rnapels

Ok, ik heb alles opgevolgd. Ik hoop dat ik nu probleemvrij ben. Groet, Ralf

Nee, dat reader-bestand kan ik niet vinden. Ik heb de twee .dll-bestande verwijderd. Althans, terwijl ik ze aan het zoeken was plaatste AVG ze in quarantaine.

Daar lijkt het wel op. Ik vind het fantastisch hoe snel je me hebt kunnen helpen. Ik zit hier in Napels en jij in Kapellen. Een goede zaterdagavond/nacht gewenst. Groet, Ralf

Ook mijn USB doet het weer ComboFix 09-05-23.03 - El Bever 23-05-2009 22:40.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.750.542 [GMT 1:00] Gestart vanuit: c:\documents and settings\El Bever\Bureaublad\ComboFix.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\El Bever\Local Settings\Temporary Internet Files\Cpvff.stt c:\documents and settings\El Bever\Local Settings\Temporary Internet Files\fbk.sts c:\documents and settings\LocalService\Application Data\916653139.exe c:\windows\system32\ateyanun.ini c:\windows\system32\drivers\ovfsthymwrbrpaeoepkcbjcqgoesmbwkapeswr.sys c:\windows\system32\ovfstheknoxokvpeupvxrwwptvfaedharqnppe.dat c:\windows\system32\ovfsthmtbogtpqmyosmbxgojngpftcdoeupsbj.dll c:\windows\system32\ovfsthoikydwpaycltujceejjkolgwsmcvltys.dll c:\windows\system32\ovfsthsunijnsswkedvjsadgpghwrrnkiraefd.dll c:\windows\system32\ovfsthtkwyyiixyvenurrjcyrkmocdquxqjiye.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ovfsthkaoddrxtfnwnaaelatvaeiyxysynjepy -------\Legacy_ICF (((((((((((((((((((( Bestanden Gemaakt van 2009-04-23 to 2009-05-23 )))))))))))))))))))))))))))))) . 2009-05-23 21:39 . 2009-05-23 21:39 -------- d-sh--w C:\FOUND.000 2009-05-23 00:26 . 2009-05-23 18:07 117760 ----a-w c:\documents and settings\El Bever\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-05-23 00:24 . 2009-05-23 00:24 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-05-23 00:24 . 2009-05-23 00:24 -------- d-----w c:\program files\SUPERAntiSpyware 2009-05-23 00:24 . 2009-05-23 00:24 -------- d-----w c:\documents and settings\El Bever\Application Data\SUPERAntiSpyware.com 2009-05-22 21:31 . 2009-05-23 18:10 29184 ----a-w c:\windows\system32\lklf32.dll 2009-05-22 19:06 . 2009-05-22 19:06 -------- d-----w c:\documents and settings\El Bever\Application Data\Malwarebytes 2009-05-22 19:06 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-22 19:06 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-22 19:06 . 2009-05-22 19:06 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-22 19:06 . 2009-05-22 19:06 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-22 19:01 . 2009-05-22 19:01 -------- d-----w c:\program files\Trend Micro 2009-05-22 18:29 . 2009-05-23 18:05 29184 ----a-w c:\windows\system32\jhxm32.dll 2009-05-22 14:59 . 2009-03-24 13:43 43008 ----a-w c:\documents and settings\El Bever\Application Data\Mozilla\Firefox\Profiles\xdhughsw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll 2009-05-22 14:59 . 2009-03-24 13:43 43008 ----a-w c:\documents and settings\El Bever\Application Data\Mozilla\Firefox\Profiles\xdhughsw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-05-22 14:59 . 2009-03-24 13:43 235520 ----a-w c:\documents and settings\El Bever\Application Data\Mozilla\Firefox\Profiles\xdhughsw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll 2009-05-22 14:59 . 2009-03-24 13:43 338432 ----a-w c:\documents and settings\El Bever\Application Data\Mozilla\Firefox\Profiles\xdhughsw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-05-22 14:59 . 2009-03-24 13:42 345088 ----a-w c:\documents and settings\El Bever\Application Data\Mozilla\Firefox\Profiles\xdhughsw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-05-22 14:59 . 2009-03-24 13:42 235008 ----a-w c:\documents and settings\El Bever\Application Data\Mozilla\Firefox\Profiles\xdhughsw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll 2009-05-22 14:55 . 2009-05-22 14:55 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-05-22 14:53 . 2009-05-22 14:54 -------- d--h--r c:\documents and settings\El Bever\Onlangs geopend 2009-05-22 14:52 . 2009-05-22 14:52 -------- d-----w c:\program files\CCleaner 2009-05-22 14:45 . 2009-05-22 14:45 -------- d-----w c:\program files\iTunesHelper.Resources 2009-05-22 14:45 . 2009-05-22 14:45 -------- d-----w c:\program files\iTunes.Resources 2009-05-22 10:15 . 