miran102

dit is het nieuwe logje van combofix: ComboFix 09-02-28.01 - Eigenaar 2009-03-01 23:50:36.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1014.572 [GMT 1:00] Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\CFScript.txt..txt AV: a-squared Anti-Malware *On-access scanning disabled* (Outdated) AV: AVG Anti-Virus *On-access scanning enabled* (Updated) * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2009-02-01 to 2009-03-01 )))))))))))))))))))))))))))))) . 2009-03-01 13:12 . 2009-03-01 23:44 <DIR> dr-h----- c:\documents and settings\Eigenaar\Onlangs geopend 2009-03-01 12:49 . 2009-03-01 12:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-01 12:49 . 2009-03-01 12:49 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Malwarebytes 2009-03-01 12:49 . 2009-03-01 12:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-01 12:49 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-01 12:49 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-28 12:00 . 2009-02-28 23:02 <DIR> d-------- c:\program files\a-squared Anti-Malware 2009-02-28 11:49 . 2009-02-28 11:49 <DIR> d-------- c:\program files\Trend Micro 2009-02-27 21:02 . 2009-03-01 16:49 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-02-27 20:34 . 2009-03-01 11:56 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-02-27 20:34 . 2009-02-27 20:34 <DIR> d-------- c:\program files\AVG 2009-02-27 20:34 . 2009-02-28 11:49 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\AVGTOOLBAR 2009-02-27 20:34 . 2009-02-28 10:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-02-27 20:34 . 2009-02-28 10:28 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-02-27 20:34 . 2009-02-28 10:28 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-02-27 20:34 . 2009-02-28 10:28 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys 2009-02-27 20:34 . 2009-02-28 10:28 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-02-27 18:06 . 2009-02-27 20:01 <DIR> d-------- c:\program files\ESET 2009-02-27 18:06 . 2009-02-27 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET 2009-02-27 18:05 . 2009-02-27 18:05 0 --a------ c:\windows\RAVTC.TMP 2009-02-27 18:04 . 2009-02-27 18:04 0 --------- c:\windows\PAVSHRB.INI 2009-02-07 23:39 . 2009-02-27 19:55 <DIR> d-------- c:\program files\Eusing Free Registry Cleaner 2009-02-07 19:04 . 2009-02-07 19:04 <DIR> d-------- c:\program files\LimeWire 2009-02-06 19:55 . 2009-02-06 19:55 308,616 --a------ c:\windows\WLXPGSS.SCR 2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll 2009-02-04 20:56 . 2009-02-04 20:56 <DIR> d-------- c:\windows\system32\VIRepair 2009-02-01 10:38 . 2009-02-01 10:39 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\ViStart . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-28 20:59 --------- d-----w c:\documents and settings\Eigenaar\Application Data\uTorrent 2009-02-28 16:12 34 ----a-w c:\documents and settings\Eigenaar\jagex_runescape_preferences.dat 2009-02-28 11:40 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Vso 2009-02-27 17:04 --------- d-----w c:\program files\Panda Security 2009-02-27 10:38 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-20 17:36 --------- d-----w c:\program files\Windows Live 2009-02-17 17:51 --------- d-----w c:\program files\ABBYY FineReader 6.0 Sprint 2009-02-15 13:26 --------- d-----w c:\documents and settings\Eigenaar\Application Data\LimeWire 2009-02-14 22:16 --------- d-----w c:\documents and settings\Eigenaar\Application Data\dvdcss 2009-02-11 15:06 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-06 17:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys 2009-02-04 19:56 --------- d-----w c:\program files\Styler 2009-01-31 11:07 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Styler 2009-01-30 16:39 --------- d-----w c:\program files\Microsoft IntelliPoint 2009-01-30 16:38 --------- d-----w c:\program files\Intel 2009-01-30 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner 2009-01-30 15:37 --------- dc-h--w c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E} 2009-01-30 15:37 --------- d-----w c:\program files\Uniblue 2009-01-30 15:37 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Uniblue 2009-01-29 20:54 --------- d-----w c:\program files\WinFlip 2009-01-29 20:54 --------- d-----w c:\program files\TrueTransparency 2009-01-27 17:24 --------- d-----w c:\program files\Typen 2009-01-17 10:45 --------- d-----w c:\program files\CyberLink 2009-01-17 10:11 --------- d-----w c:\program files\Nokia 2009-01-17 10:11 --------- d-----w c:\program files\Common Files\Nokia 2009-01-17 09:40 --------- d-----w c:\program files\Microsoft Works 2009-01-13 20:20 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-13 20:19 --------- d-----w c:\program files\epson 2009-01-09 20:10 --------- d-----w c:\program files\Microsoft 2009-01-09 20:09 --------- d-----w c:\program files\Windows Live SkyDrive 2009-01-07 19:00 --------- d-----w c:\program files\Yu-Gi-Oh! Power of Chaos - Kaiba the Revenge 2009-01-06 20:33 --------- d-----w c:\documents and settings\All Users\Application Data\vsosdk 2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-24 18:53 47,360 ----a-w c:\documents and settings\Eigenaar\Application Data\pcouffin.sys 2008-09-04 19:42 168 ----a-w c:\documents and settings\Eigenaar\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-28 1601304] "a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2009-02-25 2799760] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-28 10:28 10520 c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk] backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2008-04-15 11:00 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX6000 Series] --a------ 2006-02-13 05:00 131072 c:\windows\system32\spool\drivers\W32X86\3\E_FATIBIE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series] --a------ 2007-04-12 07:00 182272 c:\windows\system32\spool\drivers\W32X86\3\E_FATICDE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series (Kopie 1)] --a------ 2007-04-12 07:00 182272 c:\windows\system32\spool\drivers\W32X86\3\E_FATICDE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui] --a------ 2009-02-06 18:08 454000 c:\program files\Windows Live\Family Safety\fsui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2008-02-28 15:00 166424 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2008-02-28 15:00 141848 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2008-06-10 12:56 1406024 c:\program files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2009-02-06 18:52 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-02-18 15:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-03-25 12:33 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2008-02-28 15:00 137752 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2006-04-04 10:44 16120832 c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "ServiceLayer"=3 (0x3) "sdCoreService"=2 (0x2) "sdAuxService"=2 (0x2) "PSIMSVC"=2 (0x2) "PLFlash DeviceIoControl Service"=2 (0x2) "PAVSRV"=2 (0x2) "PavPrSrv"=2 (0x2) "Panda Software Controller"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "NMIndexingService"=3 (0x3) "Nero BackItUp Scheduler 3"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "fsssvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-27 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-27 325128] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-27 107272] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-28 298264] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-09 55152] R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-10-21 17149] S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?] . . ------- Bijkomende Scan ------- . uStart Page = IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 TCP: {A8C55D32-C549-44B6-9616-667AE98E8A9C} = 213.46.228.196,62.179.104.196 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-01 23:51:35 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2009-03-01 23:52:36 ComboFix-quarantined-files.txt 2009-03-01 22:52:33 ComboFix2.txt 2009-03-01 15:35:49 Pre-Run: 47.598.686.208 bytes beschikbaar Post-Run: 47,595,163,648 bytes beschikbaar 196 --- E O F --- 2009-03-01 18:51:38 en het nieuwe logje van hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:08:05, on 2-3-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Windows Live\Family Safety\fsui.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216383908508 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A8C55D32-C549-44B6-9616-667AE98E8A9C}: NameServer = 213.46.228.196,62.179.104.196 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe -- End of file - 6313 bytes PS. al mijn problemen zijn hiermee opgelost, ik ben er erg blij mee en ik wil je heel graag bedanken, duss umm HEEL ERG BEDANKT KAPE!!!!!!. nu moet ik gaan doeg :ciao: ps2. ben jij niet kape van www.duken.nl

dit is het logje: ComboFix 09-02-28.01 - Eigenaar 2009-03-01 16:34:01.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1014.613 [GMT 1:00] Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe AV: a-squared Anti-Malware *On-access scanning disabled* (Outdated) AV: AVG Anti-Virus *On-access scanning enabled* (Updated) * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Eigenaar\LOCALS~1\Temp\tmp1.tmp c:\docume~1\Eigenaar\LOCALS~1\Temp\tmp2.tmp c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Eigenaar\Application Data\Adobe\crc.dat c:\documents and settings\Eigenaar\Application Data\inst.exe c:\program files\Common Files\System\Uninstall c:\windows\system32\kjafagie.ini c:\windows\system32\kzjgcp.dll c:\windows\system32\sgnhtwwd.ini c:\windows\system32\uaqpjnfa.dll c:\windows\Tasks\xtobqvtt.job ----- BITS: Mogelijk geïnfecteerde sites ----- hxxp://youtouch.no-ip.biz . (((((((((((((((((((( Bestanden Gemaakt van 2009-02-01 to 2009-03-01 )))))))))))))))))))))))))))))) . 2009-03-01 13:12 . 2009-03-01 13:28 <DIR> dr-h----- c:\documents and settings\Eigenaar\Onlangs geopend 2009-03-01 12:49 . 2009-03-01 12:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-01 12:49 . 2009-03-01 12:49 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Malwarebytes 2009-03-01 12:49 . 2009-03-01 12:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-01 12:49 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-01 12:49 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-28 12:00 . 2009-02-28 23:02 <DIR> d-------- c:\program files\a-squared Anti-Malware 2009-02-28 11:49 . 2009-02-28 11:49 <DIR> d-------- c:\program files\Trend Micro 2009-02-27 21:02 . 2009-03-01 12:57 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-02-27 20:34 . 2009-03-01 11:56 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-02-27 20:34 . 2009-02-27 20:34 <DIR> d-------- c:\program files\AVG 2009-02-27 20:34 . 2009-02-28 11:49 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\AVGTOOLBAR 2009-02-27 20:34 . 2009-02-28 10:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-02-27 20:34 . 2009-02-28 10:28 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-02-27 20:34 . 2009-02-28 10:28 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-02-27 20:34 . 2009-02-28 10:28 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys 2009-02-27 20:34 . 