Ik heb veel last van Internet popup van drivercleaner…

Logfile of HijackThis v1.99.1
Scan saved at 10:52:15, on 16-3-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\DOCUME~1\Noname\APPLIC~1\WNSXS~1\chkntfs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Noname\Bureaublad\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: 0 - {84568764-9BE1-458A-9294-6ACB44FDD244} - C:\Program Files\Messenger\labunuwip.dll
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang NL
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [win320866-5307230] C:\WINDOWS\win320866-5307230.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{D02FC~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{D02FC~1\reboot.ini -l0x13
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.6.8\webbuying.exe
O4 - HKCU\..\Run: [Cbir] "C:\DOCUME~1\Noname\APPLIC~1\WNSXS~1\chkntfs.exe" -vt yazb
O4 - Startup: Snelkoppeling naar Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:3b34235e9d]
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll
O4 - HKCU\..\Run: [Cbir] "C:\DOCUME~1\Noname\APPLIC~1\WNSXS~1\chkntfs.exe" -vt yazb
[/b:3b34235e9d]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

Verwijder de volgende directories:

C:\Program Files\[b:3b34235e9d]Web Buying\[/b:3b34235e9d]
C:\DOCUME~1\Noname\APPLIC~1\[b:3b34235e9d]WNSXS~1[/b:3b34235e9d]


Herstart de computer!



Download naar je [b:3b34235e9d]Bureaublad[/b:3b34235e9d] (by Deckard).[list:3b34235e9d]
[*:3b34235e9d][b:3b34235e9d]Sluit[/b:3b34235e9d] alle toepassingen en vensters.
[*:3b34235e9d][b:3b34235e9d]Dubbelklik[/b:3b34235e9d] op [b:3b34235e9d]Comboscan.exe[/b:3b34235e9d] om het te activeren, en volg de aanwijzingen.
[*:3b34235e9d]Wanneer de scan volledig is, zal een tekstbestand - [b:3b34235e9d]ComboScan.txt[/b:3b34235e9d] - openen.
[*:3b34235e9d]Kopiëer [b:3b34235e9d](Ctrl+A gevolgd door Ctrl+C)[/b:3b34235e9d] en plak [b:3b34235e9d](Ctrl+V)[/b:3b34235e9d] de inhoud van [b:3b34235e9d]ComboScan.txt[/b:3b34235e9d] in je volgende antwoord.
[/list:u:3b34235e9d]

ComboScan v20070306.20 run by Noname on 2007-03-17 at 23:11:43
Computer is in Normal Mode.
——————————————————————————–

– System Restore ————————————————————–

Successfully created ComboScan Restore Point.


– Last 5 Restore Point(s) –
17: 2007-03-17 22:12:03 UTC - RP27 - ComboScan Restore Point
16: 2007-03-17 15:38:51 UTC - RP26 - Software Distribution Service 2.0
15: 2007-03-17 15:24:01 UTC - RP25 - Herstelbewerking
14: 2007-03-17 15:21:33 UTC - RP24 - Herstelbewerking
13: 2007-03-16 23:04:05 UTC - RP23 - Software Distribution Service 2.0


– First Restore Point –
1: 2007-03-02 10:02:20 UTC - RP11 - Removed Pando.


Performed disk cleanup.


– HijackThis (run as Noname.exe) ———————————————-

Logfile of HijackThis v1.99.1
Scan saved at 23:12:23, on 17-3-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\Noname\Bureaublad\comboscan.exe
C:\DOCUME~1\Noname\BUREAU~1\HIJACK~1\Noname.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang NL
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Startup: Snelkoppeling naar Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


