Ik moest hier een hjt logje plaatsen ( http://www.minatica.be/showthread.php?p=437771#post437771 )

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:54, on 30/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://be.msn.com/?lang=nl-be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.be/ (http://www.google.be/)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: (no name) - {D9567C82-72D2-4443-8146-4BF404CC940A} - C:\WINDOWS\system32\tuvULcaA.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Macro Manager] C:\Program Files\GrassSoft\Mouse Recorder\MacroManager.exe /q
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdzmm.exe] C:\WINDOWS\system32\kdzmm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunServices: [Logical Volume] slvhost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20China/Images/stg_drm.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://zulie6.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148582511220
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chris7877.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextnl.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCA46C0D-79DE-4CA4-86F1-B4BCD7EE70DC}: NameServer = 85.255.114.67;85.255.112.140
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.67;85.255.112.140
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.67;85.255.112.140
O20 - AppInit_DLLs: umqfan.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: yayVnLdD - yayVnLdD.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
--
End of file - 9688 bytes

Geen wonder dat je Messenger niet kan instaleren!!!

Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad en gebruik het volgens deze handleiding (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.Post dit logje in je volgende antwoord.

ik kan dat microsoft bestand ni downloaden om in die veilige modus ofzo te gaan :s

wat moet ek dan doen

Kun je ComboFix downloaden en instaleren? De recovery console mag je eventueel overslaan!

ComboFix 08-12-29.02 - Marianne 2008-12-30 17:23:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.991.648 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Marianne\Bureaublad\ComboFix.exe
* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Marianne\Application Data\inst.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\AacLUvut.ini
c:\windows\system32\AacLUvut.ini2
c:\windows\system32\drivers\msqpdxserv.sys
c:\windows\system32\drivers\msqpdxxxouktpa.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\msqpdxwupeirxy.dll
c:\windows\system32\packet.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MSQPDXSERV.SYS
-------\Legacy_MSQPDXSERV.SYS
-------\Service_NPF