2009-02-28 10:28 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-02-27 18:06 . 2009-02-27 20:01 <DIR> d-------- c:\program files\ESET 2009-02-27 18:06 . 2009-02-27 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET 2009-02-27 18:05 . 2009-02-27 18:05 0 --a------ c:\windows\RAVTC.TMP 2009-02-27 18:04 . 2009-02-27 18:04 0 --------- c:\windows\PAVSHRB.INI 2009-02-07 23:39 . 2009-02-27 19:55 <DIR> d-------- c:\program files\Eusing Free Registry Cleaner 2009-02-07 19:04 . 2009-02-07 19:04 <DIR> d-------- c:\program files\LimeWire 2009-02-06 19:55 . 2009-02-06 19:55 308,616 --a------ c:\windows\WLXPGSS.SCR 2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll 2009-02-04 20:56 . 2009-02-04 20:56 <DIR> d-------- c:\windows\system32\VIRepair 2009-02-01 10:38 . 2009-02-01 10:39 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\ViStart . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-28 20:59 --------- d-----w c:\documents and settings\Eigenaar\Application Data\uTorrent 2009-02-28 16:12 34 ----a-w c:\documents and settings\Eigenaar\jagex_runescape_preferences.dat 2009-02-28 11:40 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Vso 2009-02-27 17:04 --------- d-----w c:\program files\Panda Security 2009-02-27 10:38 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-20 17:36 --------- d-----w c:\program files\Windows Live 2009-02-17 17:51 --------- d-----w c:\program files\ABBYY FineReader 6.0 Sprint 2009-02-15 13:26 --------- d-----w c:\documents and settings\Eigenaar\Application Data\LimeWire 2009-02-14 22:16 --------- d-----w c:\documents and settings\Eigenaar\Application Data\dvdcss 2009-02-11 15:06 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-06 17:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys 2009-02-04 19:56 --------- d-----w c:\program files\Styler 2009-01-31 11:07 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Styler 2009-01-30 16:39 --------- d-----w c:\program files\Microsoft IntelliPoint 2009-01-30 16:38 --------- d-----w c:\program files\Intel 2009-01-30 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner 2009-01-30 15:37 --------- dc-h--w c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E} 2009-01-30 15:37 --------- d-----w c:\program files\Uniblue 2009-01-30 15:37 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Uniblue 2009-01-29 20:54 --------- d-----w c:\program files\WinFlip 2009-01-29 20:54 --------- d-----w c:\program files\TrueTransparency 2009-01-27 17:24 --------- d-----w c:\program files\Typen 2009-01-17 10:45 --------- d-----w c:\program files\CyberLink 2009-01-17 10:11 --------- d-----w c:\program files\Nokia 2009-01-17 10:11 --------- d-----w c:\program files\Common Files\Nokia 2009-01-17 09:40 --------- d-----w c:\program files\Microsoft Works 2009-01-13 20:20 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-13 20:19 --------- d-----w c:\program files\epson 2009-01-09 20:10 --------- d-----w c:\program files\Microsoft 2009-01-09 20:09 --------- d-----w c:\program files\Windows Live SkyDrive 2009-01-07 19:00 --------- d-----w c:\program files\Yu-Gi-Oh! Power of Chaos - Kaiba the Revenge 2009-01-06 20:33 --------- d-----w c:\documents and settings\All Users\Application Data\vsosdk 2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-24 18:53 47,360 ----a-w c:\documents and settings\Eigenaar\Application Data\pcouffin.sys 2008-09-04 19:42 168 ----a-w c:\documents and settings\Eigenaar\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-28 1601304] "a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2009-02-25 2799760] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-28 10:28 10520 c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk] backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2008-04-15 11:00 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX6000 Series] --a------ 2006-02-13 05:00 131072 c:\windows\system32\spool\drivers\W32X86\3\E_FATIBIE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series] --a------ 2007-04-12 07:00 182272 c:\windows\system32\spool\drivers\W32X86\3\E_FATICDE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series (Kopie 1)] --a------ 2007-04-12 07:00 182272 c:\windows\system32\spool\drivers\W32X86\3\E_FATICDE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui] --a------ 2009-02-06 18:08 454000 c:\program files\Windows Live\Family Safety\fsui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2008-02-28 15:00 166424 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2008-02-28 15:00 141848 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2008-06-10 12:56 1406024 c:\program files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2009-02-06 18:52 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-02-18 15:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-03-25 12:33 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2008-02-28 15:00 137752 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2006-04-04 10:44 16120832 c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "ServiceLayer"=3 (0x3) "sdCoreService"=2 (0x2) "sdAuxService"=2 (0x2) "PSIMSVC"=2 (0x2) "PLFlash DeviceIoControl Service"=2 (0x2) "PAVSRV"=2 (0x2) "PavPrSrv"=2 (0x2) "Panda Software Controller"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "NMIndexingService"=3 (0x3) "Nero BackItUp Scheduler 3"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "fsssvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-27 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-27 325128] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-27 107272] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-28 