– File Associations ———————————————————–

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ———————

2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - C:\WINDOWS\system32\drivers\AegisP.sys
3R AR5211 (Atheros Wireless Network Adapter Service) - C:\WINDOWS\system32\drivers\ar5211.sys
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
3R BoiHwsetup (Access 32bits INT15 routine) - C:\WINDOWS\system32\drivers\BoiHwSetup.sys
3R CAMCAUD (Conexant AMC 3D Environmental Audio) - C:\WINDOWS\system32\drivers\camc6aud.sys
3R CAMCHALA - C:\WINDOWS\system32\drivers\camc6hal.sys
2R DLABOIOM - C:\WINDOWS\system32\DLA\DLABOIOM.SYS
1R DLACDBHM - C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2R DLADResN - C:\WINDOWS\system32\DLA\DLADResN.SYS
2R DLAIFS_M - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2R DLAOPIOM - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2R DLAPoolM - C:\WINDOWS\system32\DLA\DLAPoolM.SYS
1R DLARTL_N - C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2R DLAUDFAM - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2R DLAUDF_M - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
0R DRVMCDB - C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2R DRVNDDM - C:\WINDOWS\system32\drivers\DRVNDDM.SYS
3R HidUsb (Microsoft HID Class-stuurprogramma) - C:\WINDOWS\system32\drivers\hidusb.sys
3R HSFHWATI - C:\WINDOWS\system32\drivers\HSFHWATI.sys
3R HSF_DPV - C:\WINDOWS\system32\drivers\HSF_DPV.sys
1R intelppm (Intel GV3-processorstuurprogramma) - C:\WINDOWS\system32\drivers\intelppm.sys
3R Iviaspi (IVI ASPI Shell) - C:\WINDOWS\system32\drivers\iviaspi.sys
0S kl1 - C:\WINDOWS\system32\Drivers\kl1.sys (not found)
3R KLIF - C:\WINDOWS\system32\drivers\klif.sys
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3R mouhid (Stuurprogramma voor muis-HID) - C:\WINDOWS\system32\drivers\mouhid.sys
2R Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - C:\WINDOWS\system32\drivers\Netdevio.sys
3R Pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3R qkbfiltr (Quanta HotKey Keyboard Filter Driver) - C:\WINDOWS\system32\drivers\qkbfiltr.sys
3R qmofiltr (Quanta HotKey Mouse Filter Driver) - C:\WINDOWS\system32\drivers\qmofiltr.sys
3S RTL8023xp (Realtek 10/100/1000 NIC Family all in one NDIS XP Driver) - C:\WINDOWS\system32\drivers\Rtlnicxp.sys
3S rtl8139 (NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter) - C:\WINDOWS\system32\drivers\RTL8139.sys
0R srescan - C:\WINDOWS\system32\ZoneLabs\srescan.sys
3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3S USBSTOR (Stuurprogramma voor USB-massaopslag) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
1R vsdatant - C:\WINDOWS\system32\vsdatant.sys
3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys


– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ——————–

2R ACS (Atheros-clienthulpprogramma) - C:\WINDOWS\system32\acs.exe
3S aspnet_state (ASP.NET-statusservice) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
2R CFSvcs (ConfigFree Service) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
2R WMDM PMSP Service - C:\WINDOWS\system32\MsPMSPSv.exe


