Mededeling

Collapse
No announcement yet.

Virus? Spyware? Radeloze Noob zoekt hulp...

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Virus? Spyware? Radeloze Noob zoekt hulp...

    Hallo,

    Allereerst wil ik ff laten weten dat het geweldig is dat er zoiets is als deze site. Ben sinds zondagavond radeloos. Nieuwe laptop waarschijnlijk besmet met virus/spyware. Krijg met opstarten ( duurt zo'n 7-10 minuten )veel meldingen dat enkele run.dll niet zouden werken. Heb daarna, als complete NOOB gezocht en gezocht, maar heeft me niets gebracht. Heb inmiddels via 'ms config' kunnen achterhalen dat er enkele .dll files instaan die blijkbaar niet kloppen.
    Verder Gescand met:
    AVG 7.5,
    spybot s&d,
    AVG anti-virus en Ad-Aware
    en alles wat verdacht was verwijderd.
    Maar telkens als ik opstart weer datzelfde gedoe:
    'er is een fout opgetreden tijdens het laden van c:\users\frenk\appdata\local\temp\iifcy.dll' en nog enkele van dezelfde meldingen.Heb kunnen achterhalen dat deze alleen worden gemeld als ik defender enkele zaken laat blokkeren....kon anders niet meer online. Kon dat eerst ook wel maar explorer opende toen de ene na de andere pagina zonder dat ik het wilde: kaartspellen, online gokken, zogenaamde antispyware...op gegeven moment lieft 48! pagina's geopend.
    Kwam niet meer op google, hotmail, etc etc

    Ik heb hijackthis zijn werk laten doen en kreeg dan ook enkele foutmeldingen:

    for some reason your system denied write access to the Hosts file.
    if any hijacked domains are in this file, hijackthis may not be able to fix this...
    Daarna gaat ie verder en maakt volgende logfile:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:54:41, on 6-3-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\GRISOFT\AVG7\avgcc.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Windows\ehome\ehmsas.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
    C:\Program Files\GRISOFT\AVG7\avgwb.dat
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?NL (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-nl.cab
    O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
    O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 10855 bytes


    Ik hoop dat iemand me, met eenvoudige taal/uitleg kan helpen...ben hier niet goed in thuis...Any help is welcome

    Met vriendelijke groet,
    Frenk
    Last edited by Tallon 4; 18-03-08, 22:42.

  • #2
    Download Malwarebytes' Anti-Malware op je bureaublad.
    Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
    Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
    Druk daarna op "Finish".
    Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
    Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
    Druk dan op de knop "Start Scan".
    Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
    Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
    Als het programma je computer wil laten herstarten, sta je dit toe.
    Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
    Post deze log in je volgende bericht tesamen met een nieuw logje van Hijackthis

    Comment


    • #3
      Geweldig bedankt Smeenk! Ik ga ermee aan de slag...moet nu gaan werken helaas, maar ik meld me z.s.m. Thanks!!!

      edit: toch ff snel laten draaien: Wel te laat bij de baas, maar dat moet maar ff dan.
      Ik hoop dat ik het goed deed en jij er iets mee kunt
      resultaten:

      Malwarebytes' Anti-Malware 1.08
      Database versie: 503

      Scan type: Volledige Scan (C:\|E:\|)
      Objecten gescand: 120727
      Verstreken tijd: 53 minute(s), 47 second(s)

      Geheugenprocessen geïnfecteerd: 0
      Geheugenmodulen geïnfecteerd: 0
      Registersleutels geïnfecteerd: 2
      Registerwaarden geïnfecteerd: 2
      Registerdata bestanden geïnfecteerd: 0
      Mappen geïnfecteerd: 1
      Bestanden geïnfecteerd: 15

      Geheugenprocessen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Geheugenmodulen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Registersleutels geïnfecteerd:
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

      Registerwaarden geïnfecteerd:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Quarantined and deleted successfully.

      Registerdata bestanden geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Mappen geïnfecteerd:
      C:\Windows\System32\x64 (Trojan.Downloader) -> Quarantined and deleted successfully.

      Bestanden geïnfecteerd:
      C:\Users\frenk\AppData\Local\Temp\tmp00018d21 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\frenk\AppData\Local\Temp\tmp0001a17c (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\frenk\AppData\Local\Temp\tmp0001d299 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\frenk\AppData\Local\Temp\tmp00020f0d (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\frenk\AppData\Local\Temp\tmp000221f1 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\frenk\AppData\Local\Temp\tmp000223f4 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\frenk\AppData\Local\Temp\tmp0002f778 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\frenk\AppData\Local\Temp\tmp0003509e (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\frenk\AppData\Local\Temp\tmp0003669e (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\frenk\AppData\Local\Temp\tmp00037177 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\frenk\AppData\Local\Temp\tmp0003847a (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\frenk\AppData\Local\Temp\tmp00056824 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\frenk\AppData\Local\Temp\tmp0012cc53 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\frenk\AppData\Local\Temp\oprqr.ini (Heuristic.Malware) -> Quarantined and deleted successfully.
      C:\Users\frenk\AppData\Local\Temp\oprqr.ini2 (Heuristic.Malware) -> Quarantined and deleted successfully.


      Hijack This:
      meldt weer:

      for some reason your system denied write access to the Hosts file.
      if any hijacked domains are in this file, hijackthis may not be able to fix this...
      Daarna gaat ie verder en maakt volgende logfile:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:54:41, on 6-3-2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16609)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
      C:\Windows\System32\mobsync.exe
      C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
      C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
      C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
      C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\GRISOFT\AVG7\avgcc.exe
      C:\Windows\System32\igfxtray.exe
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Windows\system32\igfxsrvc.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Synaptics\SynTP\SynToshiba.exe
      C:\Windows\ehome\ehmsas.exe
      c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
      c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
      c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
      c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
      c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
      C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
      C:\Program Files\GRISOFT\AVG7\avgwb.dat
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
      O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
      O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
      O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
      O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
      O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
      O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
      O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
      O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
      O4 - Global Startup: Bluetooth Manager.lnk = ?
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?NL (file missing)
      O13 - Gopher Prefix:
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-nl.cab
      O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
      O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
      O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
      O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
      O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
      O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
      O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

      --
      End of file - 10855 bytes
      Last edited by Tallon 4; 19-03-08, 08:50.

      Comment


      • #4
        Download Combofix (mirror) naar je Bureaublad.
        Dubbelklik op Combofix.exe
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
        Plaats deze log in je volgende post.

        NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

        Comment


        • #5
          Hoi Smeenk...toch ff enkele uurtjes vrij genomen.
          Heb gedaan wat je vroeg.
          Resultaat zie beneden. Log verscheen meteen op scherm. Er was geen herstart.

          Bedankt alweer
          gr. Frenk

          ComboFix 08-03-18.1 - frenk 2008-03-19 13:14:54.1 - NTFSx86
          Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1082 [GMT 1:00]
          Gestart vanuit: C:\Users\frenk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XIAQ1KS8\ComboFix[1].exe
          * Nieuw herstelpunt werd aangemaakt
          .

          (((((((((((((((((((( Bestanden Gemaakt van 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))
          .