2009-05-22 10:15 32768 ----a-w c:\windows\system32\avast!Antivirus.exe 2009-05-22 03:28 . 2009-05-22 03:28 136 ----a-w c:\windows\system32\vp_setup.exe.bat 2009-05-20 12:35 . 2009-05-20 12:35 -------- d-----w c:\program files\DivX 2009-05-20 12:35 . 2009-05-20 12:35 -------- d-----w c:\program files\directx 2009-05-20 12:35 . 2009-05-20 12:35 -------- d-----w c:\program files\D-Link(2) 2009-05-20 12:35 . 2009-05-20 12:35 -------- d-----w c:\program files\SopCast 2009-05-11 15:58 . 2009-05-11 15:58 -------- d-----w c:\program files\Monsters 2009-05-06 18:49 . 2009-05-06 18:49 -------- d-----w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81} . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-23 21:42 . 2007-04-24 18:36 12 ----a-w c:\windows\bthservsdp.dat 2009-04-21 22:53 . 2009-04-21 22:52 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-19 08:22 . 1979-12-31 23:00 54782 ----a-w c:\windows\system32\perfc013.dat 2009-04-19 08:22 . 1979-12-31 23:00 366400 ----a-w c:\windows\system32\perfh013.dat 2009-03-19 17:40 . 2009-03-19 17:40 56 ---ha-w c:\windows\system32\ezsidmv.dat 2009-03-13 00:25 . 2007-03-29 19:08 55792 ----a-w c:\documents and settings\El Bever\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-06 14:23 . 1979-12-31 23:00 285696 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:16 . 2006-06-23 12:29 826368 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-16 24095528] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-15 342848] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-14 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2003-04-08 59392] "PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-08 455168] "PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-08 455168] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600] "acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2005-01-10 462848] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="e:\programma's\iTunesHelper.exe" [2008-11-20 290088] "PWRISOVM.EXE"="e:\programma's\PowerISO\PWRISOVM.EXE" [2008-11-02 167936] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk backup=c:\windows\pss\Google Updater.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"= "c:\\WINDOWS\\system32\\svchost.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "e:\\programma's\\BitTorrent\\bittorrent.exe"= "e:\\programma's\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [14-5-2009 14:22 9968] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [14-5-2009 14:22 72944] R1 SMBHC;Stuurprogramma voor Microsoft SM Bus-hostcontroller;c:\windows\system32\drivers\smbhc.sys [8-7-2004 12:33 6784] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [14-5-2009 14:22 7408] R3 SMBBATT;Microsoft Smart Battery-stuurprogramma;c:\windows\system32\drivers\smbbatt.sys [8-7-2004 12:33 16000] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] . Inhoud van de 'Gedeelde Taken' map 2009-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe HKCU-Run-Tunebite - c:\program files\RapidSolution\Tunebite\Tunebite.exe HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe Notify-avgrsstarter - avgrsstx.dll SafeBoot-procexp90.Sys . ------- Bijkomende Scan ------- . uStart Page = hxxp://global.acer.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab FF - ProfilePath - c:\documents and settings\El Bever\Application Data\Mozilla\Firefox\Profiles\xdhughsw.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: e:\programma's\Mozilla Plugins\npitunes.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-05-23 22:43 Windows 5.1.2600 Service Pack 3 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(724) c:\program files\SUPERAntiSpyware\SASWINLO.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE c:\program files\JAVA\JRE6\BIN\JQS.EXE c:\windows\SYSTEM32\RUNDLL32.EXE c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE c:\windows\system32\wscntfy.exe c:\program files\IPOD\BIN\IPODSERVICE.EXE . ************************************************************************** . Voltooingstijd: 2009-05-23 22:45 - machine werd herstart ComboFix-quarantined-files.txt 2009-05-23 21:45 Pre-Run: 2.870.345.728 bytes beschikbaar Post-Run: 2.912.182.272 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 184 --- E O F --- 2009-05-14 09:28

