logje

Teaser

24-03-2009 13:29

De onderstaande regels even verwijderen uit alle logjes
Sluit even alle vensters.
Open alleen HJT en klik op “do a system scan only”
Vink nu de volgende regels aan en klik op “fix checked”
O4 - HKUS\S-1-5-21-1343024091-1229272821-1177238915-1004\..\Run: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User ‘maarten’)
O4 - HKUS\S-1-5-21-1343024091-1229272821-1177238915-1004\..\Run: C:\DOCUME~1\maarten\APPLIC~1\OPTION~1\Link About.exe (User ‘maarten’)
Plaats nogmaals een combolog en 1 HJT log.
Ze zijn allemaal hetzelfde
dientje

24-03-2009 14:12

ComboFix 09-03-23.01 - Jonne 2009-03-24 13:53:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.479.124
Gestart vanuit: C:\Documenten en settings\Jonne\Bureaublad\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-02-24 to 2009-03-24 ))))))))))))))))))))))))))))))
.
2031-10-02 18:57 . 2031-10-02 18:57 3,120 –a–c— C:\WINDOWS\MF_C421.lfa
2031-10-02 18:57 . 2031-10-02 18:57 3,120 –a–c— C:\WINDOWS\MF_C420.lfa
2009-03-24 12:42 . 2009-03-24 12:42 d——– C:\Documenten en settings\Dientje\Application Data\Ulead Systems
2009-03-23 18:24 . 2009-03-23 18:24 d——– C:\Program Files\Trend Micro
2009-03-23 16:51 . 2009-03-23 16:51 d——– C:\Program Files\CleanUp!
2009-03-22 22:25 . 2009-03-24 12:26 dr-h—– C:\Documenten en settings\maarten\Onlangs geopend
2009-03-22 22:24 . 2009-03-09 20:06 15,688 –a—— C:\WINDOWS\system32\lsdelete.exe
2009-03-22 22:17 . 2009-03-22 22:17 d——– C:\Documenten en settings\LocalService\Bureaublad
2009-03-22 21:58 . 2009-03-22 21:58 d–h-c— C:\Documenten en settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-22 21:58 . 2009-03-09 20:06 64,160 –a—— C:\WINDOWS\system32\drivers\Lbd.sys
2009-03-22 10:12 . 2009-03-22 10:12 d——– C:\Program Files\Avira
2009-03-22 10:12 . 2009-03-22 10:12 d——– C:\Documenten en settings\All Users\Application Data\Avira
2009-03-22 10:12 . 2009-02-13 11:31 55,640 –a—— C:\WINDOWS\system32\drivers\avgntflt.sys
2009-03-15 12:52 . 2008-11-10 03:39 73,728 –a—— C:\WINDOWS\system32\javacpl.cpl
2009-03-15 09:50 . 2009-03-15 09:56 d——– C:\Program Files\Hyves Desktop
2009-03-01 02:23 . 2009-03-01 02:23 3,768 –a—— C:\WINDOWS\system32\PerfStringBackup.TMP
2009-02-28 18:31 . 2009-02-28 18:31 d——– C:\WINDOWS\system32\nl
2009-02-28 18:31 . 2009-02-28 18:31 d——– C:\WINDOWS\system32\bits
2009-02-28 18:31 . 2009-02-28 18:31 d——– C:\WINDOWS\l2schemas
2009-02-28 18:19 . 2009-02-28 18:32 d——– C:\WINDOWS\ServicePackFiles
2009-02-28 13:36 . 2009-02-28 13:36 d——– C:\Program Files\SUPERAntiSpyware
2009-02-28 13:36 . 2009-02-28 13:36 d——– C:\Documenten en settings\maarten\Application Data\SUPERAntiSpyware.com
2009-02-28 13:36 . 2009-02-28 13:36 d——– C:\Documenten en settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-28 13:35 . 2009-02-28 13:35 d——– C:\Program Files\Common Files\Wise Installation Wizard
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 09:16 ——— d—–w C:\Documenten en settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-22 20:57 ——— d—–w C:\Program Files\Lavasoft
2009-03-15 11:52 ——— d—–w C:\Program Files\Java
