Volledige versie bekijken : Mijn Logje
Reakwon 28 November 2007, 04:20 Hallo,
Ongewenste startpagina verschijnt telkens opnieuw nadat ik Explorer opstart.
Voordien kon ik het behelpen via Internet opties (totdat ik de computer heropstartte), maar nu blijft hij telkens dezelfde ZEER ongewenste startpagina geven.
Zou u mij even willen helpen?
Hieronder mijn Log:
Logfile of HijackThis v1.99.1
Scan saved at 2:23:33, on 28/11/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Utilities\VolControl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Benjamin\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1-technology.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: rafc Toolbar - {f552bd45-2e2b-4a3b-8d3b-2e54ac59771c} - C:\Program Files\rafc\tbrafc.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: rafc Toolbar - {f552bd45-2e2b-4a3b-8d3b-2e54ac59771c} - C:\Program Files\rafc\tbrafc.dll
O3 - Toolbar: rafc Toolbar - {f552bd45-2e2b-4a3b-8d3b-2e54ac59771c} - C:\Program Files\rafc\tbrafc.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] "C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" -startup
O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"
O4 - HKLM\..\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Toshiba Registration] "C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Benjamin\Documents\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Benjamin\Documents\PartyPoker\RunApp.exe
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?NL (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Alvast bedankt,
Reakwon
DJ Inpossible 28 November 2007, 23:29 Ik kijk even voor je:)
DJ Inpossible 30 November 2007, 17:51 Gebruik je nog software van Symantec?
1. Je gebruik een oude versie van Hijackthis welke niet goed overweg kan met Vista.
Gebruik vanaf nu deze: http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
2. Teatimer van Spybot is actief, deze kan de fix hinderen dus schakelen we deze tijdelijk uit.
- Start Spybot
- Ga naar Mode > selecteer Advanced Mode
- Ga naar Tools en klik op het Resident-icoon in de lijst
- Haal het vinkje weg bij Resident TeaTimer en klik OK
- Herstart de computer
- Download vervolgens ResetTeaTimer.bat (http://downloads.subratam.org/ResetTeaTimer.bat) naar je Bureaublad.
Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.
3. Ga naar start --> configuratiescherm --> software en verwijder daar:
AskSBar
4. Klik met je rechter muisknop op Hijackthis en kies voor 'Run as Administrator'
Kies vervolgens voor 'Do a system scan only' en vink onderstaande regels aan, indien nog aanwezig:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
Sluit vervolgens alle openstaande vensters en klik op 'Fix Checked'
5. Verwijder onderstaande map:
C:\Program Files\AskSBar
6. Download Combofix (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe) naar je Bureaublad.
Dubbelklik Combofix.exe
Volg de instructies, aanvaard de disclaimer door "1" te typen en te bevestigen via "Enter".
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.
Note: Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.
Succes!
Pim
Reakwon 30 November 2007, 21:27 Hoi,
Alvast bedankt om me te helpen.
Wel moet ik even zeggen dat punt 5: AskSBar verwijderen niet is gelukt. Ik krijg namelijk geen toegang om het te verwijderen.
ComboFix 07-12-01.1 - Benjamin 2007-11-30 20:14:38.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1043.18.1138 [GMT 1:00]
Gestart vanuit: C:\Users\Benjamin\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\winnb58.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-01 to 2007-12-01 ))))))))))))))))))))))))))))))
.
