[OPGELOST] kan iemand mijn hijack log bekijken?

lonnerke · 31 mei 2009

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:45:11, on 31/05/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\CA\ETRUST~1\realmon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\SPAMfighter\SFAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

C:\Program Files\CA\eTrust Antivirus\InoRT.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe

C:\Program Files\CA\eTrust Antivirus\InoTask.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\Program Files\SPAMfighter\sfus.exe

C:\WINDOWS\System32\svchost.exe

C:\OPLIMIT\ocrawr32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Skynet.be - LE portail belge – DE Belgische portaalsite!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl-be\msntb.dll (file missing)

O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl-be\msntb.dll (file missing)

O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing)

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe

O4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup

O4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe

O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\ik\Application Data\WinTouch\WinTouch.exe

O4 - HKLM\..\Policies\Explorer\Run: [5E39J1V19L] C:\WINDOWS\whsyst32.exe

O4 - HKLM\..\Policies\Explorer\Run: [win aggiornamento] C:\WINDOWS\winupdate.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\ik\Application Data\Dealio\kb124\res\DealioSearch.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.kruidvat.be

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098624601250

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe

O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe

O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

--

End of file - 10592 bytes

kape · 31 mei 2009

Ga naar Start - Uitvoeren en tik in: sc stop “Boonty Games”

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete “Boonty Games”

Druk op Enter.

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl-be\msntb.dll (file missing)

O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl-be\msntb.dll (file missing)

O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing)

O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe

O4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup

O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe

O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe

O4 - HKCU..Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe

O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\ik\Application Data\WinTouch\WinTouch.exe

O4 - HKLM\..\Policies\Explorer\Run: [5E39J1V19L] C:\WINDOWS\whsyst32.exe

O4 - HKLM\..\Policies\Explorer\Run: [win aggiornamento] C:\WINDOWS\winupdate.exe

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende vetgedrukte map met Windows Verkenner :

C:\Program Files\YourSiteBar

C:\Program Files\SpySpotter3

C:\Program Files\NavExcel

C:\Program Files\Dealio

C:\Program Files\JavaCore

C:\Documents and Settings\ik\Application Data\WinTouch

C:\Program Files\SideFind

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder). De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

kape · 1 juni 2009

Ontvangen via PB :

Malwarebytes' Anti-Malware 1.37

Database versie: 2202

Windows 5.1.2600 Service Pack 2

31/05/2009 22:32:16

mbam-log-2009-05-31 (22-32-16).txt

Scan type: Snelle Scan

Objecten gescand: 96439

Verstreken tijd: 14 minute(s), 38 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 2

Registersleutels geïnfecteerd: 47

Registerwaarden geïnfecteerd: 3

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 14

Bestanden geïnfecteerd: 11

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

C:\Program Files\SideFind\sfbho.dll (Adware.SideFind) -> Delete on reboot.

C:\Program Files\SideFind\sidefind.dll (Adware.SideFind) -> Delete on reboot.

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\TypeLib\{d0288a41-9855-4a9b-8316-babe243648da} (Adware.SideFind) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{339d8aff-0b42-4260-ad82-78ce605a9543} (Adware.SideFind) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{58634367-d62b-4c2c-86be-5aac45cdb671} (Adware.SideFind) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} (Adware.SideFind) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8cba1b49-8144-4721-a7b1-64c578c9eed7} (Adware.SideFind) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7} (Adware.SideFind) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\browserhelperobject.bahelper (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\browserhelperobject.bahelper.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sidefind.finder (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sidefind.finder.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ysb.ysbobj (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ysb.ysbobj.1 (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ysbactivex.installer (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0985c112-2562-46f2-8da6-92648ba4630f} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{dfbcc1eb-b149-487e-80c1-cc1562021542} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3fdd654-a057-4971-9844-4ed8e67dbbb8} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10e42047-deb9-4535-a118-b3f6ec39b807} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178f3fb-2560-458f-bdee-631e2fe0dfe4} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db893839-10f0-4af9-92fa-b23528f530af} (Dialer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wintouch (Adware.WinPop) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Twain (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Sidefind (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\xInsiDERexe (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\IST (Trojan.ISTBar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar (Trojan.Istbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar (Trojan.Istbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{10e42047-deb9-4535-a118-b3f6ec39b807} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

c:\program files\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

c:\program files\common files\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

c:\documents and settings\ik\application data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

c:\documents and settings\ik\application data\winantivirus pro 2006\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\Inet_Get_2 (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\ik\Application Data\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.

C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\ISTsvc (Adware.ISTBar) -> Quarantined and deleted successfully.

C:\Program Files\SideFind (Adware.ISTBar) -> Delete on reboot.

c:\program files\SideFind\update (Adware.ISTBar) -> Quarantined and deleted successfully.

C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\Twain (Trojan.Agent) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

C:\Program Files\SideFind\sfbho.dll (Adware.SideFind) -> Delete on reboot.

C:\Program Files\SideFind\sidefind.dll (Adware.SideFind) -> Delete on reboot.

c:\program files\winantivirus pro 2006\history.db (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

c:\program files\common files\winantivirus pro 2006\WapCHK.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

c:\documents and settings\ik\application data\winantivirus pro 2006\PGE.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

c:\documents and settings\ik\application data\WinTouch\wintouch.cfg (Adware.WinPop) -> Quarantined and deleted successfully.

c:\documents and settings\ik\application data\WinTouch\WTUninstaller.exe (Adware.WinPop) -> Quarantined and deleted successfully.

c:\program files\SideFind\sfexd001 (Adware.ISTBar) -> Quarantined and deleted successfully.

c:\program files\CPV\CPV7.dll.lzma (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\program files\Twain\Twain.exe.lzma (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\stera.job (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

sommige programma's kon ik niet verwijderen via verkennen; omdat zij tegen schrijven bestand waren of zoiets

hijack log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:36:06, on 31/05/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\CA\ETRUST~1\realmon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\SPAMfighter\SFAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

C:\Program Files\CA\eTrust Antivirus\InoRT.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe

C:\Program Files\CA\eTrust Antivirus\InoTask.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\Program Files\SPAMfighter\sfus.exe

C:\WINDOWS\System32\svchost.exe

C:\OPLIMIT\ocrawr32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Skynet.be - LE portail belge – DE Belgische portaalsite!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing