Inderdaad een virus via USB.

Download het volgende programma en start het.
Flash_Disinfector.exe

Het programma sluit Internet Explorer en de Windows Verkenner.
Er wordt gevraagd om de USB-disk aan te sluiten. Herhaal dit als je meerdere USB apparaten hebt. (mobiel MP3-player of fototoestel)

Download Combofix naar je Bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• Dubbelklik op Combofix.exe
  Volg de instructies, aanvaard de disclaimer door Yes te klikken.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats dit log in je volgende post samen met een nieuw HijackThis log.

ok, heb ik gedaan

ComboFix 08-02-20.2 - pvk 2008-02-20 17:58:10.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.601 [GMT 1:00]
Gestart vanuit: E:\internet\download\antispyware\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))
.

2008-02-17 14:37 . 2008-02-17 14:38 <DIR> d-------- C:\Program Files\iMesh Applications
2008-02-17 14:37 . 2008-02-17 15:50 <DIR> d-------- C:\Documents and Settings\P\Application Data\iMesh
2008-02-17 14:37 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-02-14 18:28 . 2008-02-14 18:28 <DIR> d-------- C:\Program Files\Intelore
2008-02-14 18:28 . 2008-02-14 18:28 <DIR> d-------- C:\Documents and Settings\P\Application Data\Intelore
2008-02-12 19:37 . 2008-02-12 19:37 <DIR> d-------- C:\Program Files\Overhoor
2008-02-12 19:34 . 2008-02-12 19:34 <DIR> d-------- C:\Program Files\DrillAss
2008-02-12 19:34 . 2008-02-12 19:35 295 --a------ C:\WINDOWS\DrillAss.ini
2008-02-12 19:34 . 2008-02-12 19:37 47 --a------ C:\WINDOWS\OH4WIN.REG
2008-02-08 14:22 . 2008-02-08 14:22 104 --a------ C:\WINDOWS\packspel.dat
2008-02-05 14:15 . 2008-02-05 14:15 <DIR> d-------- C:\HAVEN
2008-02-05 14:10 . 2008-02-08 14:21 <DIR> d-------- C:\PACKMOB
2008-02-01 23:53 . 2008-02-01 23:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-01 23:53 . 2008-02-01 23:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 14:34 . 2008-01-28 14:34 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-28 14:34 . 2008-01-28 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-28 14:33 . 2008-01-28 14:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-25 14:45 . 2006-05-11 10:48 106,496 --a------ C:\WINDOWS\system32\DrvTrNTl.dll
2008-01-25 14:45 . 2006-05-17 21:53 54,272 --a------ C:\WINDOWS\system32\DrvTrNTm.dll
2008-01-24 20:38 . 2008-01-24 20:38 <DIR> d-------- C:\WINDOWS\naevius_yt_1
2008-01-24 20:38 . 2008-01-24 20:47 <DIR> d-------- C:\Program Files\Naevius YouTube Converter
2008-01-24 20:38 . 2008-02-10 15:42 <DIR> d-------- C:\naevius_temp_folder
2008-01-24 00:05 . 2008-01-24 00:05 <DIR> d-------- C:\Program Files\HighCriteria