2009-03-15 11:48 ——— d—–w C:\Program Files\Malwarebytes' Anti-Malware
2009-02-15 10:25 ——— d—–w C:\Program Files\Alwil Software
2009-02-11 09:19 38,496 —-a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 —-a-w C:\WINDOWS\system32\drivers\mbam.sys
2009-02-09 14:08 1,846,912 —-a-w C:\WINDOWS\system32\win32k.sys
2009-01-29 14:40 34 —-a-w C:\Documenten en settings\maarten\jagex_runescape_preferences.dat
2009-01-27 14:46 ——— d—–w C:\Program Files\TAC
2009-01-27 14:46 ——— d—–w C:\Documenten en settings\maarten\Application Data\TAC
2006-11-18 22:38 12,965,392 —-a-w C:\Documenten en settings\Elke\RealPlayer10-5GOLD.exe
2006-08-27 00:47 228,875,933 -c–a-w C:\Program Files\race.wrs
2006-08-27 00:47 2,658,304 —-a-w C:\Program Files\acknex.dll
2006-08-27 00:45 103,748 -c–a-w C:\Program Files\acknex.wdf
2006-08-24 18:19 768 -c–a-w C:\Program Files\PALETTE.RAW
2006-08-02 05:21 2,774,080 -c–a-w C:\Program Files\video01.wmv
2006-07-13 17:13 3,435,213 -c–a-w C:\Program Files\music03.mp3
2006-07-13 17:13 2,016,996 -c–a-w C:\Program Files\music04.mp3
2006-07-11 01:03 25,214 -c–a-w C:\Program Files\horse01.ico
2006-07-01 00:43 36 -c–a-w C:\Program Files\rect102.dat
2006-07-01 00:42 38 -c–a-w C:\Program Files\rect101.dat
2006-07-01 00:41 15 -c–a-w C:\Program Files\rect34.dat
2006-07-01 00:41 15 -c–a-w C:\Program Files\rect33.dat
2006-07-01 00:41 15 -c–a-w C:\Program Files\rect32.dat
2006-07-01 00:41 15 -c–a-w C:\Program Files\rect31.dat
2006-07-01 00:40 15 -c–a-w C:\Program Files\rect24.dat
2006-07-01 00:40 15 -c–a-w C:\Program Files\rect23.dat
2006-07-01 00:40 15 -c–a-w C:\Program Files\rect22.dat
2006-07-01 00:39 15 -c–a-w C:\Program Files\rect21.dat
2006-07-01 00:39 15 -c–a-w C:\Program Files\rect04.dat
2006-07-01 00:38 15 -c–a-w C:\Program Files\rect03.dat
2006-07-01 00:38 15 -c–a-w C:\Program Files\rect02.dat
2006-07-01 00:38 15 -c–a-w C:\Program Files\rect01.dat
2006-07-01 00:38 15 -c–a-w C:\Program Files\rech204.dat
2006-07-01 00:37 15 -c–a-w C:\Program Files\rech203.dat
2006-07-01 00:37 15 -c–a-w C:\Program Files\rech202.dat
2006-07-01 00:37 14 -c–a-w C:\Program Files\rech201.dat
2006-07-01 00:36 15 -c–a-w C:\Program Files\rech104.dat
2006-07-01 00:36 15 -c–a-w C:\Program Files\rech103.dat
2006-07-01 00:35 15 -c–a-w C:\Program Files\rech101.dat
2006-07-01 00:35 13 -c–a-w C:\Program Files\rech102.dat
2006-06-30 23:10 130,165 -c–a-w C:\Program Files\mu-fim.mp3
2006-06-30 18:39 83,490 -c–a-w C:\Program Files\mu-dia.mp3
2006-06-30 18:39 2,865,008 -c–a-w C:\Program Files\music02.mp3
2006-06-30 18:35 227,686 -c–a-w C:\Program Files\mu-perde.mp3
2006-06-30 18:35 208,878 -c–a-w C:\Program Files\mu-corre.mp3
2006-06-30 18:34 3,782,991 -c–a-w C:\Program Files\music01.mp3
2006-02-07 22:22 651,040 -c–a-w C:\Program Files\Incagold.wmv
2006-02-07 18:20 96,948 -c–a-w C:\Program Files\incagold.wav
2005-11-22 23:01 529,920 -c–a-w C:\Program Files\espa01.mp3
2005-11-22 05:01 1,989,196 -c–a-w C:\Program Files\espaco.wmv
2005-09-18 12:12 25,600 —-a-w C:\Program Files\race.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe”
“msnmsgr”=“C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe”
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe”