– Files created between 2007-02-17 and 2007-03-17 —————————–

2007-03-17 22:59:48 0 d——– C:\Program Files\Common Files\NSV
2007-03-17 16:48:23 0 d——– C:\WINDOWS\LastGood
2007-03-17 16:27:24 0 d——– C:\[audioconvert 2.0] Serials<_AUDIO~1.0_S>
2007-03-17 16:27:23 0 d——– C:\fixwareout<FIXWAR~1>
2007-03-16 10:51:00 0 d——– C:\Rustbfix
2007-03-16 09:27:18 0 d——– C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc<SMARTS~1>
2007-03-16 09:27:17 0 d——– C:\Program Files\SmartSound Software<SMARTS~1>
2007-03-16 09:12:19 0 d——– C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-03-16 09:10:24 0 d——– C:\Program Files\Pinnacle
2007-03-14 22:43:36 0 d——– C:\Program Files\Stardock
2007-03-14 22:36:00 0 d——– C:\Program Files\Gabest
2007-03-12 16:22:27 0 d——– C:\WINDOWS\system32\bund1
2007-03-12 16:22:13 0 d——– C:\Program Files\MediaCoder<MEDIAC~1>
2007-03-11 22:53:22 0 d——– C:\Program Files\Babylon(2)<BABYLO~1>
2007-03-11 22:53:22 0 d——– C:\Documents and Settings\All Users\Application Data\Babylon
2007-03-11 22:52:41 0 d——– C:\Documents and Settings\Noname\Application Data\Babylon
2007-03-11 22:38:52 0 d——– C:\Program Files\RAR Password Cracker<RARPAS~1>
2007-03-11 22:36:56 0 d——– C:\Program Files\VoipBuster.com<VOIPBU~1.COM>
2007-03-11 19:52:00 4349952 –a—— C:\Documents and Settings\Noname\ntuser.dat
2007-03-10 23:40:09 86016 –a—— C:\WINDOWS\unvise32qt.exe<UNVISE~1.EXE>
2007-03-10 23:37:54 0 d——– C:\Documents and Settings\All Users\Application Data\QuickTime<QUICKT~1>
2007-03-10 23:35:37 0 d——– C:\Program Files\QuickTime<QUICKT~1>
2007-03-10 23:24:49 3062 –a—— C:\WINDOWS\system32\tmp.reg
2007-03-10 23:23:32 79360 –a—— C:\WINDOWS\system32\swxcacls.exe
2007-03-10 23:23:32 40960 –a—— C:\WINDOWS\system32\swsc.exe
2007-03-10 23:23:32 135168 –a—— C:\WINDOWS\system32\swreg.exe
2007-03-10 23:23:32 288417 –a—— C:\WINDOWS\system32\SrchSTS.exe
2007-03-10 23:23:32 53248 –a—— C:\WINDOWS\system32\Process.exe
2007-03-10 23:23:32 51200 –a—— C:\WINDOWS\system32\dumphive.exe
2007-03-07 14:15:54 0 d——– C:\WINDOWS\.jagex_cache_32<JAGEX_~1>
2007-03-06 22:06:31 0 d——– C:\WINDOWS\Flash Menu Factory<FLASHM~1>
2007-03-06 22:06:31 0 d——– C:\Program Files\Flash Menu Factory<FLASHM~1>
2007-03-06 19:18:57 0 d——– C:\Program Files\GIF Movie Gear<GIFMOV~1>
2007-03-05 22:56:47 102400 –a—— C:\WINDOWS\system32\tsccvid.dll
2007-03-05 22:56:44 0 d——– C:\WINDOWS\system32\QuickTime<QUICKT~1>
2007-03-05 22:56:12 0 d——– C:\Documents and Settings\All Users\Application Data\TechSmith<TECHSM~1>
2007-03-05 22:55:02 0 d——– C:\Program Files\TechSmith<TECHSM~1>
2007-03-04 15:23:11 0 d——– C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-03-04 15:11:35 0 d——– C:\WINDOWS\system32\LogFiles
2007-03-04 15:11:35 0 d——– C:\WINDOWS\system32\drivers\UMDF
2007-03-02 20:03:15 0 d——– C:\Documents and Settings\Noname\Application Data\AdobeUM
2007-03-02 10:53:02 0 d——– C:\Program Files\Video Convert Master<VIDEOC~1>
