Pavlov

ComboFix 09-03-02.03 - Gebruiker 2009-03-03 19:02:40.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.1023.552 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Nieuw herstelpunt werd aangemaakt FILE :: c:\windows\system32\hXEO6mSA.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . (((((((((((((((((((( Bestanden Gemaakt van 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))) . 2009-02-28 12:47 . 2009-02-28 12:47 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-28 12:47 . 2009-02-28 12:47 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\Malwarebytes 2009-02-28 12:47 . 2009-02-28 12:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-28 12:47 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-28 12:47 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-28 11:22 . 2009-02-28 11:22 <DIR> d-------- c:\program files\Trend Micro 2009-02-28 10:00 . 2009-02-28 10:00 <DIR> dr------- c:\documents and settings\NetworkService\Favorieten . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-03 17:26 --------- d-----w c:\program files\Steam 2009-02-07 09:40 --------- d-----w c:\program files\MP3 Rocket 2009-02-07 09:40 --------- d-----w c:\documents and settings\Gebruiker\Application Data\MP3Rocket 2009-01-30 10:26 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-01-30 10:25 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-30 10:25 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-30 10:25 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll 2007-11-28 20:13 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2007-11-28 20:13 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2007-11-28 20:13 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2007-11-28 20:13 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2007-11-28 20:13 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Steam"="c:\program files\steam\steam.exe" [2008-10-09 1410296] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-13 172032] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-30 1601304] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-30 11:25 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= ir41_32.dll "vidc.I420"= vdrcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\EA GAMES\\The Battle for Middle-earth\\game.dat"= "c:\\Program Files\\Return to Castle Wolfenstein\\WolfMP.exe"= "c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"= "c:\\Program Files\\Steam\\SteamApps\\kenneirynck\\half-life 2 deathmatch\\hl2.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Steam\\SteamApps\\kenneirynck\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Steam\\SteamApps\\kenneirynck\\day of defeat source\\hl2.exe"= "c:\\Program Files\\Steam\\steam.exe"= "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"= "c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "f:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.EXE"= "c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"= "c:\\Program Files\\MP3 Rocket\\MP3Rocket.exe"= R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [2003-08-01 29239] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-05 325128] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-05 107272] R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2004-07-06 188416] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 903960] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 298264] R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2004-08-03 62976] S2 bsaspi32;bsaspi32; [x] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe FF - ProfilePath - . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-03 19:05:01 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-1659004503-1957994488-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:5a,45,b0,90,9f,26,b3,25,6a,b5,00,a3,fc,1a,07,9e,4c,58,a9,79,cb,f4,ab, 6d,11,2a,62,9e,77,b2,60,16,8b,26,bf,6a,44,e6,93,cf,df,78,bf,c9,f4,4b,3f,10,\ "??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-11cb-94af-e4bef4f0655f}\InprocServer32*] "Class"=hex:f3,bb,27,cf,1a,7a,a0,3e,21,10,6a,27,c6,61,4a,34,cf,33,ea,e3,c8,37, 20,b6,e9,ca,7c,57,30,c5,e0,e2,53,0c,93,10,5e,75,0d,12,81,ef,38,af,b4,00,12,\ "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-62ba-54f7-1f12f4f0655f}\InprocServer32*] "Class"=hex:dd,a7,5a,ab,ea,51,c4,bb,3e,5c,2c,6b,fb,ac,4b,f4,c6,2c,e1,9d,67,53, ea,f4,3f,4f,0b,46,a3,78,13,01,01,25,48,d0,74,9d,a2,32,36,85,bc,7c,3a,aa,44,\ "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-6621-bd79-455bf4f0655f}\InprocServer32*] "Class"=hex:6b,8d,e6,29,c9,70,1a,06,37,8f,80,d4,b2,f7,b1,f6,a3,67,f4,cd,07,82, 12,89,8c,39,31,15,5b,a0,d0,4c,85,df,58,2c,00,96,2a,e5,24,9a,0f,7f,38,ae,35,\ "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-739c-d09f-d7fef4f0655f}\InprocServer32*] "Class"=hex:21,c4,ee,24,1f,5a,33,83,07,24,b9,b1,f6,db,1a,a1,c2,51,12,4f,db,aa, 8a,e9,d9,0e,ab,66,78,02,9e,c0,77,57,0f,3b,29,9f,2b,5d,7e,08,47,f7,0e,80,cf,\ "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-a91d-4879-bec1f4f0655f}\InprocServer32*] "Class"=hex:68,27,45,f7,86,a8,a9,0f,99,2a,2d,18,8d,25,56,68,37,39,a3,de,a6,36, 83,91,53,73,0f,71,f9,cc,c9,3b,2c,77,b7,03,c2,53,60,56,8b,f0,27,a5,cc,0e,c1,\ "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-beba-eb09-2ae4f4f0655f}\InprocServer32*] "Class"=hex:28,7f,28,ed,6d,80,ea,b3,67,97,34,af,3f,3e,26,45,23,fb,40,7d,8f,e6, 93,43,ed,88,52,2d,b1,13,b9,9e,b1,fe,6f,38,90,6c,ca,07,18,51,52,0b,25,f2,17,\ "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-da4a-b0a2-3449f4f0655f}\InprocServer32*] "Class"=hex:ca,b1,92,d6,16,f6,04,e6,b3,5e,a4,c1,fa,c1,a5,58,9b,0e,1e,e7,82,84, c0,05,be,c2,81,d3,44,15,a7,21,d7,18,4d,95,63,48,65,ce,4b,88,77,d9,5d,6e,f6,\ "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" . Voltooingstijd: 2009-03-03 19:06:15 ComboFix-quarantined-files.txt 2009-03-03 18:06:13 ComboFix2.txt 2009-03-02 16:34:16 ComboFix3.txt 2009-02-28 18:09:02 Pre-Run: 40.156.377.088 bytes beschikbaar Post-Run: 40,157,089,792 bytes beschikbaar 196 --- E O F --- 2009-02-26 13:32:20