2007-11-30 20:04 . 2007-11-27 19:09 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2007-11-28 00:55 . 2007-11-28 00:55 <DIR> d-------- C:\Program Files\Hitman Pro
2007-11-27 23:46 . 2007-11-27 23:49 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-11-27 23:46 . 2007-11-27 23:49 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-11-27 19:45 . 2007-11-27 19:45 <DIR> d-------- C:\Users\Benjamin\AppData\Roaming\Lavasoft
2007-11-27 19:44 . 2007-11-27 19:44 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-27 19:35 . 2007-11-27 19:35 <DIR> d-------- C:\Users\Benjamin\AppData\Roaming\Grisoft
2007-11-27 19:17 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2007-11-27 19:16 . 2007-11-27 19:16 <DIR> d-------- C:\Users\All Users\Grisoft
2007-11-27 19:16 . 2007-11-27 19:16 <DIR> d-------- C:\ProgramData\Grisoft
2007-11-27 19:10 . 2007-10-01 16:24 163,640 --a------ C:\Windows\System32\drivers\ssidrv.sys
2007-11-27 19:10 . 2007-10-01 16:24 23,864 --a------ C:\Windows\System32\drivers\sskbfd.sys
2007-11-27 19:10 . 2007-10-01 16:24 21,816 --a------ C:\Windows\System32\drivers\sshrmd.sys
2007-11-27 19:10 . 2007-10-01 16:24 20,280 --a------ C:\Windows\System32\drivers\SSFS0BB9.sys
2007-11-27 19:09 . 2007-11-27 19:09 <DIR> d-------- C:\Users\Benjamin\AppData\Roaming\Webroot
2007-11-27 19:09 . 2007-11-27 19:09 <DIR> d-------- C:\Users\All Users\Webroot
2007-11-27 19:09 . 2007-11-27 19:09 <DIR> d-------- C:\ProgramData\Webroot
2007-11-27 19:09 . 2007-11-27 19:09 <DIR> d-------- C:\Program Files\Webroot
2007-11-27 19:09 . 2007-10-01 16:40 1,526,072 --a------ C:\Windows\WRSetup.dll
2007-11-27 19:05 . 2007-11-27 19:05 164 --a------ C:\install.dat
2007-11-27 18:19 . 2007-11-27 18:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-23 13:37 . 2007-11-24 15:15 <DIR> d-------- C:\Program Files\laughnetwork
2007-11-22 17:24 . 2007-11-22 17:24 675,579 --a------ C:\Windows\PROGRAM.exe
2007-11-22 17:19 . 2007-11-27 18:12 18,432 --a------ C:\Users\Benjamin\AppData\Roaming\internaldb41.dat
2007-11-22 17:19 . 2007-11-27 18:12 555 --a------ C:\Users\Benjamin\AppData\Roaming\internaldb8467.d at
2007-11-22 17:19 . 2007-11-27 18:24 374 --a------ C:\Users\Benjamin\AppData\Roaming\internaldb6334.d at
2007-11-22 17:19 . 2007-11-22 17:19 197 --a------ C:\Windows\wininit.ini
2007-11-20 17:12 . 2007-11-20 17:12 <DIR> d-------- C:\Poker
2007-11-15 10:38 . 2007-11-15 10:38 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2007-11-15 10:38 . 2007-11-15 10:38 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys
2007-11-15 10:38 . 2007-11-15 10:38 73,216 --a------ C:\Windows\System32\drivers\usbccgp.sys
2007-11-15 10:38 . 2007-11-15 10:38 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys
2007-11-15 10:38 . 2007-11-15 10:38 23,040 --a------ C:\Windows\System32\drivers\usbuhci.sys
2007-11-15 10:38 . 2007-11-15 10:38 8,704 --a------ C:\Windows\System32\hcrstco.dll
2007-11-15 10:38 . 2007-11-15 10:38 8,704 --a------ C:\Windows\System32\hccoin.dll
2007-11-15 10:38 . 2007-11-15 10:38 5,888 --a------ C:\Windows\System32\drivers\usbd.sys
2007-11-11 20:40 . 2007-11-13 01:00 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2007-11-11 20:40 . 2007-11-11 20:40 22,328 --a------ C:\Users\Benjamin\AppData\Roaming\PnkBstrK.sys
2007-11-11 20:39 . 2007-11-13 01:00 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2007-11-11 20:39 . 2007-11-13 01:00 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2007-11-11 20:39 . 2007-11-11 20:39 319 --a------ C:\Windows\game.ini
2007-11-11 20:21 . 2007-11-11 20:21 <DIR> d-------- C:\Program Files\Activision
2007-11-10 16:20 . 2007-11-29 20:12 <DIR> d-------- C:\Users\Benjamin\Shared
2007-11-10 16:19 . 2007-11-29 20:12 <DIR> d-------- C:\Users\Benjamin\Incomplete
2007-11-10 16:19 . 2007-11-24 17:47 <DIR> d-------- C:\Users\Benjamin\AppData\Roaming\LimeWire
2007-11-10 16:14 . 2007-11-10 16:14 <DIR> d-------- C:\Users\Benjamin\LimeWire
2007-11-10 15:46 . 2007-11-10 15:47 <DIR> d-------- C:\Users\All Users\Adobe
2007-11-10 15:46 . 2007-11-10 15:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-10 15:29 . 2007-11-10 15:29 <DIR> d--hs---- C:\Windows\ftpcache
2007-11-08 14:39 . 2007-11-08 14:39 <DIR> d-------- C:\Program Files\rafc
2007-11-04 16:41 . 2007-11-04 16:41 621,056 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2007-11-04 16:41 . 2007-11-04 16:41 36,864 --a------ C:\Windows\System32\cdd.dll
2007-11-04 16:38 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2007-11-04 16:38 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2007-11-04 16:38 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2007-11-04 16:38 . 2007-05-16 16:45 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll
2007-11-04 16:38 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2007-11-04 16:38 . 2007-05-16 16:45 443,752 --a------ C:\Windows\System32\d3dx10_34.dll
2007-11-04 16:38 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2007-11-04 16:18 . 2007-11-04 16:19 <DIR> d-------- C:\Program Files\CA
2007-11-03 23:20 . 2007-11-07 11:58 <DIR> d-------- C:\Users\Benjamin\AppData\Roaming\Joost
2007-11-03 23:20 . 2007-11-06 17:54 <DIR> d-------- C:\Program Files\Joost
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-30 18:48 13,166 ----a-w C:\Users\Benjamin\AppData\Roaming\nvModes.dat
