RasenKage

als ik op het linkje druk geeft het page not found aan

heyy gmer rootkit detector werkt niet zo goed bij mij. Het blijft elke keer vastlopen en dan moet ik opnieuw opstarten.

dit is het logje van combofix ComboFix 10-08-28.02 - Ronny 30-08-2010 12:31:36.2.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.31.1043.18.1788.915 [GMT 2:00] Gestart vanuit: c:\users\Ronny\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Ronny\Desktop\CFScript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe" "c:\windows\system32\drivers\PavProc.sys" "c:\windows\Tasks\Norton Security Scan for Ronny.job" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\Panda Security c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe c:\program files\Common Files\Panda Security\PavShld\PavShld.dll c:\program files\Common Files\Panda Security\PavShld\PAVSHLD.RPE c:\program files\Common Files\Panda Security\PavShld\ProcProt.dll c:\program files\Common Files\Symantec Shared c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.htm c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll c:\program files\Common Files\Symantec Shared\Support Controls\ssCmdTar.ini c:\program files\Common Files\Symantec Shared\Support Controls\ssctlbr.dll c:\program files\Common Files\Symantec Shared\Support Controls\ssctlln.dll c:\program files\Common Files\Symantec Shared\Support Controls\ssctlwmi.dll c:\program files\Common Files\Symantec Shared\Support Controls\sshelper.exe c:\program files\Common Files\Symantec Shared\Support Controls\sshelper.exe.manifest c:\program files\Common Files\Symantec Shared\Support Controls\SymAData.dll c:\program files\Common Files\Symantec Shared\Support Controls\SymSupCC.dll c:\program files\Common Files\Symantec Shared\Support Controls\tgctlcm.dll c:\program files\Common Files\Symantec Shared\Support Controls\tgctlsi.dll c:\program files\Common Files\Symantec Shared\Support Controls\tgctlsr.dll c:\program files\Common Files\Symantec Shared\Support Controls\tgctlss.dll c:\program files\Norton Security Scan c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\{2A85E335-7417-424d-AD89-31DED1689794}.dat c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\{407D1C08-B366-4aca-92FB-E04E97F6681D}.dat c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\BilBDRes.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\ccL80U.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\ccScanw.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\ccVrTrst.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\dec_abi.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\DefLoad.exe c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\DefUtDCD.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\diLueCbk.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\ecmldr32.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\HeartBt.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\help.htm c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Microsoft.VC80.CRT.manifest c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\msl.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\msvcp80.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\msvcr80.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\patch25d.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\PrdDtRes.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\ReputationCacheDB.db c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\RevList.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\SAUpdt.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\ScanCore.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\ScanRes.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\ScanText.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\SKUCfg.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\SKURes.dll c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\SymHTML.dll c:\program files\Norton Security Scan\Norton Security Scan\isolate.ini c:\programdata\Symantec c:\programdata\Symantec\SubEng\platformid.dat c:\windows\system32\drivers\PavProc.sys c:\windows\Tasks\Norton Security Scan for Ronny.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_PavProc -------\Service_ShldDrv (((((((((((((((((((( Bestanden Gemaakt van 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))) . 2010-08-30 10:39 . 2010-08-30 10:39 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-08-29 20:00 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-29 20:00 . 2010-08-29 20:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-29 20:00 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-29 07:01 . 2010-08-29 20:13 -------- d-----w- c:\users\Ronny\AppData\Local\Windows 2010-08-13 10:24 . 2010-08-13 10:24 -------- d-----w- C:\$AVG 2010-08-11 14:39 . 2010-08-11 14:39 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-08-11 14:39 . 2010-08-11 14:39 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-08-11 14:39 . 2010-08-30 06:53 -------- d-----w- c:\windows\system32\drivers\Avg 2010-08-11 14:39 . 2010-08-11 14:39 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-08-11 14:38 . 2010-08-11 14:38 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-08-11 14:36 . 2010-08-11 14:36 -------- d-----w- c:\program files\AVG 2010-08-11 14:36 . 2010-08-11 14:36 -------- d-----w- c:\programdata\avg9 2010-08-11 12:19 . 2010-08-11 12:19 -------- d-----w- c:\users\Ronny\AppData\Roaming\Malwarebytes 2010-08-11 12:18 . 