Nog een poging voor Combofix log, volgens mij nu wel volledig ;-) Ik lijk wel geen problemen meer te ondervinden... Vingers kruisen. Mercikes ComboFix 09-03-01.01 - Gebruiker 2009-03-02 17:30:31.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.1023.555 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))) . 2009-02-28 12:47 . 2009-02-28 12:47 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-28 12:47 . 2009-02-28 12:47 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\Malwarebytes 2009-02-28 12:47 . 2009-02-28 12:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-28 12:47 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-28 12:47 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-28 11:22 . 2009-02-28 11:22 <DIR> d-------- c:\program files\Trend Micro 2009-02-28 10:00 . 2009-02-28 10:00 <DIR> dr------- c:\documents and settings\NetworkService\Favorieten 2009-02-27 14:46 . 2009-02-27 14:46 77,824 --a------ c:\windows\system32\hXEO6mSA.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-02 16:27 --------- d-----w c:\program files\Steam 2009-02-07 09:40 --------- d-----w c:\program files\MP3 Rocket 2009-02-07 09:40 --------- d-----w c:\documents and settings\Gebruiker\Application Data\MP3Rocket 2009-01-30 10:26 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-01-30 10:25 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-30 10:25 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-30 10:25 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll 2007-11-28 20:13 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2007-11-28 20:13 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2007-11-28 20:13 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2007-11-28 20:13 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2007-11-28 20:13 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Steam"="c:\program files\steam\steam.exe" [2008-10-09 1410296] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-13 172032] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-30 1601304] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-30 11:25 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= ir41_32.dll "vidc.I420"= vdrcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\EA GAMES\\The Battle for Middle-earth\\game.dat"= "c:\\Program Files\\Return to Castle Wolfenstein\\WolfMP.exe"= "c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"= "c:\\Program Files\\Steam\\SteamApps\\kenneirynck\\half-life 2 deathmatch\\hl2.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Steam\\SteamApps\\kenneirynck\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Steam\\SteamApps\\kenneirynck\\day of defeat source\\hl2.exe"= "c:\\Program Files\\Steam\\steam.exe"= "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"= "c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "f:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.EXE"= "c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"= "c:\\Program Files\\MP3 Rocket\\MP3Rocket.exe"= R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [2003-08-01 29239] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-05 325128] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-05 107272] R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2004-07-06 188416] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 903960] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 298264] R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2004-08-03 62976] S2 bsaspi32;bsaspi32; [x] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a4fd800-d952-11dc-849d-00195b700bc5}] \Shell\AutoRun\command - L:\EXPLORER.EXE \Shell\explore\Command - L:\EXPLORER.EXE \Shell\open\Command - L:\EXPLORER.EXE . Inhoud van de 'Gedeelde Taken' map 2009-02-27 c:\windows\Tasks\At1.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At10.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-28 c:\windows\Tasks\At11.