02-27 09:57:37 0 d——– C:\Program Files\Real
    2007-02-27 09:56:15 0 d——– C:\Documents and Settings\Noname\Application Data\Real
    2007-02-27 09:52:04 0 d——– C:\My Downloads<MYDOWN~1>
    2007-02-27 09:40:29 0 d——– C:\Program Files\Admiresoft<ADMIRE~1>
    2007-02-27 09:20:20 512 –a—— C:\ScanSectorLog.dat<SCANSE~1.DAT>
    2007-02-27 09:11:10 0 d——– C:\Program Files\DC++<DC__~1>
    2007-02-27 09:10:47 0 d——– C:\Program Files\eMule
    2007-02-27 09:08:16 0 d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
    2007-02-27 09:02:47 0 d——– C:\Documents and Settings\Noname\Application Data\MailFrontier<MAILFR~1>
    2007-02-27 09:00:28 666912 –ahs—- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-02-27 09:00:28 15149600 –ahs—- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-02-27 08:54:12 0 d——– C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
    2007-02-27 08:46:55 0 d——– C:\WINDOWS\pss
    2007-02-27 08:36:23 4212 —h—– C:\WINDOWS\system32\zllictbl.dat
    2007-02-27 08:35:50 75512 –a—— C:\WINDOWS\zllsputility.exe<ZLLSPU~1.EXE>
    2007-02-27 08:35:50 11264 –a—— C:\WINDOWS\system32\SpOrder.dll
    2007-02-27 08:34:59 1087216 –a—— C:\WINDOWS\system32\zpeng24.dll
    2007-02-27 08:34:58 0 d——– C:\WINDOWS\system32\ZoneLabs
    2007-02-27 08:33:30 0 d——– C:\WINDOWS\Internet Logs<INTERN~1>
    2007-02-27 08:32:58 0 d–h—– C:\WINDOWS\PIF
    2007-02-26 23:01:19 0 d——– C:\WINDOWS\system32\PreInstall<PREINS~1>
    2007-02-26 22:57:13 0 d——– C:\Documents and Settings\Noname\Application Data\Azureus
    2007-02-26 22:56:42 0 d——– C:\Program Files\Azureus
    2007-02-26 22:54:20 0 d——– C:\WINDOWS\Sun
    2007-02-26 22:54:19 0 d——– C:\Documents and Settings\Noname\Application Data\Sun
    2007-02-26 22:52:21 29968 –a—— C:\WINDOWS\system32\mdimon.dll
    2007-02-26 22:47:09 0 d——– C:\Documents and Settings\All Users\Application Data\Microsoft Help<MICROS~2>
    2007-02-26 22:30:31 0 d——– C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
    2007-02-26 22:26:49 221184 –a—— C:\WINDOWS\system32\wmpns.dll
    2007-02-26 22:26:39 28672 –a—— C:\WINDOWS\system32\DelRunOnceReg.exe<DELRUN~1.EXE>
    2007-02-26 22:26:39 266240 –a—— C:\WINDOWS\system32\ControlWZCS.exe<CONTRO~1.EXE>
    2007-02-26 22:26:36 57344 –a—— C:\WINDOWS\system32\wgapiloc.dll
    2007-02-26 22:26:36 237568 –a—— C:\WINDOWS\system32\wgapi.dll
    2007-02-26 22:26:36 233472 –a—— C:\WINDOWS\system32\wcapi.dll
    2007-02-26 22:26:36 77824 –a—— C:\WINDOWS\system32\athcfg11ResLoc.dll<ATHCFG~2.DLL>
    2007-02-26 22:26:36 77824 –a—— C:\WINDOWS\system32\athcfg11res.dll<ATHCFG~1.DLL>