2007-11-15 09:39 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-15 09:39 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-15 09:39 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-15 09:39 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-15 09:39 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-15 09:39 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-11-15 09:39 3,471,032 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-11-15 09:39 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-15 09:39 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-15 09:39 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-15 09:39 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-15 09:39 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-15 09:39 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-15 09:39 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-15 09:39 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-15 09:39 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-15 09:39 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-11-15 09:38 --------- d-----w C:\Program Files\Windows Mail
2007-11-11 19:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 17:03 --------- d-----w C:\Program Files\TheSettlersRiseOfAnEmpireDemo
2007-10-18 20:14 184,080 ----a-w C:\Windows\system32\drivers\ino_fltr.sys
2007-10-13 19:25 --------- d-----w C:\Users\Benjamin\AppData\Roaming\Toshiba
2007-10-12 13:33 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-12 13:33 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-12 13:33 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-12 13:33 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-12 13:31 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-12 13:31 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-10-12 13:31 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-10-12 13:31 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-10-12 13:31 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-10-12 13:30 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-09 19:18 --------- d-----w C:\Users\Benjamin\AppData\Roaming\InterVideo
2007-10-09 07:19 --------- d-----w C:\Users\Benjamin\AppData\Roaming\AdobeUM
2007-10-07 14:54 174 --sha-w C:\Program Files\desktop.ini
2007-10-07 14:46 --------- d-----w C:\Program Files\Windows Defender
2007-10-07 14:46 --------- d-----w C:\Program Files\Windows Calendar
2007-10-06 13:34 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-10-06 13:34 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-10-06 13:34 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-10-06 13:34 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-10-06 13:34 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-10-06 13:34 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-10-06 13:34 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-10-06 13:34 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-10-06 13:34 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-10-06 13:34 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-10-06 13:34 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-10-06 13:34 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-10-06 13:34 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-10-06 13:34 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-10-06 13:34 134,656 ----a-w C:\Windows\System32\dps.dll
2007-10-06 13:34 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-10-06 13:34 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-10-06 13:33 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-10-06 13:33 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-10-06 13:33 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-10-06 13:32 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2007-10-06 13:32 376,320 ----a-w C:\Windows\System32\winsrv.dll
2007-10-06 13:30 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-10-06 13:30 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-10-06 13:30 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-10-06 13:30 414,208 ----a-w C:\Windows\System32\msscp.dll
2007-10-06 13:30 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-10-06 13:30 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-10-06 13:30 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-10-06 13:30 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-10-06 13:30 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-10-06 13:30 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-10-06 13:30 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-10-06 13:29 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2007-10-06 13:29 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-10-06 13:28 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-10-06 13:28 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-10-06 13:28 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2007-10-06 13:28 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-10-06 13:28 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-10-06 13:28 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2007-10-06 13:27 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2007-10-06 13:27 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-10-06 13:27 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-10-06 13:27 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-10-06 13:27 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-10-06 13:27 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-10-06 13:27 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-10-06 13:27 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-10-06 13:27 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-10-06 13:27 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-10-06 13:26 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-10-06 13:25 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-10-06 13:25 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-10-06 13:25 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-10-06 13:25 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-10-06 13:25 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-10-06 13:25 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-10-06 13:25 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-10-06 13:25 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2007-10-06 13:25 320,000 ----a-w C:\Windows\system32\drivers\csc.sys