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-28 c:\windows\Tasks\At12.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-28 c:\windows\Tasks\At13.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-28 c:\windows\Tasks\At14.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At15.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At16.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At17.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At18.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At19.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At2.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At20.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-28 c:\windows\Tasks\At21.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At22.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At23.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At24.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At3.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At4.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At5.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At6.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At7.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At8.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] 2009-02-27 c:\windows\Tasks\At9.job - c:\windows\system32\hXEO6mSA.exe [2009-02-27 14:46] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe FF - ProfilePath - . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-02 17:33:01 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-1659004503-1957994488-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:5a,45,b0,90,9f,26,b3,25,6a,b5,00,a3,fc,1a,07,9e,4c,58,a9,79,cb,f4,ab, 6d,11,2a,62,9e,77,b2,60,16,8b,26,bf,6a,44,e6,93,cf,df,78,bf,c9,f4,4b,3f,10,\ "??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-11cb-94af-e4bef4f0655f}\InprocServer32*] "Class"=hex:f3,bb,27,cf,1a,7a,a0,3e,21,10,6a,27,c6,61,4a,34,cf,33,ea,e3,c8,37, 20,b6,e9,ca,7c,57,30,c5,e0,e2,53,0c,93,10,5e,75,0d,12,81,ef,38,af,b4,00,12,\ "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-62ba-54f7-1f12f4f0655f}\InprocServer32*] "Class"=hex:dd,a7,5a,ab,ea,51,c4,bb,3e,5c,2c,6b,fb,ac,4b,f4,c6,2c,e1,9d,67,53, ea,f4,3f,4f,0b,46,a3,78,13,01,01,25,48,d0,74,9d,a2,32,36,85,bc,7c,3a,aa,44,\ "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-6621-bd79-455bf4f0655f}\InprocServer32*] "Class"=hex:6b,8d,e6,29,c9,70,1a,06,37,8f,80,d4,b2,f7,b1,f6,a3,67,f4,cd,07,82, 12,89,8c,39,31,15,5b,a0,d0,4c,85,df,58,2c,00,96,2a,e5,24,9a,0f,7f,38,ae,35,\ "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-739c-d09f-d7fef4f0655f}\InprocServer32*] "Class"=hex:21,c4,ee,24,1f,5a,33,83,07,24,b9,b1,f6,db,1a,a1,c2,51,12,4f,db,aa, 8a,e9,d9,0e,ab,66,78,02,9e,c0,77,57,0f,3b,29,9f,2b,5d,7e,08,47,f7,0e,80,cf,\ "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-a91d-4879-bec1f4f0655f}\InprocServer32*] "Class"=hex:68,27,45,f7,86,a8,a9,0f,99,2a,2d,18,8d,25,56,68,37,39,a3,de,a6,36, 83,91,53,73,0f,71,f9,cc,c9,3b,2c,77,b7,03,c2,53,60,56,8b,f0,27,a5,cc,0e,c1,\ "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-beba-eb09-2ae4f4f0655f}\InprocServer32*] "Class"=hex:28,7f,28,ed,6d,80,ea,b3,67,97,34,af,3f,3e,26,45,23,fb,40,7d,8f,e6, 93,43,ed,88,52,2d,b1,13,b9,9e,b1,fe,6f,38,90,6c,ca,07,18,51,52,0b,25,f2,17,\ "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-da4a-b0a2-3449f4f0655f}\InprocServer32*] "Class"=hex:ca,b1,92,d6,16,f6,04,e6,b3,5e,a4,c1,fa,c1,a5,58,9b,0e,1e,e7,82,84, c0,05,be,c2,81,d3,44,15,a7,21,d7,18,4d,95,63,48,65,ce,4b,88,77,d9,5d,6e,f6,\ "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" . Voltooingstijd: 2009-03-02 17:34:15 ComboFix-quarantined-files.txt 2009-03-02 16:34:13 ComboFix2.txt 2009-02-28 18:09:02 Pre-Run: 40.219.209.728 bytes beschikbaar Post-Run: 40,221,331,456 bytes beschikbaar 220 --- E O F --- 2009-02-26 13:32:20

