[durial666]

Ik blijf dit vak weergegeven wanneer ik via een zoals Mijn documenten of computer, enz. ... Ook verschijnen wanneer ik IE, maar niet wanneer ik gebruik Firefox. Ik heb verschillende programma's gebruikt en toch nog steeds kijkt uit. Zou het misschien een rootkit (hoop van niet).



Mijn Logs: --

ESET Online Scanner
# Version = 4
# OnlineScanner.ocx = 1.0.0.56
# OnlineScannerDLLA.dll = 1, 0, 0, 51
# OnlineScannerDLLW.dll = 1, 0, 0, 51
# OnlineScannerUninstaller.exe = 1, 0, 0, 49
# Vers_standard_module = 2836 (20080130)
# Vers_arch_module = 1,063 (20080117)
# Vers_adv_heur_module = 1,060 (20070601)
# EOSSerial = 86fa0ec02340bf40b27cfd3ccc323dee
# End = klaar
# Remove_checked = true
# Unwanted_checked = true
# Utc_time = 2008-01-31 02:29:31
# Local_time = 2008-01-31 02:29:31 (+0000, GMT Standard Time)
# Country = "Verenigd Koninkrijk"
# OSVer = 6.0.6000 NT
Gescande = # 306177
# Gevonden = 0
# Scan_time = 8875

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Gegenereerd 01.31.2008 om 02:32

Toepassing Versie: 3-9-1008

Core Rules Database Version: 3391
Trace Rules Database Version: 1383

Scan type: Volledige Scan
Total Scan Time: 02:21:07

Geheugen gescande items: 834
Geheugen bedreigingen gedetecteerd: 0
Register objecten gescand: 7637
Griffie bedreigingen gedetecteerd: 0
Bestand objecten gescand: 66364
Bestand bedreigingen gedetecteerd: 6

Adware.Tracking Cookie
C: \ Users \ Chris \ AppData \ Roaming \ Microsoft \ Windows \ C ookies \ chris @ tribalfusion [2]. Txt
C: \ Users \ Chris \ AppData \ Roaming \ Microsoft \ Windows \ C ookies \ chris@adopt.euroclick [2]. Txt

Trojan.Media-Codec/V5-Intaller
C: \ Users \ Chris \ Desktop \ INSTALL_PLAYER_3912994 (2). E XE
C: \ Users \ Chris \ Desktop \ INSTALL_PLAYER_3912994.EXE
C: \ Windows \ Prefetch \ INSTALL_PLAYER_3912994 (2). EXE-03357FA6.pf
C: \ Windows \ Prefetch \ INSTALL_PLAYER_3912994.EXE-9E95D8EF.pf

HijackThis

Logbestand van Trend Micro HijackThis v2.0.2
Scan saved at 12:05:19, op 31/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Draaiende processen:
C: \ Windows \ System32 \ Smss.exe
C: \ Windows \ system32 \ Csrss.exe
C: \ Windows \ system32 \ wininit.exe
C: \ Windows \ system32 \ Csrss.exe
C: \ Windows \ system32 \ Services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ lsm.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ Microsoft.Net \ Framework \ v3.0 \ WPF \ Presen tationFontCache.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ System32 \ svchost.exe
C: \ Windows \ System32 \ svchost.exe
C: \ Windows \ System32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ SLsvc.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ Windows \ System32 \ Spoolsv.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ explorer.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Windows \ RtHDVCpl.exe
C: \ Program Files \ TOSHIBA \ Power Saver \ TPwrMain.exe
C: \ Program Files \ TOSHIBA \ SmoothView \ SmoothView.exe
C: \ Program Files \ TOSHIBA \ Flitswoorden \ TCrdMain.exe
C: \ Program Files \ a-kwadraat Anti-Malware \ a2service.exe
C: \ Windows \ system32 \ agrsmsvc.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ TODDSrv.exe
C: \ Program Files \ TOSHIBA \ Power Saver \ TosCoSrv.exe
c: \ Program Files \ Toshiba \ Bluetooth Toshiba Stack \ TosBtSrv.exe
C: \ Program Files \ Common Files \ Ulead Systems \ DVD \ ULCDRSvr.exe
C: \ Windows \ System32 \ svchost.exe
C: \ Windows \ system32 \ SearchIndexer.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Program Files \ TOSHIBA \ Utilities \ KeNotify.exe
C: \ Program Files \ TOSHIBA \ ConfigFree \ NDSTray.exe
C: \ Program Files \ TOSHIBA \ Toshiba Online Product Information \ TOPI.exe
C: \ Program Files \ IDM \ Desktop SMS \ DesktopSMS.exe
C: \ Program Files \ Synaptics \ SynTP \ Syntpenh.exe
C: \ Program Files \ TOSHIBA \ Registration \ ToshibaRegistration.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashDisp.exe
C: \ Program Files \ Camera Assistant Software for Toshiba \ traybar.exe
C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ Launch
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ a-squared Anti-Malware \ a2guard.exe
C: \ Program Files \ Windows Sidebar \ sidebar.exe
C: \ Program Files \ TOSHIBA \ TOSCDSPD \ TOSCDSPD.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Windows \ ehome \ ehtray.exe
C: \ Windows \ system32 \ wbem \ wmiprvse.exe
C: \ Program Files \ Veoh Networks \ Veoh \ VeohClient.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Fantastic Flame Screensaver \ FantasticFlameAgent.exe
C: \ Windows \ ehome \ ehmsas.exe
C: \ Windows \ System32 \ rundll32.exe
C: \ Program Files \ Synaptics \ SynTP \ SynToshiba.exe
C: \ Program Files \ Camera Assistant Software for Toshiba \ CEC_MAIN.exe
C: \ Program Files \ Windows Sidebar \ sidebar.exe
C: \ Program Files \ PC Connectivity Solution \ ServiceLayer.exe
C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSwMgr.exe
C: \ Program Files \ Windows Mail \ WinMail.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ MSN Messenger \ usnsvc.exe
C: \ Program Files \ Microsoft Office \ Office11 \ WINWORD.EXE
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Windows \ system32 \ msiexec.exe
C: \ Program Files \ PrevxCSI \ prevxcsi.exe
C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe
C: \ Windows \ System32 \ svchost.exe
C: \ Windows \ system32 \ SearchProtocolHost.exe
C: \ Windows \ system32 \ SearchFilterHost.exe
C: \ Program Files \ Trend Micro \ HijackThis \ Sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.altavista.com/audio/default
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokale
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O1 - Hosts::: 1 localhost
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: MegaUpload Toolbar - (4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C) - C: \ PROGRA ~ 1 \ MEGAUP ~ 1 \ MEGAUP ~ 1.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: (geen naam) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (geen file)
O2 - BHO: Speler - (83FD1F86-B40A-41EE-8512-929F005ED2A8) - C: \ Windows \ orgnavi.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O3 - Toolbar: MegaUpload Toolbar - (4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C) - C: \ PROGRA ~ 1 \ MEGAUP ~ 1 \ MEGAUP ~ 1.dll
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM \ .. \ Run: [TPwrMain]% ProgramFiles% \ TOSHIBA \ Power Saver \ TPwrMain.EXE
O4 - HKLM \ .. \ Run: [HSON]% ProgramFiles% \ TOSHIBA \ TBS \ HSON.exe
O4 - HKLM \ .. \ Run: [SmoothView]% ProgramFiles% \ Toshiba \ SmoothView \ SmoothView.exe
O4 - HKLM \ .. \ Run: [00TCrdMain]% ProgramFiles% \ TOSHIBA \ Flitswoorden \ TCrdMain.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ Program Files \ TOSHIBA \ Utilities \ KeNotify.exe
O4 - HKLM \ .. \ Run: [hwsetup] "C: \ Program Files \ TOSHIBA \ Utilities \ HWSetup.exe hwsetup
O4 - HKLM \ .. \ Run: [SVPWUTIL] "C: \ Program Files \ TOSHIBA \ Utilities \ SVPWUTIL.exe SVPwUTIL
O4 - HKLM \ .. \ Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM \ .. \ Run: [Topi] C: \ Program Files \ TOSHIBA \ Toshiba Online Product Information \ topi.exe-startup
O4 - HKLM \ .. \ Run: [Desktop SMS] C: \ Program Files \ IDM \ Desktop SMS \ DesktopSMS.exe / auto
O4 - HKLM \ .. \ Run: [NvSvc] RUNDLL32.EXE C: \ Windows \ system32 \ nvsvc.dll, nvsvcStart
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ Syntpenh.exe
O4 - HKLM \ .. \ Run: [Toshiba Registration] C: \ Program Files \ Toshiba \ Registration \ ToshibaRegistration.exe
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [Camera Assistant Software] "C: \ Program Files \ Camera Assistant Software for Toshiba \ traybar.exe"
O4 - HKLM \ .. \ Run: [PCSuiteTrayApplication] C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ LaunchApplication.exe-startup
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [a-squared] "C: \ Program Files \ a-squared Anti-Malware \ a2guard.exe" / d = 60
O4 - HKLM \ .. \ Run: [PrevxCSI] "C: \ Program Files \ PrevxCSI \ prevxcsi.exe"-boot
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [Sidebar] C: \ Program Files \ Windows Sidebar \ sidebar.exe / autorun
O4 - HKCU \ .. \ Run: [TOSCDSPD] C: \ Program Files \ TOSHIBA \ TOSCDSPD \ TOSCDSPD.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ MSN Messenger \ MsnMsgr.Exe" / achtergrond
O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe
O4 - HKCU \ .. \ Run: [Veoh] "C: \ Program Files \ Veoh Networks \ Veoh \ VeohClient.exe" / VeohHide
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Nokia.PCSync] C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Nokia.PCSync] C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog (User 'Default user')
O4 - Global Startup: Fantastic Flame Agent.lnk = C: \ Program Files \ Fantastic Flame Screensaver \ FantasticFlameAgent.exe
O8 - Extra context menu item: E & xporteren naar Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 3 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: (geen naam) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ npjpi160_04.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ npjpi160_04.dll
O9 - Extra button: Verzenden naar OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MICROS ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & einde aan OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MICROS ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Onderzoek - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 3 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: eBay - (C08CAF1D-C0A3-40D5-9970-06D067EAC017) -- http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN (ontbreekt)
O9 - Extra button: (geen naam) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Program Files \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (5C051655-FCD5-4969-9182-770EA5AA5565) (Solitaire Showdown Class) -- http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl Class) -- http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D4323BF2-006A-4440-a2f5-27E3E7AB25F8) (Virtools WebPlayer Class) -- http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Flags Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8) (GoPetsWeb Control) -- https: / / secure.gopetslive.com / dev / GoPetsWeb.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: a-kwadraat Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C: \ Program Files \ a-kwadraat Anti-Malware \ a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C: \ Windows \ system32 \ agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: # # Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 # # (Bonjour Service) - Apple Computer, Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA Corporation - C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe
O23 - Service: Symantec Lic Netconnect service (CLTNetCnService) - Onbekende eigenaar - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C: \ Program Files \ PC Connectivity Solution \ ServiceLayer.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C: \ Windows \ system32 \ TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C: \ Program Files \ TOSHIBA \ Power Saver \ TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA Corporation - C: \ Program Files \ Toshiba \ Bluetooth Toshiba Stack \ TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc - C: \ Program Files \ Common Files \ Ulead Systems \ DVD \ ULCDRSvr.exe

--
End of file - 14403 bytes

Ik ga voeg een paar logs van andere programma's aan: --

A-Squared

a-squared Anti-Malware - Versie 3.1
Laatste update: 31/01/2008 01:16:41

Scan-instellingen:

Objecten: Geheugen, Sporen, Cookies, C: \, E: \
Scan archieven: Aan
Heuristiek: On
ADS Scan: On

Scan start: 31/01/2008 01:46:59

C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 43 gedetecteerd: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 72 gedetecteerd: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 80 gedetecteerd: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 161 gedetecteerd: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 162 gedetecteerd: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 167 gedetecteerd: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 181 gedetecteerd: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 210 gedetecteerd: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 282 gedetecteerd: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 283 gedetecteerd: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 338 gedetecteerd: Trace.TrackingCookie
C: \ Program Files \ DarkandLight \ Launcher.exe gedetecteerd: Trojan-Spy.Win32.Banker.gez

Gescande

Files: 160756
Sporen: 296173
Cookies: 381
Processen: 87

Gevonden

Files: 1
Sporen: 0
Cookies: 11
Processen: 0
Registersleutels: 0

Scan einde: 31/01/2008 04:13:41
Scan tijd: 2:26:42

C: \ Program Files \ DarkandLight \ Launcher.exe geschrapt: Trojan-Spy.Win32.Banker.gez
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 43 geschrapt: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 72 geschrapt: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 80 geschrapt: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 161 geschrapt: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 162 geschrapt: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 167 geschrapt: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 181 geschrapt: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 210 geschrapt: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 282 geschrapt: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 283 geschrapt: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ xqe1wgaj.default \ cookies.txt: 338 geschrapt: Trace.TrackingCookie

geschrapt:

Files: 1
Sporen: 0
Cookies: 11

Bij gebruik Spybot S & D Ik krijg steeds hetzelfde probleem

[evilfantasy]

Welkom bij TCF.


Downloaden SmitfraudFix (door S! Ri) op uw bureaublad.

• Extract alle bestanden op uw Destop.
• Een map met de naam SmitfraudFix zal worden gemaakt op uw bureaublad.

[list]

LEES AL DEZE INSTRUCTIES VOOR EERSTE DOING ANYTHING. Stel vragen die je kan hebben voordat u begint.

U kunt deze uitprinten of kopiëren en plakken naar notepad en sla het op naar het bureaublad als u niet in staat zal zijn om deze pagina in de veilige modus

• Alsjeblieft herstart de computer in de Veilige modus door op de F8-toets net voordat Windows begint te laden en het selecteren van de Veilige modus.

• Open de SmitfraudFix map op het bureaublad en dubbelklik op smitfraudfix.cmd bestand om te beginnen met het hulpprogramma.

• Kies optie # 2 - Schone door 2 en druk op Voer.

• Het programma zal beginnen met het reinigen van uw computer en ga via een reeks cleanup processen. Wachten op de tool in te vullen en schijf opschonen om af te sluiten.
  • Dit proces kan enige tijd duren, afhankelijk van uw computer, dus even geduld.
• Als het voltooid is, zal het automatisch sluiten en u moet doorgaan met de volgende stap.

• U wordt gevraagd: "Griffie reinigen - Wilt u het register schoon? "Antwoord Ja door Y en druk op Voer.

• De tool zal ook controleren of Wininet.dll is geïnfecteerd. Als het is besmet en een schone versie is gevonden, wordt u gevraagd ter vervanging van het besmette Wininet.dll met de schone bestand.
• Antwoord Ja op de vraag "Vervang besmet bestand?"Door te typen Y en druk op Voer.

Een herstart kan nodig zijn om het reinigingsproces. Het rapport kan worden gevonden op de root van de drive-systeem, meestal op C: \ rapport.txt

Voorgestelde Stap:

• Te herstellen en beperkte site Vertrouwde zone, selecteert u 3 en druk op Voer.

• U wordt gevraagd: Herstellen Vertrouwde Zone? antwoord Y (ja) en druk Voer het verwijderen van vertrouwde zone.

• Nu opnieuw opstarten in de normale modus en post deze nieuwe rapport.txt in de volgende post.

• WAARSCHUWING Het draaien van deze optie op een niet geïnfecteerde computer zal het bureaublad achtergrond. Dus slechts een keer!

----------

Volgende run een nieuwe HijackThis scan en post het log.

----------

Volgende bericht aub
SmitfraudFix log
Nieuw HijackThis log