          Geen nieuwe bestanden aangemaakt in deze periode

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-03-19 05:50 --------- d-----w C:\Users\frenk\AppData\Roaming\Malwarebytes
          2008-03-19 05:49 --------- d-----w C:\Users\frenk\AppData\Roaming\Download Manager
          2008-03-19 05:49 --------- d-----w C:\ProgramData\Malwarebytes
          2008-03-19 05:49 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
          2008-03-18 19:59 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
          2008-03-18 16:32 --------- d-----w C:\Users\frenk\AppData\Roaming\AVG7
          2008-03-18 16:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
          2008-03-18 06:21 --------- d-----w C:\Program Files\CCleaner
          2008-03-17 20:13 --------- d-----w C:\Program Files\Alwil Software
          2008-03-16 22:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2008-03-16 22:21 --------- d-----w C:\ProgramData\Symantec
          2008-03-16 22:12 --------- d-----w C:\ProgramData\Avg7
          2008-03-16 22:02 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
          2008-03-16 22:02 --------- d-----w C:\ProgramData\Grisoft
          2008-03-16 20:45 --------- d-----w C:\Users\frenk\AppData\Roaming\Symantec
          2008-03-15 20:00 --------- d-----w C:\ProgramData\DVD Shrink
          2008-03-15 15:28 --------- d-----w C:\Program Files\Common Files\Adobe
          2008-03-13 12:15 --------- d-----w C:\Program Files\Windows Mail
          2008-03-13 12:10 --------- d-----w C:\ProgramData\Microsoft Help
          2008-03-06 19:08 --------- d-----w C:\ProgramData\Lavasoft
          2008-03-06 19:06 --------- d-----w C:\Program Files\Lavasoft
          2008-03-06 19:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
          2008-03-06 18:53 --------- d-----w C:\Program Files\Trend Micro
          2008-02-23 20:57 --------- d-----w C:\Program Files\NCH Swift Sound
          2008-02-14 13:01 194,560 ----a-w C:\Windows\System32\WebClnt.dll
          2008-02-14 13:01 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
          2008-02-14 12:51 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
          2008-02-14 12:51 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
          2008-02-14 12:51 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
          2008-02-14 12:51 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
          2008-02-14 12:51 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
          2008-02-14 12:51 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
          2008-02-14 12:51 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
          2008-02-14 12:48 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
          2008-02-14 12:48 24,064 ----a-w C:\Windows\System32\netcfg.exe
          2008-02-14 12:48 22,016 ----a-w C:\Windows\System32\netiougc.exe
          2008-02-14 12:48 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
          2008-02-14 12:48 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
          2008-02-14 12:47 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
          2008-02-14 12:47 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
          2008-02-14 12:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
          2008-02-14 12:47 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
          2008-02-14 12:47 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
          2008-02-14 12:47 1,686,528 ----a-w C:\Windows\System32\gameux.dll
          2008-02-14 12:34 824,832 ----a-w C:\Windows\System32\wininet.dll
          2008-02-14 12:34 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
          2008-02-14 12:34 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
          2008-02-14 12:33 56,320 ----a-w C:\Windows\System32\iesetup.dll
          2008-02-12 19:00 --------- d-----w C:\Program Files\DVD Shrink
          2008-02-12 16:55 --------- d-----w C:\ProgramData\CyberLink
          2008-02-10 17:47 --------- d-----w C:\Users\frenk\AppData\Roaming\MixMeister Technology
          2008-02-10 17:47 --------- d-----w C:\Program Files\MixMeister Express 6
          2008-02-08 19:24 --------- d-----w C:\Users\frenk\AppData\Roaming\RegistrySmart
          2008-01-10 06:00 11,776 ----a-w C:\Windows\System32\sbunattend.exe
          2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
          2007-10-03 17:27 174 --sha-w C:\Program Files\desktop.ini
          2007-12-15 19:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.da t
          2007-12-15 19:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
          2007-12-15 19:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 07:00 1232896]
          "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 10:57 413696]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-03 18:12 171448]
          "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
          "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]
          "LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 14:41 145496]
          "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]
          "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-03 18:18 1006264]
          "RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 14:46 4349952 C:\Windows\RtHDVCpl.exe]
          "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 23:16 411768]
          "HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416]
          "SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-02-06 14:21 509496]
          "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 13:46 534648]
          "KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 17:14 34352]
          "HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 08:06 413696]
          "NDSTray.exe"="NDSTray.exe"
          "topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 14:10 577536]
          "Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 13:25 1507328]
          "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-13 09:40 90191]
          "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-13 09:40 7766016]
          "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-13 09:40 81920]
          "SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 21:42 438272]
          "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-11 15:21 180224]
          "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 15:00 571024]
          "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
          "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 20:01 71216]
          "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
          "!AVG Anti-Spyware"="C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
          "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-24 19:54 141848]
          "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-24 19:54 154136]
          "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-24 19:54 129560]
          "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 06:00 204800]
          "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
          "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
          "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-16 23:02 579072]
          "MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 10:45 222208]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-16 23:02 219136]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
          avgwlntf.dll 2008-03-16 23:02 9216 C:\Windows\System32\avgwlntf.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00d2c854]
          C:\Users\frenk\AppData\Local\Temp\dghjpkih.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM03e1fbc8]
          C:\Users\frenk\AppData\Local\Temp\tdhcdntj.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
          C:\Users\frenk\AppData\Local\Temp\iiiff.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MS Juan]
          C:\Users\frenk\AppData\Local\Temp\botrahrs.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
          C:\Users\frenk\AppData\Local\Temp\ljjgd.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
          "DisableMonitoring"=dword:00000001