    2007-02-26 22:26:36 352256 –a—— C:\WINDOWS\system32\athcfg11.dll
    2007-02-26 22:26:36 36864 –a—— C:\WINDOWS\system32\acs.exe
    2007-02-26 22:26:31 17801 –a—— C:\WINDOWS\system32\drivers\AegisP.sys
    2007-02-26 22:26:31 192512 –a—— C:\WINDOWS\system32\AegisI5.exe
    2007-02-26 22:26:31 1396835 –a—— C:\WINDOWS\system32\AegisE5.dll
    2007-02-26 22:25:57 32768 –a—— C:\WINDOWS\system32\RmWLAN.exe
    2007-02-26 22:25:57 270336 –a—— C:\WINDOWS\system32\PlugPlayPCIDevice.exe<PLUGPL~1.EXE>
    2007-02-26 22:25:57 163840 –a—— C:\WINDOWS\system32\MFCFirstRemove.exe<MFCFIR~1.EXE>
    2007-02-26 22:25:57 28672 –a—— C:\WINDOWS\system32\InstallInf.exe<INSTAL~1.EXE>
    2007-02-26 22:25:57 32768 –a—— C:\WINDOWS\system32\CloseACU.exe
    2007-02-26 22:25:57 0 d——– C:\Program Files\Atheros
    2007-02-26 22:25:40 0 dr——- C:\Documents and Settings\Noname\Favorieten<FAVORI~1>
    2007-02-26 22:25:40 0 d——– C:\Documents and Settings\Noname\Bureaublad<BUREAU~1>
    2007-02-26 22:25:40 0 d——– C:\Documents and Settings\Noname\Application Data\toshiba
    2007-02-26 22:25:40 0 d——– C:\Documents and Settings\Noname\Application Data\Sonic
    2007-02-26 22:25:40 0 d——– C:\Documents and Settings\Noname\Application Data\Help
    2007-02-26 22:25:40 0 d——– C:\Documents and Settings\Noname\Application Data\Adobe
    2007-02-26 22:25:39 0 d——– C:\Documents and Settings\Noname\WINDOWS
    2007-02-26 22:25:39 0 d–h—– C:\Documents and Settings\Noname\Sjablonen<SJABLO~1>
    2007-02-26 22:25:39 0 dr-h—– C:\Documents and Settings\Noname\Onlangs geopend<ONLANG~1>
    2007-02-26 22:25:39 0 d–h—– C:\Documents and Settings\Noname\Netwerkprinteromgeving<NETWER~1>
    2007-02-26 22:25:39 0 dr——- C:\Documents and Settings\Noname\Mijn documenten<MIJNDO~1>
    2007-02-26 22:25:39 0 dr——- C:\Documents and Settings\Noname\Menu Start<MENUST~1>
    2007-02-26 22:24:34 262144 –a—— C:\Documents and Settings\All Users\NTUSER.DAT
    2007-02-26 22:24:27 0 d——– C:\Documents and Settings\Default User\WINDOWS
    2007-02-26 22:24:27 0 d——– C:\Documents and Settings\Default User\Application Data\toshiba
    2007-02-26 22:24:27 0 d——– C:\Documents and Settings\Default User\Application Data\Sonic
    2007-02-26 22:24:27 0 d——– C:\Documents and Settings\Default User\Application Data\Help
    2007-02-26 22:24:27 0 d——– C:\Documents and Settings\Default User\Application Data\Adobe
    2007-02-26 22:21:02 12288 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
    2007-02-26 22:20:59 9600 –a—— C:\WINDOWS\system32\drivers\hidusb.sys


    – Find3M Report —————————————————————

    2007-03-17 16:17:55 0 d——– C:\Program Files\Messenger<MESSEN~1>
    2007-03-16 09:40:08 0 d–h—– C:\Program Files\InstallShield Installation Information<INSTAL~1>
    2007-03-13 19:54:23 0 d——– C:\Documents and Settings\Noname\Application Data\Macromedia<MACROM~1>
    2007-02-27 17:31:44 0 d—s—- C:\Documents and Settings\Noname\Application Data\Microsoft<MICROS~1>
    2007-02-27 09:02:18 442556 –a—— C:\WINDOWS\system32\perfh013.dat
    2007-02-27 09:02:18 69812 –a—— C:\WINDOWS\system32\perfc013.dat
    2007-02-27 08:59:28 0 d——– C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
    2007-02-27 05:56:27 0 d——– C:\Program Files\Windows NT<WINDOW~2>
    2007-02-27 05:56:24 0 d——– C:\Program Files\Toshiba
    2007-02-27 05:55:47 0 d——– C:\Program Files\Synaptics<SYNAPT~1>
    2007-02-27 05:55:30 0 d——– C:\Program Files\Sonic
    2007-02-27 05:55:27 0 d——– C:\Program Files\Online Services<ONLINE~1>
    2007-02-27 05:54:45 0 d——– C:\Program Files\MSN Gaming Zone<MSNGAM~1>
    2007-02-27 05:54:45 0 d——– C:\Program Files\Movie Maker<MOVIEM~1>
    2007-02-27 05:54:41 0 d——– C:\Program Files\Microsoft.NET<MICROS~1.NET>
    2007-02-27 05:54:25 0 d——– C:\Program Files\microsoft frontpage<MICROS~1>
    2007-02-27 05:53:56 0 d——– C:\Program Files\Java
    2007-02-27 05:53:47 0 d——– C:\Program Files\InterVideo<INTERV~1>
    2007-02-27 05:52:31 0 d——– C:\Program Files\CONEXANT
    2007-02-27 05:51:35 0 d——– C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
    2007-02-27 05:51:35 0 d——– C:\Program Files\Common Files\ODBC
    2007-02-27 05:51:35 0 d——– C:\Program Files\Common Files\MSSoap
    2007-02-27 05:50:50 0 d——– C:\Program Files\Common Files\Java
    2007-02-27 05:50:47 0 d——– C:\Program Files\Common Files\InstallShield<INSTAL~1>
    2007-02-27 05:50:45 0 d——– C:\Program Files\Common Files\Adobe
    2007-02-27 05:50:45 0 d——– C:\Program Files\ATI Technologies<ATITEC~1>
    2007-02-27 05:40:43 0 d——– C:\Documents and Settings\Noname\Application Data\Identities<IDENTI~1>
    2007-01-29 09:58:06 60416 —–n— C:\WINDOWS\system32\tzchange.exe
    2006-12-19 22:51:37 135168 –a—— C:\WINDOWS\system32\shsvcs.dll
    2006-12-19 19:18:35 334336 –a—— C:\WINDOWS\system32\wiaservc.dll


    – Registry Dump —————————————————————


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "Toshiba Hotkey Utility"="\"C:\\Program Files\\Toshiba\\Windows Utilities\\Hotkey.exe\" /lang NL"
    "TPSMain"="TPSMain.exe"
    "NDSTray.exe"="NDSTray.exe"
    "SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA-zoomutility\\SmoothView.exe"
    "PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
    "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
    "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MsnMsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


    – End of ComboScan: finished at 2007-03-17 at 23:13:06 ————————

    ComboScan v20070306.20 run by Noname on 2007-03-17 at 23:11:43
    Supplementary logfile - please post this as an attachment with your post.
    ——————————————————————————–

    – System Information ———————————————————-

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: Dutch

    CPU 0: Intel(R) Celeron(R) M processor 1.60GHz
    Percentage of Memory in Use: 82%
    Physical Memory (total/avail): 446.23 MiB / 75.88 MiB
    Pagefile Memory (total/avail): 1056.84 MiB / 655.81 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1998.11 MiB

    C: is Fixed (NTFS) - 55.89 GiB total, 23.99 GiB free.
    D: is CDROM (No Media)


    – Security Center ————————————————————-

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is disabled.

    FirstRunDisabled is set.
    AntivirusOverride is set.

    FW: Norton Internet Worm Protection v2006 (Symantec) Disabled[/color:06f609e389]
    FW: ZoneAlarm Security Suite Firewall v7.0.302.000 (Check Point, LTD.)
    AV: ZoneAlarm Security Suite Antivirus v7.0.302.000 (Check Point, LTD.) Outdated[/color:06f609e389]


    – Environment Variables ——————————————————-

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Noname\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=YOUR-DABD102556
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Noname
    LOGONSERVER=\\YOUR-DABD102556
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0d08
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Noname\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Noname\LOCALS~1\Temp
    tvdumpflags=8
    USERDOMAIN=YOUR-DABD102556
    USERNAME=Noname
    USERPROFILE=C:\Documents and Settings\Noname
    windir=C:\WINDOWS


    – User Profiles —————————————————————

    Noname [i:06f609e389](admin)[/i:06f609e389]