2007-03-01 17:14:09 817664 —h—– C:\WINDOWS\system32\wodfamoh.dll
2007-03-01 17:13:51 0 d——– C:\Program Files\Abrosoft
2007-02-28 22:42:23 0 d—s—- C:\Documents and Settings\Noname\UserData
2007-02-28 21:51:51 0 d——– C:\Documents and Settings\All Users\Application Data\TEMP
2007-02-28 21:51:02 0 d——– C:\Program Files\Flash Favorite<FLASHF~1>
2007-02-28 10:46:52 20480 –a—— C:\WINDOWS\system32\VBUTILLight.dll<VBUTIL~1.DLL>
2007-02-28 10:46:52 28672 –a—— C:\WINDOWS\system32\SmartMenuXP.dll<SMARTM~1.DLL>
2007-02-28 10:46:51 172032 –a—— C:\WINDOWS\system32\MP2enc.dll
2007-02-28 10:46:51 0 d——– C:\WINDOWS\system32\ac
2007-02-28 10:46:50 0 d——– C:\Program Files\AudioConvert<AUDIOC~1>
2007-02-28 10:40:29 0 d——– C:\Program Files\WinAVI VideoConverter<WINAVI~1>
2007-02-27 22:28:28 0 d——– C:\Program Files\MOVAVI
2007-02-27 22:28:18 0 d——– C:\Program Files\ConvertMovie 4.0<CONVER~1.0>
2007-02-27 21:02:58 0 d——– C:\Program Files\Common Files\Nullsoft
2007-02-27 20:01:49 0 d——– C:\Program Files\AliveMedia<ALIVEM~1>
2007-02-27 19:43:38 0 d——– C:\Program Files\Web Page Maker V2<WEBPAG~1>
2007-02-27 19:35:47 0 d——– C:\Documents and Settings\Noname\Application Data\vlc
2007-02-27 19:20:27 0 d——– C:\Program Files\VideoLAN
2007-02-27 18:32:50 0 d——– C:\Program Files\UltraMenu<ULTRAM~1>
2007-02-27 16:09:14 0 d——– C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-27 15:32:55 1994752 —–n— C:\WINDOWS\UNNMP.exe
2007-02-27 15:27:54 2019328 —–n— C:\WINDOWS\UNNeroVision.exe<UNNERO~1.EXE>
2007-02-27 15:27:54 24064 —–n— C:\WINDOWS\system32\msxml3a.dll
2007-02-27 15:27:25 0 d——– C:\Documents and Settings\All Users\Application Data\Ahead
2007-02-27 15:09:06 0 d——– C:\Documents and Settings\Noname\Application Data\Ahead
2007-02-27 15:02:31 364544 –a—— C:\WINDOWS\system32\TwnLib4.dll
2007-02-27 15:02:31 471040 –a—— C:\WINDOWS\system32\imagXRA7.dll
2007-02-27 15:02:31 262144 –a—— C:\WINDOWS\system32\imagXR7.dll
2007-02-27 15:02:31 476320 –a—— C:\WINDOWS\system32\imagXpr7.dll
2007-02-27 15:02:31 32768 –a—— C:\WINDOWS\system32\BCGPOleAcc.dll<BCGPOL~1.DLL>
2007-02-27 15:02:31 2605056 –a—— C:\WINDOWS\system32\BCGCBPRO800u.dll<BCGCBP~2.DLL>
2007-02-27 15:02:31 2600960 –a—— C:\WINDOWS\system32\BCGCBPRO800.dll<BCGCBP~1.DLL>
2007-02-27 15:02:30 1568768 –a—— C:\WINDOWS\system32\imagX7.dll
2007-02-27 15:02:28 0 d——– C:\Program Files\Nero
2007-02-27 14:42:13 106496 –a—— C:\WINDOWS\system32\TwnLib20.dll
2007-02-27 14:38:55 38912 —–n— C:\WINDOWS\system32\picn20.dll
2007-02-27 14:38:51 544768 —–n— C:\WINDOWS\system32\imagx5.dll
2007-02-27 14:38:51 569344 —–n— C:\WINDOWS\system32\imagr5.dll
2007-02-27 14:38:50 283920 —–n— C:\WINDOWS\system32\ImagXpr5.dll
2007-02-27 14:38:45 155648 –a—— C:\WINDOWS\system32\NeroCheck.exe<NEROCH~1.EXE>
2007-02-27 14:38:45 0 d——– C:\Program Files\Common Files\Ahead
2007-02-27 14:38:37 0 d——– C:\Program Files\Ahead