2010-08-11 12:18 -------- d-----w- c:\programdata\Malwarebytes 2010-08-11 11:18 . 2010-08-11 11:18 -------- d-----w- c:\program files\Trend Micro 2010-08-10 19:52 . 2009-10-27 10:07 37896 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys 2010-08-10 19:35 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll 2010-08-10 19:35 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-10 19:35 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-10 19:35 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll 2010-08-10 19:35 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-10 19:35 . 2010-06-18 14:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-10 19:35 . 2010-06-18 14:43 144896 ----a-w- c:\windows\system32\drivers\srv2.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-29 14:30 . 2010-08-29 14:30 388096 ----a-r- c:\users\Ronny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-26 20:33 . 2009-08-05 01:45 -------- d-----w- c:\users\Ronny\AppData\Roaming\BitTorrent 2010-08-23 19:38 . 2008-12-18 14:14 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-18 12:50 . 2008-04-14 15:24 667352 ----a-w- c:\windows\system32\perfh013.dat 2010-08-18 12:50 . 2008-04-14 15:24 126854 ----a-w- c:\windows\system32\perfc013.dat 2010-08-16 14:01 . 2008-12-22 11:40 -------- d-----w- c:\users\Ronny\AppData\Roaming\uTorrent 2010-08-15 16:27 . 2010-04-23 18:44 -------- d-----w- c:\program files\PokerStars 2010-08-11 13:55 . 2009-08-02 22:05 -------- d-----w- c:\users\Ronny\AppData\Roaming\Media Player Classic 2010-08-11 05:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-10 19:17 . 2009-04-30 22:17 -------- d-----w- c:\users\Ronny\AppData\Roaming\vlc 2010-08-06 13:23 . 2010-07-21 22:30 -------- d-----w- c:\users\Ronny\AppData\Roaming\Apple Computer 2010-07-21 22:30 . 2010-07-21 22:29 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-07-21 22:30 . 2010-07-21 22:29 -------- d-----w- c:\program files\iTunes 2010-07-21 22:29 . 2010-07-21 22:29 -------- d-----w- c:\program files\iPod 2010-07-21 22:29 . 2010-07-21 22:21 -------- d-----w- c:\program files\Common Files\Apple 2010-07-21 22:29 . 2010-07-21 22:27 -------- d-----w- c:\programdata\Apple Computer 2010-07-21 22:28 . 2010-07-21 22:27 -------- d-----w- c:\program files\QuickTime 2010-07-21 22:25 . 2010-07-21 22:25 -------- d-----w- c:\program files\Apple Software Update 2010-07-21 22:21 . 2010-07-21 22:21 -------- d-----w- c:\program files\Bonjour 2010-07-16 06:19 . 2010-07-16 06:19 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe 2010-06-28 16:17 . 2010-08-10 19:36 833024 ----a-w- c:\windows\system32\wininet.dll 2010-06-28 16:13 . 2010-08-10 19:36 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-06-21 13:18 . 2010-08-10 19:36 2036736 ----a-w- c:\windows\system32\win32k.sys 2010-06-11 15:31 . 2010-08-10 19:36 274432 ----a-w- c:\windows\system32\schannel.dll 2009-03-31 20:47 . 2008-12-26 15:18 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll 2008-10-30 09:20 . 2008-10-30 09:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 869936] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208] "SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-09-18 552960] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "TouchPadHotKey"="c:\program files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe" [2007-08-13 364544] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-11 2065760] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] R3 PAC207;PC Camer@;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-11 216400] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-11 243024] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-11 308136] S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-09-18 452968] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-07-04 47616] --- Andere Services/Drivers In Geheugen --- *Deregistered* - gmwpryo [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc . . ------- Bijkomende Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2088433 uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html FF - ProfilePath - c:\users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\oiykkb29.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\oiykkb29.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-30 12:43 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gmwpryo] . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(3252) c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\program files\AVG\AVG9\avgnsx.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\conime.exe c:\windows\RtHDVCpl.exe c:\program files\AVG\AVG9\avgtray.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Voltooingstijd: 2010-08-30 12:48:48 - machine werd herstart ComboFix-quarantined-files.txt 2010-08-30 10:48 ComboFix2.txt 2010-08-30 09:20 Pre-Run: 58.701.344.768 bytes beschikbaar Post-Run: 58.545.049.600 bytes beschikbaar Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - EBE8C2E022A700DCD9CA562DE906E6D1 en dit is het nieuwe mbamlog, met wederom een geinfecteerd bestand Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4503 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 30-8-2010 13:03:01 mbam-log-2010-08-30 (13-03-01).txt Scantype: Snelle scan Objecten gescand: 136812 Verstreken tijd: 8 minuut/minuten, 9 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\Windows\system32\Drivers\gmwpryo.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.