2007-10-06 13:25 31,232 ----a-w C:\Windows\System32\msvidc32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f552bd45-2e2b-4a3b-8d3b-2e54ac59771c}]
2007-11-08 12:11 1502232 --a------ C:\Program Files\rafc\tbrafc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F552BD45-2E2B-4A3B-8D3B-2E54AC59771C}"= C:\Program Files\rafc\tbrafc.dll [2007-11-08 12:11 1502232]
[HKEY_CLASSES_ROOT\clsid\{f552bd45-2e2b-4a3b-8d3b-2e54ac59771c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F552BD45-2E2B-4A3B-8D3B-2E54AC59771C}"= C:\Program Files\rafc\tbrafc.dll [2007-11-08 12:11 1502232]
[HKEY_CLASSES_ROOT\clsid\{f552bd45-2e2b-4a3b-8d3b-2e54ac59771c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 10:57]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36]
"Videos"="C:\Program Files\laughnetwork\update.exe" [2007-11-20 14:23]
"RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2006-11-02 10:45]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-06 14:32]
"TOSHIBA Volume Indicator"="C:\Program Files\Toshiba\Utilities\VolControl.exe" [2006-12-13 10:33]
"NDSTray.exe"="NDSTray.exe" []
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 17:11]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 23:16]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-01-02 16:05]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-25 20:03]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 13:50]
"NvSvc"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-01-08 13:35]
"Realtime Monitor"="C:\Program Files\CA\eTrustITM\realmon.exe" [2007-01-16 21:27]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Benjamin^App Data^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Joost.lnk]
path=C:\Users\Benjamin\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Startup\Joost.lnk
backup=C:\Windows\pss\Joost.lnk.Startup
backupExtension=.Startup
R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\Windows\system32\Drivers\SSFS0BB9.SYS
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.s ys
R3 BoiHwsetup;Access 32bits INT15 routine;C:\Windows\system32\drivers\BoiHwSetup.sys
R3 NETw3v32;Stuurprogramma voor Intel(R) PRO/Wireless 3945ABG-adapter onder Windows Vista 32-bits;C:\Windows\system32\DRIVERS\NETw3v32.sys
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvld dmkm.sys
R3 qkbfiltr;Keyboard Filter Driver;C:\Windows\system32\DRIVERS\qkbfiltr.sys
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys
R3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys
S3 TcUsb;TC USB Kernel Driver;C:\Windows\system32\Drivers\tcusb.sys
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
.
Inhoud van de 'Gedeelde Taken' map
"2007-11-30 18:56:09 C:\Windows\Tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job"
- C:\Windows\system32\msfeedssync.exe
"2007-11-27 18:34:48 C:\Windows\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
************************************************** ************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 20:19:22
Windows 6.0.6000 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2007-12-01 20:21:17 - machine was rebooted
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:08, on 1/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Utilities\VolControl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: rafc Toolbar - {f552bd45-2e2b-4a3b-8d3b-2e54ac59771c} - C:\Program Files\rafc\tbrafc.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: rafc Toolbar - {f552bd45-2e2b-4a3b-8d3b-2e54ac59771c} - C:\Program Files\rafc\tbrafc.dll
O3 - Toolbar: rafc Toolbar - {f552bd45-2e2b-4a3b-8d3b-2e54ac59771c} - C:\Program Files\rafc\tbrafc.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] "C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" -startup
O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"
O4 - HKLM\..\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Toshiba Registration] "C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Benjamin\Documents\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Benjamin\Documents\PartyPoker\RunApp.exe
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?NL (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8549 bytes
Nogmaals bedankt,
Reakwon
DJ Inpossible 3 December 2007, 17:45 Hoi Reakmon,
Kun je nog even antwoord geven op deze vragen:
Gebruik je nog software van Symantec?
Over welke ongewenste startpagina gaat het eigenlijk?
Gebruik je nog Partypoker?
Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:
O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?NL (file missing)
Verwijder vervolgens de volgende map:
C:\Program Files\AskSBar
Maak daarna je prullenbak leeg.
Hoe is het met je problemen?
Pim
Reakwon 4 December 2007, 17:23 Hoi,
Neen, geen Symantec, wel een antivirus van eTrust.
Dit is de startpagina: http://www.searchnut.com/?domain=1-technology.com
Ik gebruik heel af en toe nog Partypoker.
Dien ik op fix Checked te klikken na de system scan en het aanvinken van bovenstaande regels?
En nu blijkt AsksBar in Program Files al wel verdwenen.
Vriendelijke groeten,
Reakwon
DJ Inpossible 6 December 2007, 17:11 Dien ik op fix Checked te klikken na de system scan en het aanvinken van bovenstaande regels?
Daar heb je inderdaad gelijk in, was ik vergeten bij te voegen.
Start Hijackthis, kies voor 'Open the misc tools section' en klik op het tabblad 'Main'
Onder 'Default Start Page' kan je je startpagina wijzigen.
Download Norton verwijderings tool (http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/172d11361b05da508525695b005ca287/9163ea0b7308d62d80256fe000519e78?OpenDocument)
volg de instructies op het scherm om norton in zijn geheel te verwijderen.
Wanneer dat nog niet gebeurt is, herstart je PC en post een nieuw Hijackthis log ter controle.
Vermeldt daarbij ook hoe het met je problemen is.
Pim
Reakwon 8 December 2007, 15:30 Hoi,
Nog steeds hetzelfde. Ik geraak maar niet van die klote pagina af.
Ondertussen is ze veranderd naar deze: http://traffic.revenuedirect.com/index.php?domain_name=1-technology.com
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:35, on 8/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Utilities\VolControl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: rafc Toolbar - {f552bd45-2e2b-4a3b-8d3b-2e54ac59771c} - C:\Program Files\rafc\tbrafc.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: rafc Toolbar - {f552bd45-2e2b-4a3b-8d3b-2e54ac59771c} - C:\Program Files\rafc\tbrafc.dll
O3 - Toolbar: rafc Toolbar - {f552bd45-2e2b-4a3b-8d3b-2e54ac59771c} - C:\Program Files\rafc\tbrafc.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] "C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" -startup
O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"
O4 - HKLM\..\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Toshiba Registration] "C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Benjamin\Documents\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Benjamin\Documents\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8600 bytes
Groeten
DJ Inpossible 10 December 2007, 14:20 Hoi Reakmon,
Heb je deze startpagina bij Internet Explorer of een andere brouwser, zoals Firefox?
Klik met je rechtermuisknop op Hijackthis en kies voor 'Uitvoeren als Administrator'
Kies voor 'do a system scan only' en vink onderstaande regel aan:
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
Sluit alle openstaande vensters, behalve Hijackthis en klik op Fix checked.
Herstart je PC en post vervolgens een Hijackthis log ter controle.
Pim
Reakwon 11 December 2007, 17:50 Hoi,
Deze startpagina heb ik bij Internet Explorer.
Nu geeft hij telkens een andere pagina.
Iets in deze trend: http://10-digital-media.com/ron_white_blue_collar_comedy_tour.php
of http://8-digital-media.com/p/Gender_Of_Terms.php
of http://5-digital-media.com/p/The_Steelers_Would_Do_ANYTHING_to_Win_the_Super_Bo wl.php
En telkens wanneer ik de startpagina wijzig, internet open geeft hij de correcte startpagina. Wanneer ik deze pagina sluit en opnieuw internet open geeft hij iets zoals bovenstaande.
Groeten
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:12, on 11/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Utilities\VolControl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: rafc Toolbar - {f552bd45-2e2b-4a3b-8d3b-2e54ac59771c} - C:\Program Files\rafc\tbrafc.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: rafc Toolbar - {f552bd45-2e2b-4a3b-8d3b-2e54ac59771c} - C:\Program Files\rafc\tbrafc.dll
O3 - Toolbar: rafc Toolbar - {f552bd45-2e2b-4a3b-8d3b-2e54ac59771c} - C:\Program Files\rafc\tbrafc.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] "C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" -startup
O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"
O4 - HKLM\..\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Toshiba Registration] "C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Benjamin\Documents\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Benjamin\Documents\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8621 bytes
Reakwon 11 December 2007, 17:53 Ook dit nog even.
Ik kan blijkbaar ergens op dergelijke pagina's op Uninstall klikken.
Ik wacht nu even je antwoord af.
Groeten
DJ Inpossible 12 December 2007, 22:21 Download reglooks.exe (http://users.telenet.be/marcvn/tools/reglooks.exe) en plaats het op je bureaublad.
Klik rechts op reglooks.exe en kies voor "als administrator uitvoeren".
Je zult een melding krijgen van gebruikersaccountbeheer, sta dit toe (toestaan).
Doe verder niets en wacht tot er een logfile opent. Post de inhoud van deze logfile samen met een nieuw logje van Hijackthis.
Reakwon 16 December 2007, 16:14 REGLOOKS logfile
version 0.977
za 15/12/2007 22:32:48,31
running from: "C:\Users\Benjamin\Desktop"
--- SSODL regkeys ---
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad
only standard or legit regkeys found
--- STS regkeys ---
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler
only standard or legit regkeys found
--- USERINIT regkey ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
--- SHELL regkey ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Shell"="Explorer.exe"
--- SYSTEM regkey ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
--- APPINIT_DLLS regkey ---
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
"AppInit_DLLs"=""
--- NOTIFY regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
only standard or legit regkeys found
--- BOOTEXECUTE regkey ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager
BootExecute= autocheck autochk *\0\0
--- SHELLEXECUTEHOOKS regkey ---
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
--- HKLM\Run regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"TOSHIBA Volume Indicator"="\"C:\\Program Files\\Toshiba\\Utilities\\VolControl.exe\""
"NDSTray.exe"="NDSTray.exe"
"topi"="\"C:\\Program Files\\TOSHIBA\\Toshiba Online Product Information\\topi.exe\" -startup"
"TPwrMain"="\"C:\\Program Files\\TOSHIBA\\Power Saver\\TPwrMain.EXE\""
"HSON"="\"C:\\Program Files\\TOSHIBA\\TBS\\HSON.exe\""
"SmoothView"="\"C:\\Program Files\\Toshiba\\SmoothView\\SmoothView.exe\""
"00TCrdMain"="\"C:\\Program Files\\TOSHIBA\\FlashCards\\TCrdMain.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"NvSvc"="\"RUNDLL32.EXE\" C:\\Windows\\system32\\nvsvc.dll,nvsvcStart"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\Windows\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit"
"Toshiba Registration"="\"C:\\Program Files\\Toshiba\\Registration\\ToshibaRegistration. exe\""
"Realtime Monitor"="\"C:\\Program Files\\CA\\eTrustITM\\realmon.exe\" -s"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
[run\OptionalComponents]
@=""
[run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""
[run\OptionalComponents\MSFS]
"Installed"="1"
@=""
--- HKLM\RunOnce regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce
no HKLM RunOnce keys found
--- HKLM\RunOnceEx regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx
no HKLM RunOnceEx keys found
--- HKLM\RunServices regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices
no HKLM RunServices keys found
--- HKLM\RunServicesOnce regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce
no HKLM RunServicesOnce keys found
--- HKCU\Run regkeys ---
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run
"Sidebar"="\"C:\\Program Files\\Windows Sidebar\\sidebar.exe\" /autoRun"
"TOSCDSPD"="\"C:\\Program Files\\TOSHIBA\\TOSCDSPD\\TOSCDSPD.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"WMPNSCFG"="\"C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe\""
"Videos"="\"C:\\Program Files\\laughnetwork\\update.exe\" /background"
"RunSpySweeperScheduleAtStartup"="\"C:\\Windows\\system32\\msfeedssync.exe\" /ScheduleSweep=User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}"
--- HKCU\RunOnce regkeys ---
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce
no HKCU RunOnce keys found
--- HKCU\RunOnceEx regkeys ---
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnceEx
no HKCU RunOnceEx keys found
--- HKCU\RunServices regkeys ---
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices
no HKCU RunServices keys found
--- HKCU\RunServicesOnce regkeys ---
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce
no HKCU RunServicesOnce keys found
--- HKU\.DEFAULT\Run regkeys - Default user ---
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run
no HKU\.DEFAULT\Run keys found
--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
no HKU\S-1-5-18\Run keys found
--- HKU\S-1-5-19\Run regkeys - User Lokale service ---
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Sidebar"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25, 5c,57,69,6e,64,6f,\
77,73,20,53,69,64,65,62,61,72,5c,53,69,64,65,62,61 ,72,2e,65,78,65,20,2f,64,\
65,74,65,63,74,4d,65,6d,00
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
--- HKU\S-1-5-20\Run regkeys - User Netwerkservice ---
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Sidebar"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25, 5c,57,69,6e,64,6f,\
77,73,20,53,69,64,65,62,61,72,5c,53,69,64,65,62,61 ,72,2e,65,78,65,20,2f,64,\
65,74,65,63,74,4d,65,6d,00
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
--- HKLM\Explorer\Run regkeys ---
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run
no HKLM Explorer\Run keys found
--- HKCU\Explorer\Run regkeys ---
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run
no HKCU Explorer\Run keys found
--- Image File Execution regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
no debuggers found
--- BROWSER HELPER OBJECTS regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" regkey not found (ERROR)
"{53707962-6F74-2D53-2644-206D7942484F}" FILE ="C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.6.0\\bin\\ssv.dll"
"{f552bd45-2e2b-4a3b-8d3b-2e54ac59771c}" FILE ="C:\\Program Files\\rafc\\tbrafc.dll"