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 14:56 --------- d-----w C:\Program Files\Outpost Firewall
2008-02-20 14:56 --------- d-----w C:\Program Files\capimonitor
2008-02-20 14:56 --------- d-----w C:\Documents and Settings\P\Application Data\OpenOffice.org2
2008-02-19 11:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-24 19:43 --------- d-----w C:\Program Files\DivX
2008-01-17 20:52 --------- d-----w C:\Program Files\Op de boerderij
2008-01-16 11:45 --------- d-----w C:\Program Files\Trend Micro
2008-01-16 10:55 262,144 ----a-w C:\ntuser.dat
2008-01-16 03:07 --------- d-----w C:\Program Files\Hitman Pro
2008-01-16 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 01:54 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-12 22:12 --------- d-----w C:\Program Files\Uniblue
2008-01-12 22:12 --------- d-----w C:\Program Files\Diafaan Oproep Lite
2008-01-12 22:12 --------- d-----w C:\Documents and Settings\P\Application Data\Uniblue
2008-01-08 17:21 --------- d-----w C:\Program Files\Webvox Instellingen
2008-01-08 15:30 --------- d-----w C:\Documents and Settings\P\Application Data\Samsung
2008-01-06 15:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 15:40 --------- d-----w C:\Program Files\Samsung
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-03 18:56 --------- d-----w C:\Program Files\DP
2008-01-02 10:48 --------- d-----w C:\Program Files\Payvision
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-29 13:11 160 ----a-w C:\install.dat
2007-11-14 08:27 69,632 ----a-w C:\Program Files\DBXtract.exe
2006-04-28 17:59 128,544 ----a-w C:\Program Files\FindFile.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2008-02-07 11:54 398768 --a------ C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 04:58 73728 C:\WINDOWS\SoundMan.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-05 11:05 2550272 C:\WINDOWS\ALCWZRD.EXE]
"FmctrlTray"="Fmctrl.EXE" [2001-08-20 14:47 270336 C:\WINDOWS\system32\fmctrl.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43 86016]
"Outpost Firewall"="C:\Program Files\Outpost Firewall\outpost.exe" [2004-03-10 15:18 87040]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RegistryMechanic"=""
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 01:32 86016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

C:\Documents and Settings\P\Menu Start\Programma's\Opstarten\
OpenOffice.org 2.3 .lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
Snelkoppeling naar capimonitor.lnk - C:\Program Files\capimonitor\capimonitor.exe [2006-05-20 22:53:38 1444864]
Snelkoppeling naar DateInTray.exe.lnk - C:\Program Files\DateInTray\DateInTray.exe [2006-02-15 14:30:32 78848]
Snelkoppeling naar NoteTab.lnk - C:\Program Files\NoteTab Light\NoteTab.exe [2006-05-21 11:45:08 1797632]
Snelkoppeling naar VoxVox32.lnk - C:\Program Files\Vox\VoxVox32.exe [2006-05-22 19:57:55 462848]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]

R1 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\OUTPOS~1\kernel\2000\FILTNT.SYS [2004-03-10 15:16]
R2 AVMPORT;AVMPORT;C:\WINDOWS\system32\drivers\avmport.sys [2007-09-30 01:10]
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\PROGRA~1\OUTPOS~1\kernel\ADBLOCK.DLL [2004-03-10 15:17]
R3 AVMWAN;NDIS WAN CAPI drivers;C:\WINDOWS\system32\DRIVERS\avmwan.sys [2002-08-01 01:00]
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\CONTENT.DLL [2004-03-10 15:17]
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\PROGRA~1\OUTPOS~1\kernel\DNSCACHE.DLL [2004-03-10 15:16]
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\FTPFILT.DLL [2004-03-10 15:18]
R3 fxusbase;Webvox (Win XP/2000);C:\WINDOWS\system32\DRIVERS\fxusbase.sys [2002-08-01 01:00]
R3 gameport;FM801 PCI Joystick;C:\WINDOWS\system32\DRIVERS\fmjoy.sys [2001-06-15 00:59]
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\HTMLFILT.DLL [2004-03-10 15:16]
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\HTTPFILT.DLL [2004-03-10 15:34]
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\IMAPFILT.DLL [2004-03-10 15:17]
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\MAILFILT.DLL [2004-03-10 15:17]
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\NNTPFILT.DLL [2004-03-10 15:17]
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\POP3FILT.DLL [2004-03-10 15:17]
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\PROTECT.DLL [2004-03-10 15:18]
R3 wdm_fm801;FM801 PCI Audio (WDM);C:\WINDOWS\system32\drivers\fm801.sys [2001-11-02 07:33]
S3 DIGIRPS;Digi PortServer-stuurprogramma;C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-09-06 18:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24f424cf-bdfd-11dc-b1de-00112fb33673}]
\Shell\AutoRun\command - I:\2ifetri.cmd
\Shell\explore\Command - I:\2ifetri.cmd
\Shell\open\Command - I:\2ifetri.cmd