AVG is inderdaad mijn virusscanner, hier het logje van MBAM toch nog een geinfecteerd bestandje Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4503 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 30-8-2010 12:14:10 mbam-log-2010-08-30 (12-14-10).txt Scantype: Snelle scan Objecten gescand: 137233 Verstreken tijd: 7 minuut/minuten, 27 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\Windows\system32\Drivers\gmwpryo.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.

hier het log van combofix ComboFix 10-08-28.02 - Ronny 30-08-2010 11:07:00.1.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.31.1043.18.1788.870 [GMT 2:00] Gestart vanuit: c:\users\Ronny\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Ronny\AppData\Local\ojoiistlo c:\users\Ronny\AppData\Local\ojoiistlo\euqknpcshdw.exe c:\users\Ronny\AppData\Local\Windows Server c:\users\Ronny\AppData\Local\Windows Server\flags.ini c:\users\Ronny\AppData\Local\Windows Server\hlp.dat c:\users\Ronny\AppData\Local\Windows Server\server.dat c:\users\Ronny\AppData\Local\Windows Server\uses32.dat c:\users\Ronny\AppData\Roaming\D41A6669182A2B84FDC654850D34312F c:\users\Ronny\AppData\Roaming\D41A6669182A2B84FDC654850D34312F\enemies-names.txt c:\users\Ronny\AppData\Roaming\D41A6669182A2B84FDC654850D34312F\local.ini c:\users\Ronny\AppData\Roaming\D41A6669182A2B84FDC654850D34312F\lsrslt.ini c:\users\Ronny\AppData\Roaming\D41A6669182A2B84FDC654850D34312F\mediafix70700en02.exe c:\users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor c:\users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk c:\users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk c:\users\Ronny\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp c:\users\Ronny\AppData\Roaming\ojoiistlo c:\users\Ronny\AppData\Roaming\ojoiistlo\euqknpcshdw.exe . (((((((((((((((((((( Bestanden Gemaakt van 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))) . 2010-08-30 09:15 . 2010-08-30 09:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-29 20:00 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-29 20:00 . 2010-08-29 20:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-29 20:00 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-29 14:30 . 2010-08-29 14:30 388096 ----a-r- c:\users\Ronny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-29 07:01 . 2010-08-29 20:13 -------- d-----w- c:\users\Ronny\AppData\Local\Windows 2010-08-23 17:54 . 2010-08-23 17:54 -------- d-----w- c:\program files\Conduit 2010-08-13 10:24 . 2010-08-13 10:24 -------- d-----w- C:\$AVG 2010-08-11 14:39 . 2010-08-11 14:39 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-08-11 14:39 . 2010-08-11 14:39 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-08-11 14:39 . 2010-08-30 06:53 -------- d-----w- c:\windows\system32\drivers\Avg 2010-08-11 14:39 . 2010-08-11 14:39 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-08-11 14:38 . 2010-08-11 14:38 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-08-11 14:36 . 2010-08-11 14:36 -------- d-----w- c:\program files\AVG 2010-08-11 14:36 . 2010-08-11 14:36 -------- d-----w- c:\programdata\avg9 2010-08-11 12:19 . 2010-08-11 12:19 -------- d-----w- c:\users\Ronny\AppData\Roaming\Malwarebytes 2010-08-11 12:18 . 2010-08-11 12:18 -------- d-----w- c:\programdata\Malwarebytes 2010-08-11 11:18 . 2010-08-11 11:18 -------- d-----w- c:\program files\Trend Micro 2010-08-10 19:52 . 2010-08-10 19:52 -------- d-----w- c:\program files\Common Files\Panda Security 2010-08-10 19:52 . 2009-10-27 10:07 37896 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys 2010-08-10 19:52 . 2009-09-14 14:18 163336 ----a-w- c:\windows\system32\drivers\PavProc.sys 2010-08-10 19:35 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll 2010-08-10 19:35 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-10 19:35 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-10 19:35 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll 2010-08-10 19:35 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-10 19:35 . 2010-06-18 14:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-10 19:35 . 2010-06-18 14:43 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-10 15:12 . 2010-08-18 10:53 -------- d-----w- c:\users\Ronny\AppData\Local\knadhlamu 2010-08-10 15:09 . 