(((((((((((((((((((( Bestanden Gemaakt van 2008-11-28 to 2008-12-30 ))))))))))))))))))))))))))))))
.
2008-12-30 16:24 . 2008-12-30 16:24 <DIR> d-------- c:\windows\system32\Adobe
2008-12-30 15:21 . 2008-12-30 15:21 <DIR> d-------- c:\program files\Trend Micro
2008-12-29 09:40 . 2008-12-29 09:40 <DIR> d-------- c:\program files\Bit Che
2008-12-29 09:40 . 2008-12-29 09:40 <DIR> d-------- c:\documents and settings\Marianne\Application Data\Convivea
2008-12-29 09:10 . 2008-12-29 13:30 <DIR> d-------- c:\program files\a-squared Anti-Malware
2008-12-28 20:50 . 2008-12-28 20:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 20:50 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 20:50 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-28 19:41 . 2004-03-09 01:00 609,824 --a------ c:\windows\system32\COMCTL32.ocx
2008-12-28 19:41 . 2004-03-09 01:00 124,688 --a------ c:\windows\system32\MSWINSCK.ocx
2008-12-27 14:01 . 2008-12-27 14:01 <DIR> d-------- c:\program files\TeamViewer
2008-12-27 13:51 . 2008-12-27 13:51 <DIR> d-------- c:\documents and settings\Marianne\temp
2008-12-27 13:51 . 2008-12-27 13:51 <DIR> d-------- c:\documents and settings\Marianne\Application Data\TeamViewer
2008-12-26 20:00 . 2008-12-26 20:00 <DIR> d-------- c:\program files\ToggleEN
2008-12-26 20:00 . 2008-12-26 20:00 <DIR> d-------- c:\program files\Conduit
2008-12-14 12:49 . 2008-12-14 12:49 <DIR> d-------- C:\Lyrics
2008-12-14 12:48 . 2008-12-14 13:37 <DIR> d-------- c:\program files\Minilyrics
2008-12-14 12:48 . 2008-12-14 12:49 <DIR> d-------- c:\documents and settings\Marianne\Application Data\MiniLyrics
2008-12-14 00:33 . 2008-12-14 00:34 <DIR> d-------- c:\program files\BurnAwarePortable
2008-12-13 14:13 . 2008-12-13 14:27 <DIR> d-------- c:\program files\AoA DVD Creator
2008-12-13 14:10 . 2008-12-26 20:08 <DIR> d-------- c:\program files\AoA DVD Copy
2008-12-13 13:02 . 2008-12-26 20:08 <DIR> d-------- c:\program files\AoA DVD Ripper
2008-12-13 13:02 . 2008-12-14 13:38 186 --a------ c:\windows\AoADVDRipper.INI
2008-12-10 20:07 . 2008-12-30 10:40 <DIR> d-------- c:\program files\Xilisoft
2008-12-10 19:21 . 2008-12-10 19:23 <DIR> d-------- c:\program files\uTorrent
2008-12-10 19:21 . 2008-12-30 11:12 <DIR> d-------- c:\documents and settings\Marianne\Application Data\uTorrent
2008-11-27 01:08 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-11-27 01:08 . 2002-12-10 02:20 102,439 --a------ c:\windows\system32\sipr3260.dll
2008-11-23 11:47 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-22 16:40 . 2008-11-22 16:45 <DIR> d-------- c:\program files\MP3Gain
2008-11-22 03:22 . 2008-11-22 03:22 <DIR> d-------- c:\windows\system32\nl
2008-11-22 03:22 . 2008-11-22 03:22 <DIR> d-------- c:\windows\system32\bits
2008-11-22 03:22 . 2008-11-22 03:22 <DIR> d-------- c:\windows\l2schemas
2008-11-22 03:18 . 2008-11-22 03:18 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-22 03:08 . 2008-11-22 03:08 <DIR> d-------- c:\windows\EHome
2008-11-21 18:43 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-11-21 18:41 . 2008-11-21 18:41 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-11-21 18:36 . 2008-11-21 18:37 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-20 15:57 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-20 15:57 . 2008-10-15 17:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-18 17:21 . 2008-11-18 17:21 <DIR> d-------- c:\documents and settings\Marianne\Application Data\Malwarebytes
2008-11-18 17:20 . 2008-11-18 17:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-16 17:33 . 2008-11-16 17:33 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-16 17:33 . 2008-11-16 17:33 <DIR> d-------- c:\documents and settings\Marianne\Application Data\SUPERAntiSpyware.com
2008-11-16 17:33 . 2008-11-16 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-16 17:32 . 2008-12-29 09:20 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-16 17:27 . 2008-11-16 17:29 <DIR> d-------- C:\Temp
2008-11-16 17:20 . 2008-11-16 17:20 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-11-16 17:15 . 2008-11-16 17:15 268 --ah----- C:\sqmdata19.sqm
2008-11-16 17:15 . 2008-11-16 17:15 244 --ah----- C:\sqmnoopt19.sqm
2008-11-16 17:01 . 2008-11-16 17:01 172 --ah----- C:\sqmnoopt18.sqm
2008-11-16 17:01 . 2008-11-16 17:01 172 --ah----- C:\sqmdata18.sqm
2008-11-16 16:48 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-16 16:42 . 2008-11-16 16:42 268 --ah----- C:\sqmdata17.sqm
2008-11-16 16:42 . 2008-11-16 16:42 244 --ah----- C:\sqmnoopt17.sqm
2008-11-16 16:33 . 2008-11-16 16:33 <DIR> d-------- c:\program files\GlobalStar Software
2008-11-15 16:48 . 2004-08-04 13:00 2,962,432 --a------ c:\windows\system32\xpsp2res(3).dll
2008-11-15 16:48 . 2008-04-14 17:35 371,712 --a------ c:\windows\system32\html.iec
2008-11-15 16:48 . 2006-07-14 16:51 121,856 --a------ c:\windows\system32\xmllite(2).dll