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe”
“SiSUSBRG”=“C:\WINDOWS\SiSUSBrg.exe”
“SiSRaid”=“C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe”
“Ulead AutoDetector v2”=“C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe”
“Ulead Quick-Drop”=“C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe”
“USIUDF_Eject_Monitor”=“C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe”
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe”
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe”
“Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe”
“Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe”
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe”
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe”
“SunJavaUpdateSched”=“C:\Program Files\Java\jre6\bin\jusched.exe”
“avgnt”=“C:\Program Files\Avira\AntiVir Desktop\avgnt.exe”
“Ad-Watch”=“C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe”
“SiSPower”=“SiSPower.dll”
“SoundMan”=“SOUNDMAN.EXE”
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”
C:\Documenten en settings\maarten\Menu Start\Programma's\Opstarten\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
C:\Documenten en settings\All Users\Menu Start\Programma's\Opstarten\
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “C:\Program Files\SUPERAntiSpyware\SASSEH.DLL”
2008-12-22 11:05 356352 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
“msacm.dvacm”= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
“msacm.mpegacm”= mpegacm.acm
“msacm.ulmp3acm”= ulmp3acm.acm
@=“Service”
“%windir%\\system32\\sessmgr.exe”=
“C:\\Program Files\\LimeWire\\LimeWire.exe”=
“C:\\StubInstaller.exe”=
“C:\\BorgIRC 2\\mirc.exe”=
“C:\\Documenten en settings\\Jonne\\Mijn documenten\\winks\\mcoinstall- www.freewinks.net.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“C:\\Program Files\\Windows Media Player\\wmplayer.exe”=
“C:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“C:\\Program Files\\iTunes\\iTunes.exe”=
“C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“C:\\Program Files\\Windows Live\\Messenger\\livecall.exe”=
R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
S1 mchInjDrv;madCodeHook DLL injection driver;\??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys –> C:\WINDOWS\system32\Drivers\mchInjDrv.sys
S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys
.
Inhoud van de ‘Gedeelde Taken’ map
2009-03-22 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
2009-03-24 C:\WINDOWS\Tasks\ADCE8F7F9189070B.job
- c:\docume~1\maarten\applic~1\option~1\love media okay.exe
2009-02-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.spitsnieuws.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
IE: Add to AMV Convert Tool… - C:\Documenten en settings\Jonne\Menu Start\AMVConverter\grab.html
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - C:\Documenten en settings\Jonne\Menu Start\MediaManager\grab.html
DPF: {426784E5-24B2-4708-820D-117342FAD009} - hxxp://www.hyves.nl/cab/outlookaddressbook.cab
DPF: {FACEE739-329B-4C23-9FCC-C85B0270CFDC} - hxxp://www.smootsy.com/launcher.cab
.
dientje