Momenteel zit ik op mijn werk; morgennamiddag stuur ik het door, ook al denk ik dat het nochtans wel alles is wat er op stond... Nogmaals nen dikke merci!

Dit is logje van Combofix; het is weer even gedaan met Warning- bellen ;-) ComboFix 09-02-27.02 - Gebruiker 2009-02-28 19:01:52.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.1023.630 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\init32.exe c:\windows\system32\mdm.exe Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir . (((((((((((((((((((( Bestanden Gemaakt van 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))) . 2009-02-28 12:47 . 2009-02-28 12:47 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-28 12:47 . 2009-02-28 12:47 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\Malwarebytes 2009-02-28 12:47 . 2009-02-28 12:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-28 12:47 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-28 12:47 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-28 11:22 . 2009-02-28 11:22 <DIR> d-------- c:\program files\Trend Micro 2009-02-28 10:00 . 2009-02-28 10:00 <DIR> dr------- c:\documents and settings\NetworkService\Favorieten 2009-02-27 14:46 . 2009-02-27 14:46 77,824 --a------ c:\windows\system32\hXEO6mSA.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-28 18:05 --------- d-----w c:\program files\Steam 2009-02-07 09:40 --------- d-----w c:\program files\MP3 Rocket 2009-02-07 09:40 --------- d-----w c:\documents and settings\Gebruiker\Application Data\MP3Rocket 2009-01-30 10:26 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-01-30 10:25 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-30 10:25 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2008-12-29 12:24 --------- d-----w c:\program files\Hewlett-Packard 2007-11-28 20:13 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2007-11-28 20:13 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2007-11-28 20:13 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2007-11-28 20:13 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2007-11-28 20:13 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

die heb ik, en die vindt niets...

Blijkbaar toch nog niet helemaal opgelost: krijg nog steeds kaders van Spywareremover of zoiets...

AskSbar is verwijderd; log van Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:07:43, on 28/02/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\userinit.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\steam\steam.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140631167230 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe -- End of file - 7623 bytes En log van MBAM: Malwarebytes' Anti-Malware 1.34 Database versie: 1812 Windows 5.1.2600 Service Pack 2 28/02/2009 13:01:58 mbam-log-2009-02-28 (13-01-58).txt Scan type: Snelle Scan Objecten gescand: 80148 Verstreken tijd: 8 minute(s), 25 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 2 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 2 Mappen geïnfecteerd: 3 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantispyware2009) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\Program Files\Common Files\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\system32\hXEO6mSA.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully. Op dit moment nog geen Rood bolletje dat om de 2 minuten aanspringt, dus vingers kruisen... Bedankt, dien ik nog iets te weten/ doen?

Bedankt voor de snelle reactie! Hijackthis heb ik al gedaan, maar ik kan de map AskSbar niet verwijderen; krijg steeds de melding dat de schijf in gebruik zou zijn?! Tips?

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:22:48, on 28/02/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\11179.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\hXEO6mSA.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\11179.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140631167230 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe -- End of file - 7985 bytes

Hallo! Ik ben wellicht al de 734e met dit probleem: maar irritante, steeds wederkerende melding dat ik een probleem zou hebben... Heb HijackThis geïnstalleerd en dit is wat uit logje gekomen is. Hulp zou welkom zijn, want is mega- irritant ;-) Alvast bedankt! Pavlov