    – Add/Remove Programs ———————————————————

    –> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    –> C:\WINDOWS\IsUn0413.exe -fC:\WINDOWS\orun32.isu
    –> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    –> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
    –> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Abrosoft FantaMorph 3.7 –> "C:\Program Files\Abrosoft\FantaMorph3\unins000.exe"
    AC97 Data Fax SoftModem with SmartCP –> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_FF311179\HXFSETUP.EXE -U -ItosEW6mk.INF
    Adobe Flash Player 9 ActiveX –> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Reader 7.0.5 - Nederlands –> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A70500000002}
    Alive MP3 WAV Converter version 3.0.2.8 –> "C:\Program Files\AliveMedia\MP3 WAV Converter\unins000.exe"
    Atheros Client Utility –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\setup.exe" -l0x13
    Atheros Wireless LAN MiniPCI card Driver –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x13
    ATI-configuratiescherm –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    ATI - Software-verwijderprogramma –> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Display Driver –> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    AudioConvert –> C:\PROGRA~1\AUDIOC~1\UNWISE.EXE C:\PROGRA~1\AUDIOC~1\INSTALL.LOG
    Azureus –> C:\Program Files\Azureus\Uninstall.exe
    Beveiligingsupdate for Windows XP (KB923689) –> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB890046) –> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB893066) –> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB893756) –> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB896358) –> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB896422) –> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB896423) –> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB896424) –> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB896428) –> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB896688) –> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB899587) –> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB899589) –> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB899591) –> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB900725) –> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB901017) –> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB901214) –> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB902400) –> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB904706) –> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB905414) –> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB905749) –> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB908519) –> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB911562) –> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB911927) –> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB912919) –> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB913580) –> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB914388) –> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB914389) –> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB917344) –> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB917422) –> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB917953) –> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB918118) –> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB918439) –> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB919007) –> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB920213) –> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB920670) –> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB920683) –> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB920685) –> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB922819) –> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB923191) –> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB923414) –> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB923694) –> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB923980) –> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB924191) –> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB924270) –> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB924496) –> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB924667) –> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB926255) –> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB926436) –> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB927779) –> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB927802) –> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB928090) –> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB928255) –> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB928843) –> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB929969) –> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
    Camtasia Studio 4 –> MsiExec.exe /I{950A8D14-C48E-4508-B377-1EA45A18FA3D}
    Conexant AC-Link Audio –> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ItosEW6a.INF
    ConvertMovie 4.0 –> C:\Program Files\ConvertMovie 4.0\uninst.exe
    DC++ 0.699 –> "C:\Program Files\DC++\uninstall.exe"
    eMule –> "C:\Program Files\eMule\Uninstall.exe"
    Flash Menu Factory –> "C:\WINDOWS\Flash Menu Factory\uninstall.exe" "/U:C:\Program Files\Flash Menu Factory\Uninstall\uninstall.xml"
    Geluiddemper v. cd/dvd-station –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x13
    GIF Movie Gear 4.1.1 –> "C:\Program Files\GIF Movie Gear\unins000.exe"
    HijackThis 1.99.1 –> C:\Documents and Settings\Noname\Bureaublad\hijackthis\HijackThis.exe /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399) –> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix voor Windows XP (KB893357) –> "C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
    Hotfix voor Windows XP (KB894871) –> "C:\WINDOWS\$NtUninstallKB894871$\spuninst\spuninst.exe"
    Hotfix voor Windows XP (KB910728) –> "C:\WINDOWS\$NtUninstallKB910728$\spuninst\spuninst.exe"
    InterVideo WinDVD Creator 2 –> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
    InterVideo WinDVD for TOSHIBA –> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
    J2SE Runtime Environment 5.0 Update 6 –> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    KB898458: Beveiligingsupdate voor Step by Step Interactive Training –> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    KB923723: Beveiligingsupdate voor Step by Step Interactive Training –> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Macromedia Flash Player –> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
    MailFrontier Desktop –> C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\UNWISE.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\INSTMLF.LOG
    Microsoft Compression Client Pack 1.0 for Windows XP –> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office OneNote 2003 –> MsiExec.exe /I{91A10413-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 –> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    MSN Messenger 7.5 –> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
    Nero Media Player –> C:\WINDOWS\UNNMP.exe /UNINSTALL
    Nero OEM –> C:\Program Files\Ahead
    ero\uninstall\UNNERO.exe /UNINSTALL
    NeroVision Express 2 –> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    PhotoFiltre –> "C:\Program Files\PhotoFiltre\Uninst.exe"
    QuickTime –> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
    RealPlayer –> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    REALTEK Gigabit and Fast Ethernet NIC Driver –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x13 REMOVE
    Sonic DLA –> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Sonic RecordNow! –> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
    Spybot - Search & Destroy 1.4 –> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Super Mp3 Recorder Professional v6.0 –> "C:\Program Files\Admiresoft\Super Mp3 Recorder Professional\unins000.exe"
    Synaptics Pointing Device Driver –> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    TOSHIBA-handleidingen –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EB6332B-AF02-457C-A31C-835458C5B48B}\setup.exe" -l0x13 -removeonly
    TOSHIBA-zoomutility –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\setup.exe"
    TOSHIBA Assist –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x13
    TOSHIBA ConfigFree –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x13 UNINSTALL
    Toshiba Hotkey Utility –> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B1F9CB1-349A-43F5-A742-6215C2E2DB6F} /l1043
    TOSHIBA PC Diagnoseprogramma –> C:\WINDOWS\IsUn0413.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
    TOSHIBA Power Saver –> C:\WINDOWS\IsUn0413.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
    Toshiba Touchpad Utility –> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA} /l1043
    Toshiba Utility –> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{099D12EC-0321-4CAC-A0CC-33D020156FCD} /l1043
    Touch and Launch –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\setup.exe"
    UltraMenu –> C:\PROGRA~1\ULTRAM~1\UNWISE.EXE C:\PROGRA~1\ULTRAM~1\INSTALL.LOG
    Update voor Windows XP (KB894391) –> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
    Update voor Windows XP (KB898461) –> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Update voor Windows XP (KB900485) –> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
    Update voor Windows XP (KB908531) –> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Update voor Windows XP (KB910437) –> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Update voor Windows XP (KB911280) –> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Update voor Windows XP (KB916595) –> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
    Update voor Windows XP (KB920872) –> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
    Update voor Windows XP (KB922582) –> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
    Update voor Windows XP (KB931836) –> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
    VideoLAN VLC media player 0.8.6a –> C:\Program Files\VideoLAN\VLC\uninstall.exe
    Web Page Maker V2.3 –> "C:\Program Files\Web Page Maker V2\unins000.exe"
    WinAVI VideoConverter –> "C:\Program Files\WinAVI VideoConverter\unins000.exe"
    Windows Media Format 11 runtime –> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    WinRAR –> C:\Program Files\WinRAR\uninstall.exe
    ZoneAlarm Security Suite –> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