24-03-2009 14:18

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16, on 2009-03-24
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spitsnieuws.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: SOUNDMAN.EXE
O4 - HKLM\..\Run: C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: “C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe” WINDOWCALL
O4 - HKLM\..\Run: C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM\..\Run: “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM\..\Run: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-1343024091-1229272821-1177238915-1004\..\Run: C:\WINDOWS\system32\ctfmon.exe (User ‘maarten’)
O4 - HKUS\S-1-5-21-1343024091-1229272821-1177238915-1004\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background (User ‘maarten’)
O4 - HKUS\S-1-5-21-1343024091-1229272821-1177238915-1004\..\Run: “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_7 -reboot 1 (User ‘maarten’)
O4 - HKUS\S-1-5-21-1343024091-1229272821-1177238915-1004\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe (User ‘maarten’)
O4 - HKUS\S-1-5-21-1343024091-1229272821-1177238915-1004\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User ‘maarten’)
O4 - HKUS\S-1-5-21-1343024091-1229272821-1177238915-1004\..\Run: C:\PROGRA~1\HYVESD~1\bin\HYVESD~1.EXE (User ‘maarten’)
O4 - HKUS\S-1-5-21-1343024091-1229272821-1177238915-1004\..\RunOnce: C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -“Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR Enabled; SIMBAR={5DD2FAC9-751C-4ca3-A589-364E7026811E}; SIMBAR=0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)” -“http://www.habbo.nl/client” (User ‘maarten’)
O4 - HKUS\S-1-5-21-1343024091-1229272821-1177238915-1007\..\Run: C:\WINDOWS\system32\ctfmon.exe (User ‘Dientje’)
O4 - HKUS\S-1-5-21-1343024091-1229272821-1177238915-1009\..\Run: C:\WINDOWS\system32\ctfmon.exe (User ‘Elke’)
O4 - HKUS\S-1-5-21-1343024091-1229272821-1177238915-1009\..\RunOnce: C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -“Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR Enabled; SIMBAR={5DD2FAC9-751C-4ca3-A589-364E7026811E}; SIMBAR=0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)” -“http://www.habbo.nl/client” (User ‘Elke’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - S-1-5-21-1343024091-1229272821-1177238915-1004 Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User ‘maarten’)
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to AMV Convert Tool… - C:\Documenten en settings\Jonne\Menu Start\AMVConverter\grab.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Documenten en settings\Jonne\Menu Start\MediaManager\grab.html
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: MyCom - {3E085E5E-40AF-4A93-B006-9F20BAE83AA3} - http://www.mycom.nl (file missing) (HKCU)
O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://84.30.136.78/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FACEE739-329B-4C23-9FCC-C85B0270CFDC} (Launcher Control) - http://www.smootsy.com/launcher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
–
End of file - 11055 bytes
Teaser

24-03-2009 14:23

2009-03-24 09:16 ——— d—–w C:\Documenten en settings\All Users\Application Data\Spybot - Search & Destroy is dus helemaal niet verwijderd
C:\Program Files\Hitman Pro\hitmanpro2.sys en dit is ook bagger :X:X
dus nogmaals weg met die zooi.
Zo komen we niet verder hoor
dientje