2007-02-27 14:09:53 0 d——– C:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-02-27 14:06:48 101888 –a—— C:\WINDOWS\system32\VB6STKIT.DLL
2007-02-27 14:06:48 119568 –a—— C:\WINDOWS\system32\VB6FR.DLL
2007-02-27 14:06:48 21504 –a—— C:\WINDOWS\system32\TABCTFR.DLL
2007-02-27 14:06:48 15360 –a—— C:\WINDOWS\system32\inetfr.DLL
2007-02-27 14:06:45 141312 –a—— C:\WINDOWS\system32\MSCMCFR.DLL
2007-02-27 14:06:45 59904 –a—— C:\WINDOWS\system32\Mscc2fr.dll
2007-02-27 14:06:44 32768 –a—— C:\WINDOWS\system32\CMDLGFR.DLL
2007-02-27 13:57:10 4103032 –a—— C:\WINDOWS\system32\SpoonUninstall.exe<SPOONU~1.EXE>
2007-02-27 13:56:54 0 d——– C:\Program Files\Illustrate<ILLUST~1>
2007-02-27 11:52:32 0 d——– C:\Program Files\PhotoFiltre<PHOTOF~1>
2007-02-27 09:58:22 0 d——– C:\Program Files\Common Files\xing shared<XINGSH~1>
2007-02-27 09:57:42 0 d——– C:\Program Files\Common Files\Real
2007-02-27 09:57:37 0 d——– C:\Program Files\Real
2007-02-27 09:56:15 0 d——– C:\Documents and Settings\Noname\Application Data\Real
2007-02-27 09:52:04 0 d——– C:\My Downloads<MYDOWN~1>
2007-02-27 09:40:29 0 d——– C:\Program Files\Admiresoft<ADMIRE~1>
2007-02-27 09:20:20 512 –a—— C:\ScanSectorLog.dat<SCANSE~1.DAT>
2007-02-27 09:11:10 0 d——– C:\Program Files\DC++<DC__~1>
2007-02-27 09:10:47 0 d——– C:\Program Files\eMule
2007-02-27 09:08:16 0 d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-27 09:02:47 0 d——– C:\Documents and Settings\Noname\Application Data\MailFrontier<MAILFR~1>
2007-02-27 09:00:28 666912 –ahs—- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-02-27 09:00:28 15149600 –ahs—- C:\WINDOWS\system32\drivers\fidbox.dat
2007-02-27 08:54:12 0 d——– C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-02-27 08:46:55 0 d——– C:\WINDOWS\pss
2007-02-27 08:36:23 4212 —h—– C:\WINDOWS\system32\zllictbl.dat
2007-02-27 08:35:50 75512 –a—— C:\WINDOWS\zllsputility.exe<ZLLSPU~1.EXE>
2007-02-27 08:35:50 11264 –a—— C:\WINDOWS\system32\SpOrder.dll
2007-02-27 08:34:59 1087216 –a—— C:\WINDOWS\system32\zpeng24.dll
2007-02-27 08:34:58 0 d——– C:\WINDOWS\system32\ZoneLabs
2007-02-27 08:33:30 0 d——– C:\WINDOWS\Internet Logs<INTERN~1>
2007-02-27 08:32:58 0 d–h—– C:\WINDOWS\PIF
2007-02-26 23:01:19 0 d——– C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-02-26 22:57:13 0 d——– C:\Documents and Settings\Noname\Application Data\Azureus
2007-02-26 22:56:42 0 d——– C:\Program Files\Azureus
2007-02-26 22:54:20 0 d——– C:\WINDOWS\Sun
2007-02-26 22:54:19 0 d——– C:\Documents and Settings\Noname\Application Data\Sun
2007-02-26 22:52:21 29968 –a—— C:\WINDOWS\system32\mdimon.dll
2007-02-26 22:47:09 0 d——– C:\Documents and Settings\All Users\Application Data\Microsoft Help<MICROS~2>
2007-02-26 22:30:31 0 d——– C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-02-26 22:26:49 221184 –a—— C:\WINDOWS\system32\wmpns.dll
2007-02-26 22:26:39 28672 –a—— C:\WINDOWS\system32\DelRunOnceReg.exe<DELRUN~1.EXE>