    – End of ComboScan: finished at 2007-03-17 at 23:13:06 ————————
  • Heb jij zelf je virusscanner uitgezet???

    Download: [b:f2cb864442]RemoveVideoActiveXObject.exe[/b:f2cb864442][/color:f2cb864442]
    Sla het bestand op je bureaublad op, daarna dubbelklikken.
    Mogelijk start de uninstaller van een rogue scanner op, sluit deze niet af maar laat deze zijn werk doen.

    Daarna de [b:f2cb864442]PC herstarten[/b:f2cb864442] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
    Post daarna het logje C:\[b:f2cb864442]RVAXO-results.log[/b:f2cb864442] in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Bestand downloaden en op je bureaublad opslaan, daarna dubbelklikken.
    Als er een uninstaller actief wordt, deze zijn werk laten doen.
    PC herstarten en daarna nogmaals [b:f2cb864442]RemoveVideoActiveXObject.exe[/b:f2cb864442] dubbelklikken.
    Daarna een logje van HijackThis plaatsen
  • —————-RemoveVideoActiveXObject.exe first run————-

    Files found:


    Uninstallers Rogue scanners:


    Folders Found:


    ————–RemoveVideoActiveXObject.exe last run—————

    Files found:

    C:\WINDOWS\system32\amcompat.tlb
    C:\WINDOWS\system32
    scompat.tlb

    Uninstallers Rogue scanners:


    Folders Found:
  • Gaat goed, nogmaals runnen en daarna een HJT logje maken en hier plaatsen aub.
  • Logfile of HijackThis v1.99.1
    Scan saved at 17:53:36, on 18-3-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\Program Files\eMule\emule.exe
    C:\Documents and Settings\Noname\Bureaublad\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang NL
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - Startup: Snelkoppeling naar Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.