2010-08-18 10:53 -------- d-----w- c:\users\Ronny\AppData\Local\cicyacovv 2010-08-10 15:09 . 2010-08-18 10:53 -------- d-----w- c:\users\Ronny\AppData\Local\lfycynlgc . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-26 20:33 . 2009-08-05 01:45 -------- d-----w- c:\users\Ronny\AppData\Roaming\BitTorrent 2010-08-23 19:38 . 2008-12-18 14:14 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-18 12:50 . 2008-04-14 15:24 667352 ----a-w- c:\windows\system32\perfh013.dat 2010-08-18 12:50 . 2008-04-14 15:24 126854 ----a-w- c:\windows\system32\perfc013.dat 2010-08-16 14:01 . 2008-12-22 11:40 -------- d-----w- c:\users\Ronny\AppData\Roaming\uTorrent 2010-08-15 16:27 . 2010-04-23 18:44 -------- d-----w- c:\program files\PokerStars 2010-08-11 14:21 . 2008-12-25 23:44 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-08-11 14:14 . 2008-12-25 23:44 -------- d-----w- c:\programdata\Symantec 2010-08-11 13:55 . 2009-08-02 22:05 -------- d-----w- c:\users\Ronny\AppData\Roaming\Media Player Classic 2010-08-11 05:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-10 19:17 . 2009-04-30 22:17 -------- d-----w- c:\users\Ronny\AppData\Roaming\vlc 2010-08-06 13:23 . 2010-07-21 22:30 -------- d-----w- c:\users\Ronny\AppData\Roaming\Apple Computer 2010-07-21 22:30 . 2010-07-21 22:29 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-07-21 22:30 . 2010-07-21 22:29 -------- d-----w- c:\program files\iTunes 2010-07-21 22:29 . 2010-07-21 22:29 -------- d-----w- c:\program files\iPod 2010-07-21 22:29 . 2010-07-21 22:21 -------- d-----w- c:\program files\Common Files\Apple 2010-07-21 22:29 . 2010-07-21 22:27 -------- d-----w- c:\programdata\Apple Computer 2010-07-21 22:28 . 2010-07-21 22:27 -------- d-----w- c:\program files\QuickTime 2010-07-21 22:25 . 2010-07-21 22:25 -------- d-----w- c:\program files\Apple Software Update 2010-07-21 22:21 . 2010-07-21 22:21 -------- d-----w- c:\program files\Bonjour 2010-07-16 06:19 . 2010-07-16 06:19 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe 2010-06-28 16:17 . 2010-08-10 19:36 833024 ----a-w- c:\windows\system32\wininet.dll 2010-06-28 16:13 . 2010-08-10 19:36 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-06-21 13:18 . 2010-08-10 19:36 2036736 ----a-w- c:\windows\system32\win32k.sys 2010-06-11 15:31 . 2010-08-10 19:36 274432 ----a-w- c:\windows\system32\schannel.dll 2009-03-31 20:47 . 2008-12-26 15:18 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll 2008-10-30 09:20 . 2008-10-30 09:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 869936] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208] "SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-09-18 552960] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "TouchPadHotKey"="c:\program files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe" [2007-08-13 364544] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-11 2065760] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2009-10-27 37896] R2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2009-09-14 163336] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] R3 PAC207;PC Camer@;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-11 216400] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-11 243024] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-11 308136] S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-09-18 452968] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-07-04 47616] --- Andere Services/Drivers In Geheugen --- *Deregistered* - gmwpryo [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc . Inhoud van de 'Gedeelde Taken' map 2010-08-21 c:\windows\Tasks\Norton Security Scan for Ronny.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-23 07:48] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2088433 uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html FF - ProfilePath - c:\users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\oiykkb29.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\oiykkb29.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-30 11:15 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gmwpryo] . Voltooingstijd: 2010-08-30 11:20:39 ComboFix-quarantined-files.txt 2010-08-30 09:20 Pre-Run: 57.910.464.512 bytes beschikbaar Post-Run: 58.250.788.864 bytes beschikbaar Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - 98EFD873926A4581CCEAA4FC9CC60135