2008-11-15 16:48 . 2004-08-04 13:00 24,576 --a------ c:\windows\system32\httpapi(3).dll
2008-11-15 16:48 . 2004-08-04 13:00 15,872 --a------ c:\windows\system32\w3ssl(2).dll
2008-11-15 16:47 . 2004-08-04 13:00 351,232 --a------ c:\windows\system32\winhttp(3).dll
2008-11-15 16:47 . 2004-08-04 13:00 177,152 --a------ c:\windows\system32\msctfime(3).ime
2008-11-15 16:47 . 2004-08-04 13:00 81,408 --a------ c:\windows\system32\wscsvc(3).dll
2008-11-15 16:47 . 2004-08-04 13:00 75,776 --a------ c:\windows\system32\strmfilt(2).dll
2008-11-15 16:47 . 2004-08-04 13:00 6,656 --a------ c:\windows\system32\wuauserv(2).dll
2008-11-15 16:44 . 2005-10-20 23:31 1,092,096 --a------ c:\windows\system32\esent(3).dll
2008-11-15 16:43 . 2004-08-04 13:00 1,721,344 --a------ c:\windows\system32\netshell(3).dll
2008-11-15 16:42 . 2007-10-25 17:44 8,507,392 --a------ c:\windows\system32\shell32(3).dll
2008-11-15 16:41 . 2008-02-29 10:09 265,948 --a------ c:\windows\system32\locale.nls
2008-11-15 16:41 . 2008-11-22 03:14 251,712 --a------ C:\ntldr
2008-11-15 16:41 . 2006-12-29 19:08 23,044 --a------ c:\windows\system32\sorttbls.nls
2008-11-15 12:31 . 2008-11-15 12:31 268 --ah----- C:\sqmdata16.sqm
2008-11-15 12:31 . 2008-11-15 12:31 244 --ah----- C:\sqmnoopt16.sqm
2008-11-15 12:09 . 2008-11-15 12:09 268 --ah----- C:\sqmdata15.sqm
2008-11-15 12:09 . 2008-11-15 12:09 244 --ah----- C:\sqmnoopt15.sqm
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-28 19:25 --------- d-----w c:\program files\Java
2008-12-28 19:11 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-28 18:50 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-28 18:33 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-27 12:50 --------- d-----w c:\documents and settings\Marianne\Application Data\FrostWire
2008-12-26 19:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-26 19:26 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-13 20:52 --------- d-----w c:\documents and settings\Marianne\Application Data\Vso
2008-12-13 11:53 --------- d-----w c:\documents and settings\Marianne\Application Data\dvdcss
2008-11-27 01:47 --------- d-----w c:\program files\FrostWire
2008-11-23 11:02 30 ----a-w c:\documents and settings\Marianne\jagex_runescape_preferences.dat
2008-11-21 17:31 --------- d-----w c:\program files\Yahoo!
2008-11-21 17:25 --------- d-----w c:\program files\HistoryCleaner
2008-11-18 16:07 --------- d-----w c:\program files\Google
2008-09-07 20:03 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-09-07 20:03 249,856 ------w c:\windows\Setup1.exe
2008-04-29 11:47 47,360 ----a-w c:\documents and settings\Marianne\Application Data\pcouffin.sys
2003-10-23 16:52 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-12 68856]
"PowerBar"="c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2003-12-03 86016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-09-29 81990]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 135251]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"VTTimer"="VTTimer.exe" [2004-01-15 c:\windows\system32\VTTimer.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"NSSInstallation"="c:\windows\system32\Adobe\Shockwave 11\nssstub.exe" [2008-12-30 181624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Marianne\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=umqfan.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\GlobalStar Software\\School Tycoon\\SchoolTycoon.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Marianne\\temp\\TeamViewer\\Version4\\Te amViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sy s [2008-10-08 27904]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\DRIVERS\se46bus.sys [2008-05-04 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se46mdfl.sys [2008-05-04 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se46mdm.sys [2008-05-04 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se46mgmt.sys [2008-05-04 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\DRIVERS\se46nd5.sys [2008-05-04 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se46obex.sys [2008-05-04 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\DRIVERS\se46unic.sys [2008-05-04 90800]
.
Inhoud van de 'Gedeelde Taken' map
2008-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]
2008-12-30 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2008-12-30 16:25]
.
- - - - ORPHANS VERWIJDERD - - - -
BHO-{D9567C82-72D2-4443-8146-4BF404CC940A} - c:\windows\system32\tuvULcaA.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-Macro Manager - c:\program files\GrassSoft\Mouse Recorder\MacroManager.exe
HKLM-Run-c:\windows\system32\kdzmm.exe - c:\windows\system32\kdzmm.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-RunServices-Logical Volume - slvhost.exe
Notify-yayVnLdD - yayVnLdD.dll