24-03-2009 15:07

ComboFix 09-03-23.01 - Jonne 2009-03-24 14:44:49.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.479.81
Gestart vanuit: C:\Documenten en settings\Jonne\Bureaublad\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-02-24 to 2009-03-24 ))))))))))))))))))))))))))))))
.
2031-10-02 18:57 . 2031-10-02 18:57 3,120 –a–c— C:\WINDOWS\MF_C421.lfa
2031-10-02 18:57 . 2031-10-02 18:57 3,120 –a–c— C:\WINDOWS\MF_C420.lfa
2009-03-24 12:42 . 2009-03-24 12:42 d——– C:\Documenten en settings\Dientje\Application Data\Ulead Systems
2009-03-23 18:24 . 2009-03-23 18:24 d——– C:\Program Files\Trend Micro
2009-03-23 16:51 . 2009-03-23 16:51 d——– C:\Program Files\CleanUp!
2009-03-22 22:25 . 2009-03-24 12:26 dr-h—– C:\Documenten en settings\maarten\Onlangs geopend
2009-03-22 22:24 . 2009-03-09 20:06 15,688 –a—— C:\WINDOWS\system32\lsdelete.exe
2009-03-22 22:17 . 2009-03-22 22:17 d——– C:\Documenten en settings\LocalService\Bureaublad
2009-03-22 21:58 . 2009-03-22 21:58 d–h-c— C:\Documenten en settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-22 21:58 . 2009-03-09 20:06 64,160 –a—— C:\WINDOWS\system32\drivers\Lbd.sys
2009-03-22 10:12 . 2009-03-22 10:12 d——– C:\Program Files\Avira
2009-03-22 10:12 . 2009-03-22 10:12 d——– C:\Documenten en settings\All Users\Application Data\Avira
2009-03-22 10:12 . 2009-02-13 11:31 55,640 –a—— C:\WINDOWS\system32\drivers\avgntflt.sys
2009-03-15 12:52 . 2008-11-10 03:39 73,728 –a—— C:\WINDOWS\system32\javacpl.cpl
2009-03-15 09:50 . 2009-03-15 09:56 d——– C:\Program Files\Hyves Desktop
2009-03-01 02:23 . 2009-03-01 02:23 3,768 –a—— C:\WINDOWS\system32\PerfStringBackup.TMP
2009-02-28 18:31 . 2009-02-28 18:31 d——– C:\WINDOWS\system32\nl
2009-02-28 18:31 . 2009-02-28 18:31 d——– C:\WINDOWS\system32\bits
2009-02-28 18:31 . 2009-02-28 18:31 d——– C:\WINDOWS\l2schemas
2009-02-28 18:19 . 2009-02-28 18:32 d——– C:\WINDOWS\ServicePackFiles
2009-02-28 13:36 . 2009-02-28 13:36 d——– C:\Program Files\SUPERAntiSpyware
2009-02-28 13:36 . 2009-02-28 13:36 d——– C:\Documenten en settings\maarten\Application Data\SUPERAntiSpyware.com
2009-02-28 13:36 . 2009-02-28 13:36 d——– C:\Documenten en settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-28 13:35 . 2009-02-28 13:35 d——– C:\Program Files\Common Files\Wise Installation Wizard
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 20:57 ——— d—–w C:\Program Files\Lavasoft
2009-03-15 11:52 ——— d—–w C:\Program Files\Java
2009-03-15 11:48 ——— d—–w C:\Program Files\Malwarebytes' Anti-Malware
2009-02-15 10:25 ——— d—–w C:\Program Files\Alwil Software
2009-02-11 09:19 38,496 —-a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 —-a-w C:\WINDOWS\system32\drivers\mbam.sys
2009-02-09 14:08 1,846,912 —-a-w C:\WINDOWS\system32\win32k.sys
2009-01-29 14:40 34 —-a-w C:\Documenten en settings\maarten\jagex_runescape_preferences.dat
2009-01-27 14:46 ——— d—–w C:\Program Files\TAC
2009-01-27 14:46 ——— d—–w C:\Documenten en settings\maarten\Application Data\TAC
2006-11-18 22:38 12,965,392 —-a-w C:\Documenten en settings\Elke\RealPlayer10-5GOLD.exe
2006-08-27 00:47 228,875,933 -c–a-w C:\Program Files\race.wrs
2006-08-27 00:47 2,658,304 —-a-w C:\Program Files\acknex.dll
2006-08-27 00:45 103,748 -c–a-w C:\Program Files\acknex.wdf
2006-08-24 18:19 768 -c–a-w C:\Program Files\PALETTE.RAW
2006-08-02 05:21 2,774,080 -c–a-w C:\Program Files\video01.wmv
2006-07-13 17:13 3,435,213 -c–a-w C:\Program Files\music03.mp3
2006-07-13 17:13 2,016,996 -c–a-w C:\Program Files\music04.mp3
2006-07-11 01:03 25,214 -c–a-w C:\Program Files\horse01.ico
2006-07-01 00:43 36 -c–a-w C:\Program Files\rect102.dat
2006-07-01 00:42 38 -c–a-w C:\Program Files\rect101.dat
2006-07-01 00:41 15 -c–a-w C:\Program Files\rect34.dat
2006-07-01 00:41 15 -c–a-w C:\Program Files\rect33.dat
2006-07-01 00:41 15 -c–a-w C:\Program Files\rect32.dat
2006-07-01 00:41 15 -c–a-w C:\Program Files\rect31.dat
2006-07-01 00:40 15 -c–a-w C:\Program Files\rect24.dat
2006-07-01 00:40 15 -c–a-w C:\Program Files\rect23.dat
2006-07-01 00:40 15 -c–a-w C:\Program Files\rect22.dat
2006-07-01 00:39 15 -c–a-w C:\Program Files\rect21.dat
2006-07-01 00:39 15 -c–a-w C:\Program Files\rect04.dat
2006-07-01 00:38 15 -c–a-w C:\Program Files\rect03.dat
2006-07-01 00:38 15 -c–a-w C:\Program Files\rect02.dat
2006-07-01 00:38 15 -c–a-w C:\Program Files\rect01.dat
2006-07-01 00:38 15 -c–a-w C:\Program Files\rech204.dat