2007-02-26 22:26:39 266240 –a—— C:\WINDOWS\system32\ControlWZCS.exe<CONTRO~1.EXE>
2007-02-26 22:26:36 57344 –a—— C:\WINDOWS\system32\wgapiloc.dll
2007-02-26 22:26:36 237568 –a—— C:\WINDOWS\system32\wgapi.dll
2007-02-26 22:26:36 233472 –a—— C:\WINDOWS\system32\wcapi.dll
2007-02-26 22:26:36 77824 –a—— C:\WINDOWS\system32\athcfg11ResLoc.dll<ATHCFG~2.DLL>
2007-02-26 22:26:36 77824 –a—— C:\WINDOWS\system32\athcfg11res.dll<ATHCFG~1.DLL>
2007-02-26 22:26:36 352256 –a—— C:\WINDOWS\system32\athcfg11.dll
2007-02-26 22:26:36 36864 –a—— C:\WINDOWS\system32\acs.exe
2007-02-26 22:26:31 17801 –a—— C:\WINDOWS\system32\drivers\AegisP.sys
2007-02-26 22:26:31 192512 –a—— C:\WINDOWS\system32\AegisI5.exe
2007-02-26 22:26:31 1396835 –a—— C:\WINDOWS\system32\AegisE5.dll
2007-02-26 22:25:57 32768 –a—— C:\WINDOWS\system32\RmWLAN.exe
2007-02-26 22:25:57 270336 –a—— C:\WINDOWS\system32\PlugPlayPCIDevice.exe<PLUGPL~1.EXE>
2007-02-26 22:25:57 163840 –a—— C:\WINDOWS\system32\MFCFirstRemove.exe<MFCFIR~1.EXE>
2007-02-26 22:25:57 28672 –a—— C:\WINDOWS\system32\InstallInf.exe<INSTAL~1.EXE>
2007-02-26 22:25:57 32768 –a—— C:\WINDOWS\system32\CloseACU.exe
2007-02-26 22:25:57 0 d——– C:\Program Files\Atheros
2007-02-26 22:25:40 0 dr——- C:\Documents and Settings\Noname\Favorieten<FAVORI~1>
2007-02-26 22:25:40 0 d——– C:\Documents and Settings\Noname\Bureaublad<BUREAU~1>
2007-02-26 22:25:40 0 d——– C:\Documents and Settings\Noname\Application Data\toshiba
2007-02-26 22:25:40 0 d——– C:\Documents and Settings\Noname\Application Data\Sonic
2007-02-26 22:25:40 0 d——– C:\Documents and Settings\Noname\Application Data\Help
2007-02-26 22:25:40 0 d——– C:\Documents and Settings\Noname\Application Data\Adobe
2007-02-26 22:25:39 0 d——– C:\Documents and Settings\Noname\WINDOWS
2007-02-26 22:25:39 0 d–h—– C:\Documents and Settings\Noname\Sjablonen<SJABLO~1>
2007-02-26 22:25:39 0 dr-h—– C:\Documents and Settings\Noname\Onlangs geopend<ONLANG~1>
2007-02-26 22:25:39 0 d–h—– C:\Documents and Settings\Noname\Netwerkprinteromgeving<NETWER~1>
2007-02-26 22:25:39 0 dr——- C:\Documents and Settings\Noname\Mijn documenten<MIJNDO~1>
2007-02-26 22:25:39 0 dr——- C:\Documents and Settings\Noname\Menu Start<MENUST~1>
2007-02-26 22:24:34 262144 –a—— C:\Documents and Settings\All Users\NTUSER.DAT
2007-02-26 22:24:27 0 d——– C:\Documents and Settings\Default User\WINDOWS
2007-02-26 22:24:27 0 d——– C:\Documents and Settings\Default User\Application Data\toshiba
2007-02-26 22:24:27 0 d——– C:\Documents and Settings\Default User\Application Data\Sonic
2007-02-26 22:24:27 0 d——– C:\Documents and Settings\Default User\Application Data\Help
2007-02-26 22:24:27 0 d——– C:\Documents and Settings\Default User\Application Data\Adobe
2007-02-26 22:21:02 12288 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
2007-02-26 22:20:59 9600 –a—— C:\WINDOWS\system32\drivers\hidusb.sys