.
------- Bijkomende Scan -------
.
uStart Page = www.google.be/ (http://www.google.be/)
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
mSearchURL = hxxp://www.google.com/
c:\windows\Downloaded Program Files\stg_drm.ocx - c:\windows\Downloaded Program Files\CONFLICT.1\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.2\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.3\stg_drm.ocx
O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20China/Images/stg_drm.ocx
c:\windows\Downloaded Program Files\armhelper.ocx - O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
hxxp://gamenextnl.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 17:30:07
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(608)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\a-squared Anti-Malware\a2service.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Trend Micro\HijackThis\HijackThis.exe
c:\windows\system32\notepad.exe
c:\windows\system32\searchfilterhost.exe
c:\windows\system32\mspaint.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-12-30 17:36:15 - machine werd herstart [Marianne]
ComboFix-quarantined-files.txt 2008-12-30 16:35:54
Pre-Run: 9,978,298,368 bytes beschikbaar
Post-Run: 10,457,571,328 bytes beschikbaar
267 --- E O F --- 2008-12-11 02:04:06


en dit is de nieuwe hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:35, on 30/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.be/ (http://www.google.be/)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20China/Images/stg_drm.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://zulie6.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148582511220
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chris7877.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230668083563&h=7a789123dc1c9cba24ce579ba0f6474f/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextnl.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O20 - AppInit_DLLs: umqfan.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
--
End of file - 8579 bytes

Hoi,

open HijackThis, klik op do a scan only en vink volgende regels aan:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O20 - AppInit_DLLs: umqfan.dll

Sluit alle open vensters, behalve Hijackthis, en klik op Fix Checked. Sluit HijackThis.

Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\sqmnoopt18.sqm
C:\sqmdata18.sqm
C:\sqmdata17.sqm
C:\sqmnoopt17.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmdata15.sqm
C:\sqmnoopt15.sqm

Driver::
msqpdxserv.sys


Sla dit op op je Bureaublad als CFScript .

Sleep CFScript in ComboFix.exe zoals getoond in onderstaand voorbeeld :


http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.

kmoestn ni opnieuw opstarten :