2006-07-01 00:37 15 -c–a-w C:\Program Files\rech203.dat
2006-07-01 00:37 15 -c–a-w C:\Program Files\rech202.dat
2006-07-01 00:37 14 -c–a-w C:\Program Files\rech201.dat
2006-07-01 00:36 15 -c–a-w C:\Program Files\rech104.dat
2006-07-01 00:36 15 -c–a-w C:\Program Files\rech103.dat
2006-07-01 00:35 15 -c–a-w C:\Program Files\rech101.dat
2006-07-01 00:35 13 -c–a-w C:\Program Files\rech102.dat
2006-06-30 23:10 130,165 -c–a-w C:\Program Files\mu-fim.mp3
2006-06-30 18:39 83,490 -c–a-w C:\Program Files\mu-dia.mp3
2006-06-30 18:39 2,865,008 -c–a-w C:\Program Files\music02.mp3
2006-06-30 18:35 227,686 -c–a-w C:\Program Files\mu-perde.mp3
2006-06-30 18:35 208,878 -c–a-w C:\Program Files\mu-corre.mp3
2006-06-30 18:34 3,782,991 -c–a-w C:\Program Files\music01.mp3
2006-02-07 22:22 651,040 -c–a-w C:\Program Files\Incagold.wmv
2006-02-07 18:20 96,948 -c–a-w C:\Program Files\incagold.wav
2005-11-22 23:01 529,920 -c–a-w C:\Program Files\espa01.mp3
2005-11-22 05:01 1,989,196 -c–a-w C:\Program Files\espaco.wmv
2005-09-18 12:12 25,600 —-a-w C:\Program Files\race.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe”
“msnmsgr”=“C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe”
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe”
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe”
“SiSUSBRG”=“C:\WINDOWS\SiSUSBrg.exe”
“SiSRaid”=“C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe”
“Ulead AutoDetector v2”=“C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe”
“Ulead Quick-Drop”=“C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe”
“USIUDF_Eject_Monitor”=“C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe”
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe”
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe”
“Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe”
“Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe”
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe”
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe”
“SunJavaUpdateSched”=“C:\Program Files\Java\jre6\bin\jusched.exe”
“avgnt”=“C:\Program Files\Avira\AntiVir Desktop\avgnt.exe”
“Ad-Watch”=“C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe”
“SiSPower”=“SiSPower.dll”
“SoundMan”=“SOUNDMAN.EXE”
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”
C:\Documenten en settings\maarten\Menu Start\Programma's\Opstarten\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
C:\Documenten en settings\All Users\Menu Start\Programma's\Opstarten\
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “C:\Program Files\SUPERAntiSpyware\SASSEH.DLL”
2008-12-22 11:05 356352 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
“msacm.dvacm”= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
“msacm.mpegacm”= mpegacm.acm
“msacm.ulmp3acm”= ulmp3acm.acm
@=“Service”
“%windir%\\system32\\sessmgr.exe”=
“C:\\Program Files\\LimeWire\\LimeWire.exe”=
“C:\\StubInstaller.exe”=
“C:\\BorgIRC 2\\mirc.exe”=
“C:\\Documenten en settings\\Jonne\\Mijn documenten\\winks\\mcoinstall- www.freewinks.net.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“C:\\Program Files\\Windows Media Player\\wmplayer.exe”=
“C:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“C:\\Program Files\\iTunes\\iTunes.exe”=
“C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“C:\\Program Files\\Windows Live\\Messenger\\livecall.exe”=
R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
S1 mchInjDrv;madCodeHook DLL injection driver;\??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys –> C:\WINDOWS\system32\Drivers\mchInjDrv.sys
S3 hitmanpro2;Hitman Pro 2 Driver;\??\C:\Program Files\Hitman Pro\hitmanpro2.sys –> C:\Program Files\Hitman Pro\hitmanpro2.sys
.
Inhoud van de ‘Gedeelde Taken’ map
2009-03-22 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
2009-03-24 C:\WINDOWS\Tasks\ADCE8F7F9189070B.job
- c:\docume~1\maarten\applic~1\option~1\love media okay.exe
2009-02-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.spitsnieuws.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
IE: Add to AMV Convert Tool… - C:\Documenten en settings\Jonne\Menu Start\AMVConverter\grab.html
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - C:\Documenten en settings\Jonne\Menu Start\MediaManager\grab.html
DPF: {426784E5-24B2-4708-820D-117342FAD009} - hxxp://www.hyves.nl/cab/outlookaddressbook.cab
DPF: {FACEE739-329B-4C23-9FCC-C85B0270CFDC} - hxxp://www.smootsy.com/launcher.cab
.
dientje