Hallo, Ik ben net vreselijkgoed geholpen door jullie collega bij de afdeling VIRUS. Ik vind het top dat jullie de moeite nemen mensen te helpen die jullie niet eens kennen. Voor jullie misschien een peulenschil, voor mij abacadabra. Ik had last van Maleware Doctor, maar dat is nu verholpen, dat probleem. Ongeveer gelijktijdig met de komst van dat virus pakte mijn notebook opeens geen USB-sticks meer. erg omnhandig, ik moet vaak stukken printen, en heb geen printer. Daarvoor ga ik naar de copyshop op de hoek, maar dat kan nu niet meer. ALs ik de USB stick (het maakt niet welke) in mijn pc stop, leest hij hem wel, maar ik kan hem niet openen. De pc maakt ook geen melding dat er een USB-stick is aangetroffen. Hoe zorg ik ervoor dat ik weer USB-sticks kan gebruiken in mijn pc? Met groet, Ralf vanuit Napels

Beste Kape, Ik ben je ontzettend dankbaar. Ik ben een NUL wat betreft pc's betreft en vind het ontzettend aardig dat er mensen zijn die mij niet kennen, maar toch tijd nemen om me te helpen. Misschien is het voor jou een peulenschil, voor mij is het abracadabra. BEDANKT! Alles lijkt weer te werken. Bijgevoegd de Hijjacklog: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:23:51 , on 23-5-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\acer\Wireless\Utility\WlanUtil.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe E:\programma's\iTunesHelper.exe E:\programma's\PowerISO\PWRISOVM.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\DNA\btdna.exe C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [acerWireless] C:\Program Files\acer\Wireless\Utility\WlanUtil.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\programma's\iTunesHelper.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\programma's\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [A00F581A92A.exe] C:\WINDOWS\TEMP\_A00F581A92A.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Wireless Connection Manager.lnk = ? O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\spybot\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\spybot\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 7251 bytes Ik post subiet de malwarebytes ---------- Bericht toegevoegd om 20:28 ---------- Vorig bericht was om 20:26 ---------- Die scan loopt nu, onderwijl wil ik je wel wijzen op een probleem dat nog niet is opgelost. Tegelijkertijd met de komst van Malaware kan ik geen USB-stick meer openen op m'n notebook. Heeft het een met het ander te maken, denkt u? Ook nu nu malaware doctor weg is, kan ik nog geen USB-stick openen. Bedankt, Ralf ---------- Bericht toegevoegd om 20:31 ---------- Vorig bericht was om 20:28 ---------- MALWARE-LOGJE: Malwarebytes' Anti-Malware 1.36 Database versie: 2166 Windows 5.1.2600 Service Pack 3 23-5-2009 21:31:22 mbam-log-2009-05-23 (21-31-22).txt Scan type: Snelle Scan Objecten gescand: 73229 Verstreken tijd: 3 minute(s), 49 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 2 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.

Fijn dat je iets wilt probere. Het hijjackth-logje. Waar vind ik dat? Of moet ik eerst opnieuw een scan uitvoeren? Dit is het mbam-logje dat ik gisteravond kreeg. Malwarebytes' Anti-Malware 1.36 Database versie: 2166 Windows 5.1.2600 Service Pack 3 22-5-2009 22:25:14 mbam-log-2009-05-22 (22-25-14).txt Scan type: Snelle Scan Objecten gescand: 72879 Verstreken tijd: 23 minute(s), 15 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 2 Registersleutels geïnfecteerd: 17 Registerwaarden geïnfecteerd: 9 Registerdata bestanden geïnfecteerd: 2 Mappen geïnfecteerd: 4 Bestanden geïnfecteerd: 15 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: C:\Program Files\Mozilla Firefox\components\WWShow.dll (Adware.BHO) -> Delete on reboot. C:\WINDOWS\system32\had732ufn8.dll (Trojan.Ertfor) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\CLSID\{a6c7b2a1-00f3-42bd-f434-00aaba2c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a6c7b2a1-00f3-42bd-f434-00aaba2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6c7b2a1-00f3-42bd-f434-00aaba2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0065bb6 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ICF (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICF (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nowuruyoto (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm251a25c3 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2629165f (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a6c7b2a1-00f3-42bd-f434-00aaba2c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor (Rogue.MalwareDoc) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Agent) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\Documents and Settings\El Bever\Application Data\ptidle (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\WWShow (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Jcore (Trojan.BHO) -> Quarantined and deleted successfully. C:\Program Files\ThunMail (Spyware.OnlineGamer) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\system32\had732ufn8.dll (Trojan.Zlob.H) -> Delete on reboot. C:\Documents and Settings\El Bever\Local Settings\Application Data\cwwyk_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\El Bever\Local Settings\Application Data\cwwyk_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\El Bever\Local Settings\Application Data\cwwyk.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\components\WWShow.dll (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\El Bever\Local Settings\Temp\dfff.dll (Trojan.Agent.V) -> Quarantined and deleted successfully. C:\Documents and Settings\El Bever\Local Settings\Temp\uninstall.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\El Bever\Application Data\ptidle\ptidle.exe1cp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\WWShow\WWShow.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Program Files\ThunMail\testabd.dll (Spyware.OnlineGamer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\916653139.exe (Rogue.MalwareDoc) -> Quarantined and deleted successfully. C:\WINDOWS\system32\service-466.exe (Trojan.Downloader) -> Quarantined and deleted successfully. ---------- Bericht toegevoegd om 19:14 ---------- Vorig bericht was om 19:08 ---------- En het logje van hijjack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:13:42 , on 23-5-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\avast!Antivirus.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\acer\Wireless\Utility\WlanUtil.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe E:\programma's\iTunesHelper.exe E:\programma's\PowerISO\PWRISOVM.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Documents and Settings\LocalService\Application Data\916653139.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\DNA\btdna.exe E:\programma's\spybot\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Microsoft copyright - {F30B5E7E-CFBB-44fb-A947-226E5A7A4290} - lklf32.dll (file missing) O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [acerWireless] C:\Program Files\acer\Wireless\Utility\WlanUtil.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\programma's\iTunesHelper.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\programma's\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\916653139.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] E:\programma's\spybot\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\916653139.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [A00F581A92A.exe] C:\WINDOWS\TEMP\_A00F581A92A.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Wireless Connection Manager.lnk = ? O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\spybot\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\spybot\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 7838 bytes

Beste mensen, Ik zit met mijn handen in het haar. Ben een journalist te Napels en sinds een dag of 5 is mijn pc geinfecteerd met iets hardnekking, genaamd Malware Doctor en misschien nog wel meer dingen. Normaalgesproken krijg ik virussen zelf wel verwijderd, met behulp van viusscanners etc. Maar nu niet. Iedere dag doet de pc het een stukje slechter. Ik heb Hijjackthis, Mbam, kortom van alles geprobeerd en het lukt me niet alleen. Het probleem blijft terugkeren en wordt alleen maar erger. Ik ben er inmiddels al 3 dagen mee bezig en ten einde raad. Stop het punt een nieuwe pc aan te schaffen hier in Italie, omdat ik het werk niet kan laten liggen. Hopelijk kunt u mij helpen. Met groet, Ralf