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
          "DisableMonitoring"=dword:00000001

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
          "DisableMonitoring"=dword:00000001

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
          "TCP Query User{B76395AC-FAA7-46EE-BB78-3A6A6A6CC99B}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
          "UDP Query User{673A9159-0AE0-4BF7-976A-73C24C1F3472}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
          "{063603E6-FCE3-4C66-B25F-1A966485FA02}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
          "{6763A149-D2E7-43DD-B2F9-C07C885D60CB}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
          "{1528149A-E00F-44D7-8D5B-CC3E7923B831}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
          "{6A5646C1-98C1-4A0C-A997-84989CE914C5}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
          "{F39DBE88-A232-4B75-9525-006FBB757FA7}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
          "{2E774B71-D8E7-4811-A8B2-47FB18CDF857}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
          "{FCF22559-DF56-4F4A-82EB-0735B610B80C}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
          "{E773C4B5-62B8-470A-942B-F6A1D9F7AF24}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
          "{398101E7-B877-4816-BA80-DCD99E6D6376}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
          "{3AA35D84-05C2-4F61-A710-7302B57E4D39}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
          "{565485C8-CB9B-4B30-929B-A0D442EEC67B}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
          "{ED05B29C-11AB-40EE-B5E8-8DC43006862D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
          "{F7670C43-BAD7-4D32-8CAF-F77F1A42E62B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
          "{8F4160D8-B157-493F-85A0-D4BAE7F321F3}"= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
          "TCP Query User{D302747B-5373-451B-9F53-3F463A535194}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
          "UDP Query User{014086CC-DB10-4855-8EB0-F78353580056}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
          "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

          R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 16:25]
          R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]
          R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
          R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 14:56]
          R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-07-14 04:30]
          R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-24 19:39]
          R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50]
          R3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 16:32]
          S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 15:40]
          S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 15:47]

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-03-19 05:45:26 C:\Windows\Tasks\User_Feed_Synchronization-{98F7D977-C1F3-4587-AAE3-19BDEA64E987}.job"
          - C:\Windows\system32\msfeedssync.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-03-19 13:17:38
          Windows 6.0.6000 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          HKCU\Software\Microsoft\Windows\CurrentVersion\Run
          TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????I?Rh???8???`????????????

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          --------------------- DLLs Geladen Onder Lopende Processen ---------------------

          PROCESS: C:\Windows\Explorer.exe
          -> C:\Program Files\IDM\Desktop SMS\oehook.dll
          .
          Voltooingstijd: 2008-03-19 13:18:45
          .
          2008-03-19 12:11:24 --- E O F ---

          Comment


          • #6
            1) Open een kladblokbestand.
            2) Kopieer onderstaande code in dit kladblokbestand.
            3) Ga naar Bestand - Opslaan als.
            -Bij "Opslaan in" kies je: Bureaublad
            -Bij "Bestandsnaam" zet je: fix.reg
            -Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            -Klik op de knop Opslaan.
            Code:
            REGEDIT4
            
            [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00d2c854]
            [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM03e1fbc8]
            [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
            [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MS Juan]
            [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
            4) Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.


            Open een klablokbestand.
            Kopieer onderstaande code in dit kladblokbestand.
            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.
            Code:
            C:\Users\frenk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XIAQ1KS8\ComboFix[1].exe /u
            Dubbelklik daarna op del.bat

            Als het goed is krijg je een melding dat Combofix uninstalled is.

            Comment


            • #7
              Hoi Smeenk,
              Alles uitgevoerd...maar de melding na dubbelklikken del.bat gaat zo snel dat ik niet kan lezen wat er staat. Komt soort zwart venstertje dat razendsnel verdwijnt.
              Verder:
              - Heb defender nog steeds enkele zaken laten blokkeren...moet daar nog iets mee?
              - de rundll meldingen zijn weg

              groet,
              Frenk

              Comment


              • #8
                Oorspronkelijk geplaatst door smeenk Bekijk Berichten
                Download Combofix (mirror) naar je Bureaublad.
                ninstall ook niet.

                Alsnog Combofix op je bureaublad zetten en dan bij Start - Uitvoeren
                Combofix /u ingeven zou dan moeten werken.

                Wat heb je via Defender geblokkeerd dan?

                Comment


                • #9
                  Oorspronkelijk geplaatst door smeenk Bekijk Berichten
                  ninstall ook niet.
                  Kan het ff niet volgen Smeenk. Zou je het iets anders kunnen formuleren?
                  Verder:
                  Combofix nogmaals gedownload en op bureaublad gezet, maar geeft melding
                  'kan bestand combofix niet vinden.....'terwijl het wel op bureaublad staat.

                  Via defender had ik enkele dingen geblokkeerd. ( opstartwaarde weergegeven )
                  Rundll32.exe c:users\frenk\appdata\local\temp\nxtnpovq.dll,s
                  Rundll32.exe c:users\frenk\appdata\local\temp\awttu.dll,c

                  Hij geeft nog steeds die melding omdat enkele bestanden, wellicht op mijn verzoek worden, worden geblokkeerd. Kan ik die blokkering opheffen?

                  Thanks

                  Comment


                  • #10
                    Blijkbaar wat van mijn getypte tekst weggevallen

                    Probeer dit:

                    Download ATF cleaner (mirror)(gemaakt door Atribune)

                    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                    Dubbelklik op ATF cleaner om het programma te starten.
                    Op het tabblad "Main", plaats je een vinkje bij Select All.
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook FireFox als browser hebt:
                    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook Opera als browser hebt:
                    Klik op tabblad "Opera", plaats een vinkje bij Select All.
                    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    Klik op de knop Empty Selected.
                    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                    Ga naar Start - Uitvoeren en geef hier het volgende in:
                    Combofix /U
                    Druk daarna op OK.
                    Let op: Er moet een spatie tussen Combofix en /U zitten.

                    Dit zal Combofix deïnstalleren.

                    Comment


                    • #11
                      Klopt maar maakt niet uit! Ben al dolblij dat iemand me
                      helpt. Combofix nu wel weg

                      Wat kan ik verder met die defender blokkeringen doen?
                      En....kunnen die fix.reg en del.bat weg?

                      groetjes
                      Frenk

                      edit: mij afbeeldingen ( had een foto van mijn kids op bureaublad ) worden niet meer weergegeven. Alles is zwart. Ook als ik afbeeldingen aanklik zie ik geen foto's. Klik in op de bestandsnaam, dan weer wel
                      Maar als ik vervolgens kies 'als bureauachtergrond gebruiken'......weer zwart
                      Zou het eraan kunnen liggen dat ik combofix 2x heb laten runnen???
                      Last edited by Tallon 4; 19-03-08, 16:55.

                      Comment


                      • #12
                        Hef die blokkeringen van Windows Defender maar op, post daarna een nieuw logje van Hijackthis

                        Comment


                        • #13
                          Zal ik doen
                          PC nog steeds gigantisch traag trouwens...in mijn herinnering ( heb hem nog niet zo lang ) was hij veel sneller. Zijn dit naweeen van het virus?