--- TOOLBAR regkeys ---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
"{f552bd45-2e2b-4a3b-8d3b-2e54ac59771c}" FILE ="C:\\Program Files\\rafc\\tbrafc.dll"
--- URLSEARCHHOOKS regkeys ---
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
"{f552bd45-2e2b-4a3b-8d3b-2e54ac59771c}"="" FILE ="C:\\Program Files\\rafc\\tbrafc.dll"
--- CONTEXTMENUHANDLERS regkeys ---
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
"AVG Anti-Spyware" CLSID ={8934FCEF-F5B8-468f-951F-78A921CD3920} FILE ="C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\context.dll"
"BriefcaseMenu" CLSID ={85BBD920-42A0-1069-A2E4-08002B30309D} FILE ="syncui.dll"
"InoShell" CLSID ={DCED20BE-3645-11D4-BC95-00C04F0E0588} FILE ="C:\\Program Files\\CA\\eTrustITM\\InoShell.dll"
"Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\shell32.dll
"Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\shell32.dll
"Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"
"{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHan dlers
"AVG Anti-Spyware" CLSID ={8934FCEF-F5B8-468f-951F-78A921CD3920} FILE ="C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\context.dll"
"EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\shell32.dll
"InoShell" CLSID ={DCED20BE-3645-11D4-BC95-00C04F0E0588} FILE ="C:\\Program Files\\CA\\eTrustITM\\InoShell.dll"
"Offline Files" CLSID ={474C98EE-CF3D-41f5-80E3-4AAB0AB04301} FILE =%SystemRoot%\System32\cscui.dll
"Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandle rs
"BriefcaseMenu" CLSID ={85BBD920-42A0-1069-A2E4-08002B30309D} FILE ="syncui.dll"
"Offline Files" CLSID ={474C98EE-CF3D-41f5-80E3-4AAB0AB04301} FILE =%SystemRoot%\System32\cscui.dll
"SpySweeper" CLSID ={7C9D5882-CB4A-4090-96C8-430BFE8B795B} FILE ="C:\\PROGRA~1\\Webroot\\SPYSWE~1\\SSCtxMnu.dll"
--- ALTERNATESHELL regkey ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot
"AlternateShell"="cmd.exe"
--- SAFEBOOT MINIMAL SERVICES ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal
no unknown services found
--- SAFEBOOT NETWORK SERVICES ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network
no unknown services found
--- SERVICES ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\BoiHwsetup
"DisplayName"="Access 32bits INT15 routine"
system32\drivers\BoiHwSetup.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CFSvcs
"DisplayName"="ConfigFree Service"
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CSC
"DisplayName"="Offline Files Driver"
system32\drivers\csc.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CscService
"DisplayName"="@%systemroot%\\system32\\cscsvc.dll,-200"
%SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\e1express
"DisplayName"="Stuurprogramma voor Intel(R) PRO/1000 PCI Express-netwerkverbinding"
system32\DRIVERS\e1e6032.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\iGateway
"DisplayName"="iTechnology iGateway 4.2"
"C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\InoRPC
"DisplayName"="eTrust ITM RPC Service"
"C:\Program Files\CA\eTrustITM\InoRpc.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\InoRT
"DisplayName"="eTrust Antivirus Realtime Service"
"C:\Program Files\CA\eTrustITM\InoRT.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\InoTask
"DisplayName"="eTrust ITM Job Service"
"C:\Program Files\CA\eTrustITM\InoTask.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\INO_FLPY
"DisplayName"="INO_FLPY"
system32\Drivers\ino_flpy.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\INO_FLTR
"DisplayName"="INO_FLTR"
\??\C:\Windows\system32\Drivers\ino_fltr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\qkbfiltr
"DisplayName"="Keyboard Filter Driver"
system32\DRIVERS\qkbfiltr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SSFS0BB9
"DisplayName"="Spy Sweeper File System Filer Driver: 0BB9"
SYSTEM32\Drivers\SSFS0BB9.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SSHRMD
"DisplayName"="Spy Sweeper Hookrack MiniDriver"
SYSTEM32\Drivers\SSHRMD.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SSKBFD
"DisplayName"="Webroot Spy Sweeper Keylogger Shield Keyboard Filter"
System32\Drivers\sskbfd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TcUsb
"DisplayName"="TC USB Kernel Driver"
System32\Drivers\tcusb.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\tdcmdpst
"DisplayName"="TOSHIBA Writing Engine Filter Driver"
system32\DRIVERS\tdcmdpst.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TODDSrv
"DisplayName"="TOSHIBA Optical Disc Drive Service"
C:\Windows\system32\TODDSrv.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TosCoSrv
"DisplayName"="TOSHIBA Power Saver"
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TOSHIBA Bluetooth Service
"DisplayName"="TOSHIBA Bluetooth Service"
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\tosrfec
"DisplayName"="Bluetooth ACPI"
system32\DRIVERS\tosrfec.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TVALZ
"DisplayName"="TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver"
system32\DRIVERS\TVALZ_O.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\UleadBurningHelper
"DisplayName"="Ulead Burning Helper"
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\UmRdpService
"DisplayName"="@%SystemRoot%\\system32\\umrdp.dll,-1000"
%SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wbengine
"DisplayName"="@%systemroot%\\system32\\wbengine.exe,-104"
"%systemroot%\system32\wbengine.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{E2FE1AFB-9B76-4853-83EC-F85747743381}
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{FF07588B-6295-4088-AFC5-00F5AB326A66}
no imagepath value found
--- SECURITYPROVIDERS regkey ---
HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders
"SecurityProviders"="credssp.dll"
--- SVCHOST regkey ---
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost
LocalService: nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time \0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc \0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\ 0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0WebC lient\0\0
LocalSystemNetworkRestricted: hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0Aud ioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusE num\0dot3svc\0PcaSvc\0CscService\0TabletInputServi ce\0UmRdpService\0wlansvc\0WPDBusEnum\0EMDMgmt\0\0
NetworkServiceNetworkRestricted: PolicyAgent\0\0
LocalServiceNoNetwork: PLA\0DPS\0BFE\0mpssvc\0\0
NetworkService: CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapA gent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
termsvcs: TermService\0\0
WerSvcGroup: wersvc\0\0
netsvcs: AeLookupSvc\0wercplsupport\0Themes\0CertPropSvc\0S CPolicySvc\0lanmanserver\0gpsvc\0IKEEXT\0AudioSrv\ 0FastUserSwitchingCompatibility\0Ias\0Irmon\0Nla\0 Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasm an\0Remoteaccess\0SENS\0Sharedaccess\0SRService\0T apisrv\0Wmi\0WmdmPmSp\0TermService\0wuauserv\0BITS \0ShellHWDetection\0LogonHours\0PCAudit\0helpsvc\0 uploadmgr\0iphlpsvc\0seclogon\0AppInfo\0msiscsi\0M MCSS\0ProfSvc\0EapHost\0winmgmt\0schedule\0Session Env\0browser\0hkmsvc\0AppMgmt\0\0
swprv: swprv\0\0
LocalServiceNetworkRestricted: DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsv c\0PNRPSvc\0p2psvc\0PnrpAutoReg\0\0
rpcss: RpcSs\0\0
regsvc: RemoteRegistry\0\0
wcssvc: WcsPlugInService\0\0
DcomLaunch: PlugPlay\0DcomLaunch\0\0
wdisvc: WdiServiceHost\0\0
sdrsvc: sdrsvc\0\0
imgsvc: StiSvc\0\0
secsvcs: WinDefend\0\0
--- WOW-CMDLINE regkeys ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\WOW
--- DNS SERVER regkeys ---
no "NameServer" values found
--- STARTUP FOLDERS ---
C:\Users\Benjamin\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
--- TASK SCHEDULER JOBS ---
C:\Windows\tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job
C:\Windows\tasks\wrSpySweeperTrialSweep.job
--- File associations ---
.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\winhlp32.exe %1)
.INF files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1")
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: ("%SystemRoot%\System32\WScript.exe" "%1" %*)
FINISHED
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:41, on 16/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Utilities\VolControl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: rafc Toolbar - {f552bd45-2e2b-4a3b-8d3b-2e54ac59771c} - C:\Program Files\rafc\tbrafc.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: rafc Toolbar - {f552bd45-2e2b-4a3b-8d3b-2e54ac59771c} - C:\Program Files\rafc\tbrafc.dll
O3 - Toolbar: rafc Toolbar - {f552bd45-2e2b-4a3b-8d3b-2e54ac59771c} - C:\Program Files\rafc\tbrafc.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] "C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" -startup
O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"
O4 - HKLM\..\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Toshiba Registration] "C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Benjamin\Documents\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Benjamin\Documents\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8565 bytes
Groeten,
Reakwon
DJ Inpossible 17 December 2007, 23:49 Met dank aan Juisterr :)
Maak je echt gebruik van Rafc toolbar?
Probeer die eens te verwijderen en kijk of je probleem dan is opgelost:)
Juisterr 22 December 2007, 14:36 DJ is op vakantie dus ik spring even in.
Schakel tijdelijk Windows Defender uit
Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken ed., wat zo te zien nu gebeurd is omdat de gefixte regels er nog/terug in staan)
* Open Windows Defender > Klik Tools
* Klik "General Settings"
* Scroll naar "Real Time Protection Options"
* Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
* Sluit Windows Defender
(als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Benjamin\Documents\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Benjamin\Documents\PartyPoker\RunApp.exe
Klik op 'Fix checked' om de items te verwijderen.
Download: RVAXO.exe (http://home.hetnet.nl/~stefsmeenk/RVAXO.exe)
Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
Je kunt het programma laten uitpakken naar je bureaublad.
Open nu de map RVAXO op je bureaublad en dubbelklik RVAXO.cmd
Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze zijn werk doen.
Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent.
Deze is eventueel ook hier te vinden: C:\RVAXO-results.log
Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.
Herstart je PC niet?
Laat RVAXO nog een keer lopen en post dan het nieuwe logje: C:\rvaxo-results.log
plaats ook een nieuw HJT logje aub.
|
|