ComboFix 08-12-30.02 - Marianne 2008-12-31 9:46:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.991.557 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Marianne\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Marianne\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-11-28 to 2008-12-31 ))))))))))))))))))))))))))))))
.
2008-12-31 09:41 . 2008-12-31 09:41 <DIR> d-------- c:\program files\Norton Security Scan
2008-12-31 09:41 . 2008-12-31 09:41 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-12-30 18:29 . 2008-12-30 18:29 <DIR> d-------- c:\program files\DVD Shrink
2008-12-30 18:29 . 2008-12-30 18:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-30 17:55 . 2008-12-30 17:55 <DIR> d-------- c:\program files\Microsoft
2008-12-30 17:55 . 2008-12-31 09:37 <DIR> d-------- c:\documents and settings\Marianne\Tracing
2008-12-30 17:54 . 2008-12-30 17:54 <DIR> d-------- c:\program files\Windows Live SkyDrive
2008-12-30 17:54 . 2008-12-30 17:55 <DIR> d-------- c:\program files\Windows Live
2008-12-30 17:53 . 2008-12-30 17:53 <DIR> d-------- c:\program files\Common Files\Windows Live
2008-12-30 16:24 . 2008-12-30 16:24 <DIR> d-------- c:\windows\system32\Adobe
2008-12-30 15:21 . 2008-12-30 15:21 <DIR> d-------- c:\program files\Trend Micro
2008-12-29 09:40 . 2008-12-29 09:40 <DIR> d-------- c:\program files\Bit Che
2008-12-29 09:40 . 2008-12-29 09:40 <DIR> d-------- c:\documents and settings\Marianne\Application Data\Convivea
2008-12-29 09:10 . 2008-12-29 13:30 <DIR> d-------- c:\program files\a-squared Anti-Malware
2008-12-28 20:50 . 2008-12-28 20:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 20:50 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 20:50 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-28 19:41 . 2004-03-09 01:00 609,824 --a------ c:\windows\system32\COMCTL32.ocx
2008-12-28 19:41 . 2004-03-09 01:00 124,688 --a------ c:\windows\system32\MSWINSCK.ocx
2008-12-27 14:01 . 2008-12-27 14:01 <DIR> d-------- c:\program files\TeamViewer
2008-12-27 13:51 . 2008-12-27 13:51 <DIR> d-------- c:\documents and settings\Marianne\temp
2008-12-27 13:51 . 2008-12-27 13:51 <DIR> d-------- c:\documents and settings\Marianne\Application Data\TeamViewer
2008-12-26 20:00 . 2008-12-26 20:00 <DIR> d-------- c:\program files\ToggleEN
2008-12-26 20:00 . 2008-12-26 20:00 <DIR> d-------- c:\program files\Conduit
2008-12-14 12:49 . 2008-12-14 12:49 <DIR> d-------- C:\Lyrics
2008-12-14 12:48 . 2008-12-14 13:37 <DIR> d-------- c:\program files\Minilyrics
2008-12-14 12:48 . 2008-12-14 12:49 <DIR> d-------- c:\documents and settings\Marianne\Application Data\MiniLyrics
2008-12-14 00:33 . 2008-12-14 00:34 <DIR> d-------- c:\program files\BurnAwarePortable
2008-12-13 14:13 . 2008-12-13 14:27 <DIR> d-------- c:\program files\AoA DVD Creator
2008-12-13 14:10 . 2008-12-26 20:08 <DIR> d-------- c:\program files\AoA DVD Copy
2008-12-13 13:02 . 2008-12-26 20:08 <DIR> d-------- c:\program files\AoA DVD Ripper
2008-12-13 13:02 . 2008-12-14 13:38 186 --a------ c:\windows\AoADVDRipper.INI
2008-12-10 20:07 . 2008-12-30 10:40 <DIR> d-------- c:\program files\Xilisoft
2008-12-10 19:21 . 2008-12-10 19:23 <DIR> d-------- c:\program files\uTorrent
2008-12-10 19:21 . 2008-12-30 21:34 <DIR> d-------- c:\documents and settings\Marianne\Application Data\uTorrent
2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll
2008-11-27 01:08 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-11-27 01:08 . 2002-12-10 02:20 102,439 --a------ c:\windows\system32\sipr3260.dll
2008-11-23 11:47 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-22 16:40 . 2008-11-22 16:45 <DIR> d-------- c:\program files\MP3Gain
2008-11-22 03:22 . 2008-11-22 03:22 <DIR> d-------- c:\windows\system32\nl
2008-11-22 03:22 . 2008-11-22 03:22 <DIR> d-------- c:\windows\system32\bits
2008-11-22 03:22 . 2008-11-22 03:22 <DIR> d-------- c:\windows\l2schemas
2008-11-22 03:18 . 2008-11-22 03:18 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-22 03:08 . 2008-11-22 03:08 <DIR> d-------- c:\windows\EHome
2008-11-21 18:43 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-11-21 18:41 . 2008-11-21 18:41 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-11-21 18:36 . 2008-11-21 18:37 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-20 15:57 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-20 15:57 . 2008-10-15 17:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-18 17:21 . 2008-11-18 17:21 <DIR> d-------- c:\documents and settings\Marianne\Application Data\Malwarebytes
2008-11-18 17:20 . 2008-11-18 17:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-16 17:33 . 2008-11-16 17:33 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-16 17:33 . 2008-11-16 17:33 <DIR> d-------- c:\documents and settings\Marianne\Application Data\SUPERAntiSpyware.com
2008-11-16 17:33 . 2008-11-16 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-16 17:32 . 2008-12-29 09:20 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-16 17:27 . 2008-11-16 17:29 <DIR> d-------- C:\Temp
2008-11-16 17:20 . 2008-11-16 17:20 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-11-16 17:15 . 2008-11-16 17:15 268 --ah----- C:\sqmdata19.sqm
2008-11-16 17:15 . 2008-11-16 17:15 244 --ah----- C:\sqmnoopt19.sqm
2008-11-16 17:01 . 2008-11-16 17:01 172 --ah----- C:\sqmnoopt18.sqm
2008-11-16 17:01 . 2008-11-16 17:01 172 --ah----- C:\sqmdata18.sqm
2008-11-16 16:48 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-16 16:42 . 2008-11-16 16:42 268 --ah----- C:\sqmdata17.sqm
2008-11-16 16:42 . 2008-11-16 16:42 244 --ah----- C:\sqmnoopt17.sqm
2008-11-16 16:33 . 2008-11-16 16:33 <DIR> d-------- c:\program files\GlobalStar Software
2008-11-15 16:48 . 2004-08-04 13:00 2,962,432 --a------ c:\windows\system32\xpsp2res(3).dll
2008-11-15 16:48 . 2008-04-14 17:35 371,712 --a------ c:\windows\system32\html.iec
2008-11-15 16:48 . 2006-07-14 16:51 121,856 --a------ c:\windows\system32\xmllite(2).dll
2008-11-15 16:48 . 2004-08-04 13:00 24,576 --a------ c:\windows\system32\httpapi(3).dll
2008-11-15 16:48 . 2004-08-04 13:00 15,872 --a------ c:\windows\system32\w3ssl(2).dll
2008-11-15 16:47 . 2004-08-04 13:00 351,232 --a------ c:\windows\system32\winhttp(3).dll
2008-11-15 16:47 . 2004-08-04 13:00 177,152 --a------ c:\windows\system32\msctfime(3).ime
2008-11-15 16:47 . 2004-08-04 13:00 81,408 --a------ c:\windows\system32\wscsvc(3).dll
2008-11-15 16:47 . 2004-08-04 13:00 75,776 --a------ c:\windows\system32\strmfilt(2).dll
2008-11-15 16:47 . 2004-08-04 13:00 6,656 --a------ c:\windows\system32\wuauserv(2).dll
2008-11-15 16:44 . 2005-10-20 23:31 1,092,096 --a------ c:\windows\system32\esent(3).dll
2008-11-15 16:43 . 2004-08-04 13:00 1,721,344 --a------ c:\windows\system32\netshell(3).dll
2008-11-15 16:42 . 2007-10-25 17:44 8,507,392 --a------ c:\windows\system32\shell32(3).dll
2008-11-15 16:41 . 2008-02-29 10:09 265,948 --a------ c:\windows\system32\locale.nls
2008-11-15 16:41 . 2008-11-22 03:14 251,712 --a------ C:\ntldr
2008-11-15 16:41 . 2006-12-29 19:08 23,044 --a------ c:\windows\system32\sorttbls.nls
2008-11-15 12:31 . 2008-11-15 12:31 268 --ah----- C:\sqmdata16.sqm
2008-11-15 12:31 . 2008-11-15 12:31 244 --ah----- C:\sqmnoopt16.sqm
2008-11-15 12:09 . 2008-11-15 12:09 268 --ah----- C:\sqmdata15.sqm
2008-11-15 12:09 . 2008-11-15 12:09 244 --ah----- C:\sqmnoopt15.sqm
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-30 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-30 16:39 --------- d-----w c:\documents and settings\Marianne\Application Data\dvdcss
2008-12-28 19:25 --------- d-----w c:\program files\Java
2008-12-28 18:50 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-28 18:33 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-27 12:50 --------- d-----w c:\documents and settings\Marianne\Application Data\FrostWire
2008-12-26 19:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-26 19:26 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-13 20:52 --------- d-----w c:\documents and settings\Marianne\Application Data\Vso
2008-11-27 01:47 --------- d-----w c:\program files\FrostWire
2008-11-23 11:02 30 ----a-w c:\documents and settings\Marianne\jagex_runescape_preferences.dat
2008-11-21 17:31 --------- d-----w c:\program files\Yahoo!
2008-11-21 17:25 --------- d-----w c:\program files\HistoryCleaner
2008-11-18 16:07 --------- d-----w c:\program files\Google
2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:05 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:28 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-07 20:03 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-09-07 20:03 249,856 ------w c:\windows\Setup1.exe
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-04-29 11:47 47,360 ----a-w c:\documents and settings\Marianne\Application Data\pcouffin.sys
2003-10-23 16:52 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((( snapshot@2008-12-30_17.35.11.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-30 16:55:37 80,395 ----a-r c:\windows\Installer\{1A38EBE5-08BD-4E0D-AAB9-0DFECACE108B}\MsblIco.Exe
+ 2008-12-30 16:54:51 62,288 ----a-r c:\windows\Installer\{362F80B4-9628-4100-B074-5A1BB6FCBBF3}\IconWlc.exe
+ 2008-12-31 08:41:26 29,184 ----a-r c:\windows\Installer\{A6FFB28C-D49B-4538-B3A7-9783A5C771DD}\Icon3FADAA191.exe
- 2008-11-22 02:33:10 155,568 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-31 08:36:34 158,752 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.ex e
- 2008-07-24 10:02:08 74,137 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activ eX.exe
+ 2008-12-30 18:00:49 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activ eX.exe
+ 2008-12-31 08:37:02 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5b8.dat
+ 2005-09-22 21:48:08 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-09-22 21:48:08 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-22 21:48:06 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2007-11-06 19:23:58 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-07 00:19:34 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 00:19:34 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-12 68856]
"PowerBar"="c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2003-12-03 86016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-09-29 81990]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 135251]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"VTTimer"="VTTimer.exe" [2004-01-15 c:\windows\system32\VTTimer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Marianne\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\GlobalStar Software\\School Tycoon\\SchoolTycoon.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Marianne\\temp\\TeamViewer\\Version4\\Te amViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sy s [2008-10-08 27904]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\DRIVERS\se46bus.sys [2008-05-04 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se46mdfl.sys [2008-05-04 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se46mdm.sys [2008-05-04 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se46mgmt.sys [2008-05-04 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\DRIVERS\se46nd5.sys [2008-05-04 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se46obex.sys [2008-05-04 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\DRIVERS\se46unic.sys [2008-05-04 90800]
.
Inhoud van de 'Gedeelde Taken' map
2008-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]
2008-12-31 c:\windows\Tasks\Norton Security Scan for Marianne.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
.
------- Bijkomende Scan -------
.
uStart Page = www.google.be/ (http://www.google.be/)
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
mSearchURL = hxxp://www.google.com/
c:\windows\Downloaded Program Files\stg_drm.ocx - c:\windows\Downloaded Program Files\CONFLICT.1\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.2\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.3\stg_drm.ocx
O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20China/Images/stg_drm.ocx
c:\windows\Downloaded Program Files\armhelper.ocx - O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
hxxp://gamenextnl.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 09:49:22
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(604)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Voltooingstijd: 2008-12-31 9:52:17
ComboFix-quarantined-files.txt 2008-12-31 08:51:00
ComboFix2.txt 2008-12-30 16:36:22
Pre-Run: 8.443.654.144 bytes beschikbaar
Post-Run: 8,604,577,792 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
269 --- E O F --- 2008-12-11 02:04:06

Nog problemen nu?

Nog problemen nu?
als ik messenger 9.0 wil downen ( www.messmotions.nl/msn9.0.php )

dan krijg ek dit : http://i43.tinypic.com/2nb6jo7.jpg

Zoals ik al zei in je andere topic: ik zou deze niet instaleren!!! het gaat hier over een béta versie en deze zou ik dus niet instaleren!!!

Waarom willen jullie toch altijd versies gebruiken die nog niet volledig zijn? Het gevaar voor mal- en spyware loopt alleen maar op.

Zoals ik al zei in je andere topic: ik zou deze niet instaleren!!! het gaat hier over een béta versie en deze zou ik dus niet instaleren!!!

Waarom willen jullie toch altijd versies gebruiken die nog niet volledig zijn? Het gevaar voor mal- en spyware loopt alleen maar op.

khad het ni over 9.0 alleen ,, ik kan geen 1 instaleren :S zelfs 8.5 ni enz

Ik zie echt niets van malware aanwezig hoor.

Ik zie echt niets van malware aanwezig hoor.

ik weet niet wat dat programma gedaan eeft maar er is iets goed mis met men computer nu ! als ik naar deze computer ga krijg ik een melding dat er een fout is opgetreden en ik kan er ni meer naartoe ,, op sommige sites kan ik niet gaan want hij schakeld automatisch door naar oeps er is een fout ofzo

echt lastig

weetj ni hoe het komt ? moet ek nog een hijack logje plaatsen ?

IB

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.

http://i78.photobucket.com/albums/j116/amateur_photos/CFuninstall.png

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.

http://i78.photobucket.com/albums/j116/amateur_photos/CFuninstall.png

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.

dat programma eeft slechte dingen gedaan maarook goeie dus wilk ni alles kwijt :s

Verwijder Combofix toch maar op de aangewezen manier hoor.

Verwijder Combofix toch maar op de aangewezen manier hoor.

Veranderd dan alles wat ik met da programma gedaan heb ?

IB

Veranderd dan alles wat ik met da programma gedaan heb ?

IB

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.

Ze zeggen dat het bestand niet gevonden kan worden ::S

IB ;)

Download ComboFix eens opnieuw en verwijder het dan onmiddlijk op de aangewezen manier.

Download ComboFix eens opnieuw en verwijder het dan onmiddlijk op de aangewezen manier.

Hoe doe ke dit ? de klokinstellingen terug doen en systeemherstel resetten ?

Hoe doe ke dit ? de klokinstellingen terug doen en systeemherstel resetten ?

Het uninstallen van ComboFix doet dat automatisch voor je.

Het uninstallen van ComboFix doet dat automatisch voor je.

Ok :D

Bedankt voor al de moeite ;)

Groeten IB

Graag gedaan hoor.