– Find3M Report —————————————————————

2007-03-17 16:17:55 0 d——– C:\Program Files\Messenger<MESSEN~1>
2007-03-16 09:40:08 0 d–h—– C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-13 19:54:23 0 d——– C:\Documents and Settings\Noname\Application Data\Macromedia<MACROM~1>
2007-02-27 17:31:44 0 d—s—- C:\Documents and Settings\Noname\Application Data\Microsoft<MICROS~1>
2007-02-27 09:02:18 442556 –a—— C:\WINDOWS\system32\perfh013.dat
2007-02-27 09:02:18 69812 –a—— C:\WINDOWS\system32\perfc013.dat
2007-02-27 08:59:28 0 d——– C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-27 05:56:27 0 d——– C:\Program Files\Windows NT<WINDOW~2>
2007-02-27 05:56:24 0 d——– C:\Program Files\Toshiba
2007-02-27 05:55:47 0 d——– C:\Program Files\Synaptics<SYNAPT~1>
2007-02-27 05:55:30 0 d——– C:\Program Files\Sonic
2007-02-27 05:55:27 0 d——– C:\Program Files\Online Services<ONLINE~1>
2007-02-27 05:54:45 0 d——– C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-02-27 05:54:45 0 d——– C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-27 05:54:41 0 d——– C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-02-27 05:54:25 0 d——– C:\Program Files\microsoft frontpage<MICROS~1>
2007-02-27 05:53:56 0 d——– C:\Program Files\Java
2007-02-27 05:53:47 0 d——– C:\Program Files\InterVideo<INTERV~1>
2007-02-27 05:52:31 0 d——– C:\Program Files\CONEXANT
2007-02-27 05:51:35 0 d——– C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-02-27 05:51:35 0 d——– C:\Program Files\Common Files\ODBC
2007-02-27 05:51:35 0 d——– C:\Program Files\Common Files\MSSoap
2007-02-27 05:50:50 0 d——– C:\Program Files\Common Files\Java
2007-02-27 05:50:47 0 d——– C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-27 05:50:45 0 d——– C:\Program Files\Common Files\Adobe
2007-02-27 05:50:45 0 d——– C:\Program Files\ATI Technologies<ATITEC~1>
2007-02-27 05:40:43 0 d——– C:\Documents and Settings\Noname\Application Data\Identities<IDENTI~1>
2007-01-29 09:58:06 60416 —–n— C:\WINDOWS\system32\tzchange.exe
2006-12-19 22:51:37 135168 –a—— C:\WINDOWS\system32\shsvcs.dll
2006-12-19 19:18:35 334336 –a—— C:\WINDOWS\system32\wiaservc.dll


– Registry Dump —————————————————————


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Toshiba Hotkey Utility"="\"C:\\Program Files\\Toshiba\\Windows Utilities\\Hotkey.exe\" /lang NL"
"TPSMain"="TPSMain.exe"
"NDSTray.exe"="NDSTray.exe"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA-zoomutility\\SmoothView.exe"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


– End of ComboScan: finished at 2007-03-17 at 23:13:06 ————————

ComboScan v20070306.20 run by Noname on 2007-03-17 at 23:11:43
Supplementary logfile - please post this as an attachment with your post.
——————————————————————————–

– System Information ———————————————————-

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Dutch

CPU 0: Intel(R) Celeron(R) M processor 1.60GHz
Percentage of Memory in Use: 82%
Physical Memory (total/avail): 446.23 MiB / 75.88 MiB
Pagefile Memory (total/avail): 1056.84 MiB / 655.81 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1998.11 MiB

C: is Fixed (NTFS) - 55.89 GiB total, 23.99 GiB free.
D: is CDROM (No Media)


– Security Center ————————————————————-

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntivirusOverride is set.

FW: Norton Internet Worm Protection v2006 (Symantec)

Heb jij zelf je virusscanner uitgezet???

Download:
Sla het bestand op je bureaublad op, daarna dubbelklikken.
Mogelijk start de uninstaller van een rogue scanner op, sluit deze niet af maar laat deze zijn werk doen.

Daarna de [b:f2cb864442]PC herstarten[/b:f2cb864442] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
Post daarna het logje C:\[b:f2cb864442]RVAXO-results.log[/b:f2cb864442] in je volgende bericht tesamen met een nieuw logje van HijackThis.

Bestand downloaden en op je bureaublad opslaan, daarna dubbelklikken.
Als er een uninstaller actief wordt, deze zijn werk laten doen.
PC herstarten en daarna nogmaals [b:f2cb864442]RemoveVideoActiveXObject.exe[/b:f2cb864442] dubbelklikken.
Daarna een logje van HijackThis plaatsen

—————-RemoveVideoActiveXObject.exe first run————-

Files found:


Uninstallers Rogue scanners:


Folders Found:


————–RemoveVideoActiveXObject.exe last run—————

Files found:

C:\WINDOWS\system32\amcompat.tlb
C:\WINDOWS\system32\nscompat.tlb

Uninstallers Rogue scanners:


Folders Found:

Gaat goed, nogmaals runnen en daarna een HJT logje maken en hier plaatsen aub.

Logfile of HijackThis v1.99.1
Scan saved at 17:53:36, on 18-3-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\Noname\Bureaublad\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang NL
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Startup: Snelkoppeling naar Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe