antivirus.startpagina.nl

Hijack this logjes van al onze accounts

  • Anonymous avatar

    drive

    Account 1:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 13:52:59, on 7-3-2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    C:\WINDOWS\system32\CTsvcCDA.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\SPAMfighter\sfus.exe

    C:\WINDOWS\System32\wbem\unsecapp.exe

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\System32\wbem\wmiprvse.exe

    C:\WINDOWS\system32\WgaTray.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\Mixer.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Program Files\Winamp\winampa.exe

    C:\Program Files\SPAMfighter\SFAgent.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    C:\Program Files\MSN Messenger\msnmsgr.exe

    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

    C:\WINDOWS\system32\sol.exe

    C:\Program Files\Microsoft Office\Office\WINWORD.EXE

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1.5FO\STREAM~1\ARCURL~1.DLL

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll

    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O4 - HKLM\..\Run: Mixer.exe /startup

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: nwiz.exe /install

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: “C:\Program Files\Winamp\winampa.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

    O4 - HKLM\..\Run: “C:\Program Files\SPAMfighter\SFAgent.exe” update delay 60

    O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”

    O4 - HKLM\..\Run: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    O4 - HKLM\..\Run: C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

    O4 - HKLM\..\Run: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    O4 - HKCU\..\Run: “C:\Program Files\MSN Messenger\msnmsgr.exe” /background

    O4 - HKCU\..\Run: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Lokale service’)

    O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Netwerkservice’)

    O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

    O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=27986

    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab

    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

    O24 - Desktop Component 0: (no name) - http://onlinesoccermanager.nl/images/front/maintitle.gif

    End of file - 6450 bytes

    Account 2

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 14:13:15, on 7-3-2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    C:\WINDOWS\system32\CTsvcCDA.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\SPAMfighter\sfus.exe

    C:\WINDOWS\System32\wbem\unsecapp.exe

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\System32\wbem\wmiprvse.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\system32\WgaTray.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\Mixer.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Program Files\Winamp\winampa.exe

    C:\Program Files\SPAMfighter\SFAgent.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

    C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    C:\Program Files\MSN Messenger\msnmsgr.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Spyware Doctor\swdoctor.exe

    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

    C:\WINDOWS\system32\msiexec.exe

    C:\Program Files\MSN Messenger\usnsvc.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Microsoft Office\Office\WINWORD.EXE

    C:\WINDOWS\msagent\AgentSvr.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1.5FO\STREAM~1\ARCURL~1.DLL

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll

    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O4 - HKLM\..\Run: Mixer.exe /startup

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: nwiz.exe /install

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: “C:\Program Files\Winamp\winampa.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

    O4 - HKLM\..\Run: “C:\Program Files\SPAMfighter\SFAgent.exe” update delay 60

    O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”

    O4 - HKLM\..\Run: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    O4 - HKLM\..\Run: C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

    O4 - HKLM\..\Run: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    O4 - HKCU\..\Run: “C:\Program Files\MSN Messenger\msnmsgr.exe” /background

    O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: “C:\Program Files\Spyware Doctor\swdoctor.exe” /Q

    O4 - HKCU\..\Run: “C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe”

    O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Lokale service’)

    O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Netwerkservice’)

    O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

    O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

    O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=27986

    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab

    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

    End of file - 7058 bytes

    Account 3:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 13:57:30, on 7-3-2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    C:\WINDOWS\system32\CTsvcCDA.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\SPAMfighter\sfus.exe

    C:\WINDOWS\System32\wbem\unsecapp.exe

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\System32\wbem\wmiprvse.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\system32\WgaTray.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\Mixer.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Program Files\Winamp\winampa.exe

    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    C:\Program Files\SPAMfighter\SFAgent.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\MSN Messenger\msnmsgr.exe

    C:\Program Files\Spyware Doctor\swdoctor.exe

    C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

    C:\WINDOWS\system32\msiexec.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1.5FO\STREAM~1\ARCURL~1.DLL

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll

    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O4 - HKLM\..\Run: Mixer.exe /startup

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: nwiz.exe /install

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: “C:\Program Files\Winamp\winampa.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

    O4 - HKLM\..\Run: “C:\Program Files\SPAMfighter\SFAgent.exe” update delay 60

    O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”

    O4 - HKLM\..\Run: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    O4 - HKLM\..\Run: C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

    O4 - HKLM\..\Run: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: “C:\Program Files\MSN Messenger\msnmsgr.exe” /background

    O4 - HKCU\..\Run: C:\Program Files\IncrediMail\bin\IncMail.exe /c

    O4 - HKCU\..\Run: “C:\Program Files\Spyware Doctor\swdoctor.exe” /Q

    O4 - HKCU\..\Run: “C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe”

    O4 - HKCU\..\Run: “C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe”

    O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Lokale service’)

    O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Netwerkservice’)

    O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

    O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=27986

    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab

    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

    End of file - 6754 bytes

    Account 4:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 14:04:05, on 7-3-2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    C:\WINDOWS\system32\CTsvcCDA.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\SPAMfighter\sfus.exe

    C:\WINDOWS\System32\wbem\unsecapp.exe

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\System32\wbem\wmiprvse.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\system32\WgaTray.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\Mixer.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Program Files\Winamp\winampa.exe

    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    C:\Program Files\SPAMfighter\SFAgent.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    C:\Program Files\MSN Messenger\msnmsgr.exe

    C:\Program Files\Spyware Doctor\swdoctor.exe

    C:\WINDOWS\system32\msiexec.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onlinesoccermanager.nl/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1.5FO\STREAM~1\ARCURL~1.DLL

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll

    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O4 - HKLM\..\Run: Mixer.exe /startup

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: nwiz.exe /install

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: “C:\Program Files\Winamp\winampa.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

    O4 - HKLM\..\Run: “C:\Program Files\SPAMfighter\SFAgent.exe” update delay 60

    O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”

    O4 - HKLM\..\Run: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    O4 - HKLM\..\Run: C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

    O4 - HKLM\..\Run: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    O4 - HKCU\..\Run: “C:\Program Files\MSN Messenger\msnmsgr.exe” /background

    O4 - HKCU\..\Run: C:\Program Files\IncrediMail\bin\IncMail.exe /c

    O4 - HKCU\..\Run: “C:\Program Files\Spyware Doctor\swdoctor.exe” /Q

    O4 - HKCU\..\Run: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: “C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe”

    O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Lokale service’)

    O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Netwerkservice’)

    O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

    O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=27986

    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab

    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/CHRIST~1/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg

    O24 - Desktop Component 1: (no name) - http://www.tweakers.net/ext/f/53696/full.jpg

    End of file - 6819 bytes

  • Anonymous avatar

    Teaser

    Waarom niet in je eigen topic blijven.

    Nu moeten we weer vragen wat het probleem is en waar is het mbam log

  • Anonymous avatar

    drive

    Omdat ik had gelezen dat er steeds een nieuw logje in een nieuw bericht moest.

    Maar hier komen de gegevens waar je om vroeg.

    Nou, het is zo dat ik heb gedaan wat er is aangeraden en ik heb dus niet opgeschreven welke virussen er zijn gevonden. Ik weet alleen dat het 2 trojans waren en er zat er 1 in bearshare.

    Mijn problemen zijn de volgende:

    - we hebben 4 gebruikersaccounts en windows xp. Onze wallpapers zijn weg en in plaats daarvan hebben we allemaal een zwart beeld. Als je een wallpaper erop zet en je start de volgende keer de computer op, heb je weer vrolijk een zwart beeld.

    - Regelmatig kunnen bladzijden niet gevonden worden met de 1e keer. Wel als je het voor de 2e, 3e of zelfs 4e keer probeert. Het geldt vooral voor de hotmail pagina.

    - We hebben problemen met internetpagina's. Als je wilt leren blindtypen, dan typ ik sneller dan er letters verdwijnen, er is een pagina voor de helft zwart en de rechterhelft is wit. Alles in het zwarte gedeelte is onleesbaar.

    - Ik kan soms geen programma's openen omdat niet bekend is met welk programma dat gemaakt is.

    - Onze MP3 spelers kunnen op een één of andere manier niet meer gevonden worden. ze worden niet meer herkend door de computer.

    - De C- schijf zit bijna volledig vol. Het maakt niet uit of ik programma's verwijder of een schijfopruiming doe, of met een cleanprogramma de computer opschoon, er wordt heel weinig schijfruimte vrijgemaakt.

    - Onze word begint nu ook al problemen op te leveren. Als je een verhaal typt, dan gaan sommige regels aan de rechterkant een stukje omhoog, zodat het onleesbaar wordt. Als je soms op enter drukt, dan springt het lettertype opeens op times new roman, terwijl je bijvoorbeeld op arial typt, maar ook de regelafstand wordt opeens verdubbeld, ook al staat die op regelafstand 1. Als je typt, komen heel vaak 3 dezelfde letters achter elkaar. Hetzelfde geldt voor de backspace toets. Dan verdwijnen er 3 letters, ook al typ je 1 keer op een knop.

    Wat ik ertegen heb gedaan:

    Op een ander forum een bericht geplaatst. Ze wilden me daar wel helpen, maar komen er uiteindelijk niet uit. Ik moest office laten herstellen en dat had ik gedaan. Ook heb ik avira geïnstalleerd en gescand. Daar was niets gevonden. Ik heb hem trouwens weer verwijderd, omdat de C-schijf bijna volledig vol zit. Ook heb ik een uninstallijst daar gepost . Ik moest 1 programma weghalen, maar dat heeft nauwelijks geholpen qua ruimte.

    Malwarebytes' Anti-Malware 1.34

    Database versie: 1809

    Windows 5.1.2600 Service Pack 3

    27-2-2009 12:45:25

    mbam-log-2009-02-27 (12-45-25).txt

    Scan type: Snelle Scan

    Objecten gescand: 139171

    Verstreken tijd: 30 minute(s), 40 second(s)

    Geheugenprocessen geïnfecteerd: 0

    Geheugenmodulen geïnfecteerd: 0

    Registersleutels geïnfecteerd: 3

    Registerwaarden geïnfecteerd: 0

    Registerdata bestanden geïnfecteerd: 5

    Mappen geïnfecteerd: 2

    Bestanden geïnfecteerd: 3

    Geheugenprocessen geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:

    HKEY_CLASSES_ROOT\CLSID\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.Agent) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.Agent) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Secondary_Page_URL (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html ) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Secondary Start Pages (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html ) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

    Mappen geïnfecteerd:

    C:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.

    C:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:

    C:\Documents and Settings\Mario\Local Settings\Temp\_check32.bat (Malware.Trace) -> Quarantined and deleted successfully.

    C:\WINDOWS\s32.txt (Malware.Trace) -> Quarantined and deleted successfully.

    C:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.

  • Anonymous avatar

    Teaser

    Log 1

    Sluit even alle vensters.

    Open alleen HJT en klik op “do a system scan only”

    Vink nu de volgende regels aan en klik op “fix checked”

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    Log 2

    Sluit even alle vensters.

    Open alleen HJT en klik op “do a system scan only”

    Vink nu de volgende regels aan en klik op “fix checked”

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

    Log 3

    Sluit even alle vensters.

    Open alleen HJT en klik op “do a system scan only”

    Vink nu de volgende regels aan en klik op “fix checked”

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    Log 4

    Sluit even alle vensters.

    Open alleen HJT en klik op “do a system scan only”

    Vink nu de volgende regels aan en klik op “fix checked”

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    Download Combofix naar je Bureaublad.

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,

    want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt

    van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    • Dubbelklik op Combofix.exe

      Volg de instructies, aanvaard de disclaimer.

      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

    Plaats deze log in je volgende post samen met 4 nieuwe HijackThis logjes.