24-03-2009 15:11

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08, on 2009-03-24
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spitsnieuws.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: SOUNDMAN.EXE
O4 - HKLM\..\Run: C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: “C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe” WINDOWCALL
O4 - HKLM\..\Run: C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM\..\Run: “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM\..\Run: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to AMV Convert Tool… - C:\Documenten en settings\Jonne\Menu Start\AMVConverter\grab.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Documenten en settings\Jonne\Menu Start\MediaManager\grab.html
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: MyCom - {3E085E5E-40AF-4A93-B006-9F20BAE83AA3} - http://www.mycom.nl (file missing) (HKCU)
O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://84.30.136.78/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FACEE739-329B-4C23-9FCC-C85B0270CFDC} (Launcher Control) - http://www.smootsy.com/launcher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
–
End of file - 9102 bytes
Teaser

24-03-2009 15:19

Ga even naar start > uitvoeren en type daar combofix /U en klik op oke
Log zien er goed uit nu
Alleen hoop ik wel dat je alles van hitmanpro verwijderd hebt.
Hoe staat het nu met je problemen
dientje

24-03-2009 15:26

hij is weer sneller en we hadden alleen besmetten bestanden gevonden
ik zit zelf niet vaak daar achter
ik heb hitpro laten op zoeken vond maar 2 bestanden
Teaser

24-03-2009 15:43

Mooi.
Dus probleem opgelost ??????
dientje

24-03-2009 15:45

volgen nu wel andersmeden ons wel

logje

Teaser

dientje

dientje

Teaser

dientje

dientje

Teaser

dientje

Teaser

dientje