                          gr
                          Frenk

                          Logfile of Trend Micro HijackThis v2.0.2
                          Scan saved at 19:54:41, on 6-3-2008
                          Platform: Windows Vista (WinNT 6.00.1904)
                          MSIE: Internet Explorer v7.00 (7.00.6000.16609)
                          Boot mode: Normal

                          Running processes:
                          C:\Windows\system32\Dwm.exe
                          C:\Windows\Explorer.EXE
                          C:\Windows\system32\taskeng.exe
                          C:\Program Files\Windows Defender\MSASCui.exe
                          C:\Windows\RtHDVCpl.exe
                          C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
                          C:\Windows\System32\mobsync.exe
                          C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
                          C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
                          C:\Program Files\Internet Explorer\ieuser.exe
                          C:\Program Files\Internet Explorer\iexplore.exe
                          C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
                          C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
                          C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
                          C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
                          C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                          C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
                          C:\Windows\System32\rundll32.exe
                          C:\Program Files\GRISOFT\AVG7\avgcc.exe
                          C:\Windows\System32\igfxtray.exe
                          C:\Windows\System32\hkcmd.exe
                          C:\Windows\System32\igfxpers.exe
                          C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                          C:\Windows\system32\igfxsrvc.exe
                          C:\Program Files\Windows Sidebar\sidebar.exe
                          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                          C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
                          C:\Windows\ehome\ehtray.exe
                          C:\Program Files\DAEMON Tools\daemon.exe
                          C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
                          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
                          C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
                          C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
                          C:\Program Files\Synaptics\SynTP\SynToshiba.exe
                          C:\Windows\ehome\ehmsas.exe
                          c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
                          c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
                          c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
                          c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
                          c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
                          C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
                          C:\Program Files\GRISOFT\AVG7\avgwb.dat
                          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                          O1 - Hosts: ::1 localhost
                          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                          O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
                          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
                          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                          O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                          O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
                          O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
                          O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
                          O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
                          O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
                          O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
                          O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
                          O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
                          O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
                          O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
                          O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
                          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
                          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
                          O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
                          O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
                          O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
                          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
                          O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                          O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
                          O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
                          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                          O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
                          O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
                          O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
                          O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
                          O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                          O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
                          O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                          O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
                          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
                          O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                          O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
                          O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
                          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                          O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                          O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                          O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
                          O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                          O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
                          O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
                          O4 - Global Startup: Bluetooth Manager.lnk = ?
                          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
                          O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                          O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                          O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?NL (file missing)
                          O13 - Gopher Prefix:
                          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-nl.cab
                          O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
                          O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
                          O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
                          O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
                          O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
                          O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                          O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
                          O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
                          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
                          O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
                          O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
                          O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
                          O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
                          O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
                          O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
                          O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

                          --
                          End of file - 10855 bytes

                          Comment


                          • #14
                            Probeer dit eens:

                            Comment


                            • #15
                              Hoi Smeenk,
                              Volgens de link moet ik dit doen:

                              1. Klik in het menu Extra op Internet-opties.
                              2. Klik op het tabblad Geavanceerd op Reset.
                              3. Klik in het dialoogvenster Reset Internet Explorer Settings op Reset.
                              4. Wanneer de standaardinstellingen van Internet Explorer 7 zijn hersteld, klikt u op Sluiten en vervolgens tweemaal op OK.
                              5. Sluit Internet Explorer 7. De wijzigingen worden doorgevoerd wanneer u Internet Explorer 7 de volgende keer opent.

                              Als ik het doe krijg ik bij 2 de volgende opties bij geavanceerd...een heleboel dingen die ik uit en aan kan vinken en de opties:
                              -geavanceerde instellingen herstellen ( pc reageert niet daarop )
                              -opnieuw instellen. Daar heb ik vervolgens op gedrukt, programmaatje wordt afgewerkt en explorer start met standaardinstellingen, maar nog steeds geen afbeeldingen te zien.

                              Is zo'n beetje onstaan na gebruik van combifix denk ik

                              groetjes,
                              Frenk

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X