298264] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-09 55152] R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-10-21 17149] S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3752698e-d808-11dd-bf89-00199937f49e}] \Shell\AutoRun\command - E:\Autorun.exe /run \Shell\Shell00\Command - E:\Autorun.exe /run \Shell\Shell01\Command - E:\Autorun.exe /action \Shell\Shell02\Command - E:\Autorun.exe /uninstall . - - - - ORPHANS VERWIJDERD - - - - MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe MSConfigStartUp-Vista Rainbar - c:\program files\Vista Rainbar\launcher.exe . ------- Bijkomende Scan ------- . uStart Page = IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 TCP: {A8C55D32-C549-44B6-9616-667AE98E8A9C} = 213.46.228.196,62.179.104.196 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-01 16:34:57 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2009-03-01 16:35:48 ComboFix-quarantined-files.txt 2009-03-01 15:35:46 Pre-Run: 46.268.125.184 bytes beschikbaar Post-Run: 47,660,920,832 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 228 --- E O F --- 2009-02-27 00:11:41

dit is het logje van malware bytes: Malwarebytes' Anti-Malware 1.34 Database versie: 1813 Windows 5.1.2600 Service Pack 3 1-3-2009 12:59:42 mbam-log-2009-03-01 (12-59-42).txt Scan type: Snelle Scan Objecten gescand: 63315 Verstreken tijd: 7 minute(s), 39 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 5 Registersleutels geïnfecteerd: 19 Registerwaarden geïnfecteerd: 2 Registerdata bestanden geïnfecteerd: 3 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 11 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\byXRlKAs.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ovboesvm.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\dkchnhje.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\sbetzz.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\winconfig.dll (Trojan.BHO) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7dcc9c2a-fa60-41ff-8c12-b5711fd3b28d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7dcc9c2a-fa60-41ff-8c12-b5711fd3b28d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a59d8a18-0c97-4908-86e4-52b2b32737e2} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{a59d8a18-0c97-4908-86e4-52b2b32737e2} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a59d8a18-0c97-4908-86e4-52b2b32737e2} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7dcc9c2a-fa60-41ff-8c12-b5711fd3b28d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2c27a4ca (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.BHO) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\byxrlkas -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxrlkas -> Delete on reboot. Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: C:\WINDOWS\system32\sbetzz.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\byXRlKAs.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\sAKlRXyb.ini (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\sAKlRXyb.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ovboesvm.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\mvseobvo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dkchnhje.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\winconfig.dll (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\system32\hfpiquqa.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\0C2CV0U4\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\P1WO411I\qw[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. en dit is het nieuwe logje van hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:07:12, on 1-3-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\a-squared Anti-Malware\a2service.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Live\Family Safety\fsui.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\a-squared Anti-Malware\a2guard.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Program Files\a-squared Anti-Malware\a2start.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216383908508 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A8C55D32-C549-44B6-9616-667AE98E8A9C}: NameServer = 213.46.228.196,62.179.104.196 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: ssqOIBtT - ssqOIBtT.dll (file missing) O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe -- End of file - 7047 bytes

ik had laatst wat virussen op mijn pc, toen heb ik perongeluk Antivirus360 op mijn pc gedownload, nu heb AVG, het werkt perfect. toen heb ik Antivirus360 verwijdert. alleen op wat voor site ik ook ga het word geblokkeerd, dan staat er dat ik het moet kope enzo. ik weet niet hoe ik het kan weg hale. ik had wel gelezen bij een ander topic, dat ik met hijackthis een ogje enzo moest maken en hier plaatsen, dus dat heb ik alvast gedaan. hier is het logje. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:08:38, on 28-2-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Windows Live\Family Safety\fsui.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\a-squared Anti-Malware\a2guard.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\System32\alg.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKLM\..\Run: [2c27a4ca] rundll32.exe "C:\WINDOWS\system32\dwwthngs.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2; .NET CLR 3.0.04506.648)" -"Game View" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216383908508 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A8C55D32-C549-44B6-9616-667AE98E8A9C}: NameServer = 213.46.228.196,62.179.104.196 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: kzjgcp.dll O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe -- End of file - 6390 bytes