Ik had er geen last meer van, maar toch 2 geinfecteerde bestanden. Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4503 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 30-8-2010 10:24:25 mbam-log-2010-08-30 (10-24-25).txt Scantype: Snelle scan Objecten gescand: 135997 Verstreken tijd: 13 minuut/minuten, 30 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.Palevo) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\Windows\system32\Drivers\gmwpryo.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.

Dit is het Log van MBAM Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4503 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 29-8-2010 22:11:10 mbam-log-2010-08-29 (22-11-10).txt Scantype: Snelle scan Objecten gescand: 135946 Verstreken tijd: 9 minuut/minuten, 22 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 2 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 7 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.Palevo) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\Users\Ronny\AppData\Local\Windows\winhelp.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. C:\Windows\system32\Drivers\gmwpryo.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Local\Temp\ocxanwsemr.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Roaming\ohydy.exe (Worm.Palevo) -> Delete on reboot. C:\Users\Ronny\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\Ronny\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully. en het nieuwe hijackthis log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:20:34, on 29-8-2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18498) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\PixArt\Pac207\Monitor.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com/index2 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com/index2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [siSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 8051 bytes

nouu het is me toch gelukt Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:52:14, on 29-8-2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18498) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\mobsync.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\PixArt\Pac207\Monitor.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Users\Ronny\AppData\Roaming\D41A6669182A2B84FDC654850D34312F\mediafix70700en02.exe C:\Users\Ronny\AppData\Roaming\ojoiistlo\euqknpcshdw.exe C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com/index2 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com/index2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [siSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [mediafix70700en02.exe] C:\Users\Ronny\AppData\Roaming\D41A6669182A2B84FDC654850D34312F\mediafix70700en02.exe O4 - HKCU\..\Run: [pkriyqsp] C:\Users\Ronny\AppData\Roaming\ojoiistlo\euqknpcshdw.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - User Startup: Antimalware Doctor.lnk = Ronny\AppData\Roaming\D41A6669182A2B84FDC654850D34312F\mediafix70700en02.exe O4 - User Startup: winhelp.exe O4 - Global Startup: WirelessSelector.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 8921 bytes

het laat me niet het programma openen. Er staat application can not be executed

Men is hier bekend met dit virus/trojan horse. Ik had al eerder last van dit probleem, het werd toen vrij makkelijk opgelost. Kan iemand mij wederom helpen dit probleem op te lossen en ook een manier om te zorgen dat het niet meer gebeurt. Ik heb na de vorige keer gelijk AVG Free 9.0 gedownload maar daar heb ik nu dus vrij weinig aan gehad. Ik hoor het graag, groetjes

jaa heb ik gedaan bedankt voor de tip !!

Nee ik heb geen problemen meer:D...vriendelijk bedankt voor de hulp!!

Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4418 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 11-8-2010 14:36:54 mbam-log-2010-08-11 (14-36-54).txt Scantype: Snelle scan Objecten gescand: 141049 Verstreken tijd: 13 minuut/minuten, 12 seconde(n) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 6 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 23 Geheugenprocessen geïnfecteerd: C:\Users\Ronny\AppData\Local\Temp\Gpq.exe (Trojan.Downloader) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.Palevo) -> Delete on reboot. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Users\Ronny\AppData\Local\Temp\Gpq.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun. -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Local\Temp\xrncemaosw.exe (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Local\Temp\5430577.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Local\Temp\69b46a41.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Local\Temp\92552.exe (Backdoor.Agent) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Local\Temp\939212.exe (Backdoor.Agent) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Local\Temp\ogjpeed.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Local\Temp\fviwhga.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Local\Temp\bhjowhn.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Local\Temp\nawesocmxr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Local\Temp\nrjfgiq.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Local\Temp\rtervrjv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Local\Temp\saerncmwxo.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Local\Temp\Gpp.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Local\Temp\Gpr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Roaming\ohydy.exe (Worm.Palevo) -> Delete on reboot. C:\Users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. en hijackthis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:46:28, on 11-8-2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18498) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\PixArt\Pac207\Monitor.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com/index2 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com/index2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [siSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: WirelessSelector.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 9324 bytes

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:31:58, on 11-8-2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18498) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Users\Ronny\AppData\Local\Temp\Gpr.exe C:\Users\Ronny\AppData\Local\Temp\Gpq.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\PixArt\Pac207\Monitor.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\sdclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com/index2 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com/index2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [siSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe O4 - HKCU\..\Run: [qwgjevcv] C:\Users\Ronny\AppData\Local\knadhlamu\mohujqutssd.exe O4 - HKCU\..\Run: [secureapp70700.exe] C:\Users\Ronny\AppData\Roaming\D41A6669182A2B84FDC654850D34312F\secureapp70700.exe O4 - HKCU\..\Run: [ZE18MW23GY] C:\Users\Ronny\AppData\Local\Temp\Gpr.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Antimalware Doctor.lnk = Ronny\AppData\Roaming\D41A6669182A2B84FDC654850D34312F\secureapp70700.exe O4 - Global Startup: WirelessSelector.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 10078 bytes

Ik heb dus sinds gistermiddag dat vervelende vsbntlo virusje te pakken. Ook krijg ik (volgens mij daardoor) elke keer bericht van een Antimalware doctor dat mijn systeem in gevaar is, al heb ik die software nooit geïnstalleerd. Ik heb systeemherstel geprobeerd maar dan krijg ik een foutmelding dat systeemherstel niet lukt. Ik heb geen antivirussoftware software omdat ik het al tijden goed heb kunnen doen zonder. Heeft iemand een simpele oplossing voor mijn probleem??