.
Inhoud van de 'Gedeelde Taken' map
"2008-02-18 01:00:27 C:\WINDOWS\Tasks\maak kopie van map pvk.job"
- C:\WINDOWS\system32\ntbackup.exeRbackup
"2008-02-10 20:28:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-11 18:47:06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 17:59:37
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-02-20 18:00:06
ComboFix-quarantined-files.txt 2008-02-20 17:00:03
ComboFix2.txt 2008-01-29 10:58:00
ComboFix3.txt 2008-01-29 10:47:45
ComboFix4.txt 2008-01-29 09:33:25
ComboFix5.txt 2008-01-17 21:25:52


en:

Logfile of HijackThis v1.99.1
Scan saved at 18:03:03, on 20.02.08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\OUTPOS~1\outpost.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\Fmctrl.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\capimonitor\capimonitor.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\DateInTray\DateInTray.exe
C:\Program Files\NoteTab Light\NoteTab.exe
C:\Program Files\Vox\VoxVox32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
E:\internet\download\antispyware\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://10.0.0.138
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: OpenOffice.org 2.3 .lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Snelkoppeling naar capimonitor.lnk = C:\Program Files\capimonitor\capimonitor.exe
O4 - Startup: Snelkoppeling naar DateInTray.exe.lnk = C:\Program Files\DateInTray\DateInTray.exe
O4 - Startup: Snelkoppeling naar NoteTab.lnk = C:\Program Files\NoteTab Light\NoteTab.exe
O4 - Startup: Snelkoppeling naar VoxVox32.lnk = C:\Program Files\Vox\VoxVox32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Outpost Firewall\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Outpost Firewall\TRASH.EXE (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.freerecordshop.nl
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197824463562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197824591312
O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://members.driverguide.com/director/dispatch_getfile.php?mode=toolkit_lite
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\OUTPOS~1\outpost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

aanvulling:

ik moest opnieuw opstarten, gelukkig geen melding meer van

Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24f424cf-bdfd-11dc-b1de-00112fb33673}]




Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

Wat heb je op drive I: ???

op min drive I staat een mp3 speler; (en op J de camera, Sony MemoryStick, maar dat had je al gezien, denk ik )

nog een keer Logfile of HijackThis?

In bericht #2 gaf ik opdracht om ComboFix te downloaden op je bureaublad.

Plaats combofix op je bureaublad tesamen met bovenstaande kladblok bestand.

Sleep dan het bestand CFscript.txt naar ComboFix en post dat log.

sorry, ik wist niet dat dat een rol kon spelen.

ComboFix 08-02-20.2 - pvk 2008-02-20 22:23:23.13 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.565 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\P\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\P\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))
.

2008-02-17 14:37 . 2008-02-17 14:38 <DIR> d-------- C:\Program Files\iMesh Applications
2008-02-17 14:37 . 2008-02-17 15:50 <DIR> d-------- C:\Documents and Settings\P\Application Data\iMesh
2008-02-17 14:37 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-02-14 18:28 . 2008-02-14 18:28 <DIR> d-------- C:\Program Files\Intelore
2008-02-14 18:28 . 2008-02-14 18:28 <DIR> d-------- C:\Documents and Settings\P\Application Data\Intelore
2008-02-12 19:37 . 2008-02-12 19:37 <DIR> d-------- C:\Program Files\Overhoor
2008-02-12 19:34 . 2008-02-12 19:34 <DIR> d-------- C:\Program Files\DrillAss
2008-02-12 19:34 . 2008-02-12 19:35 295 --a------ C:\WINDOWS\DrillAss.ini
2008-02-12 19:34 . 2008-02-12 19:37 47 --a------ C:\WINDOWS\OH4WIN.REG
2008-02-08 14:22 . 2008-02-08 14:22 104 --a------ C:\WINDOWS\packspel.dat
2008-02-05 14:15 . 2008-02-05 14:15 <DIR> d-------- C:\HAVEN
2008-02-05 14:10 . 2008-02-08 14:21 <DIR> d-------- C:\PACKMOB
2008-02-01 23:53 . 2008-02-01 23:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-01 23:53 . 2008-02-01 23:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 14:34 . 2008-01-28 14:34 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-28 14:34 . 2008-01-28 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-28 14:33 . 2008-01-28 14:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-25 14:45 . 2006-05-11 10:48 106,496 --a------ C:\WINDOWS\system32\DrvTrNTl.dll
2008-01-25 14:45 . 2006-05-17 21:53 54,272 --a------ C:\WINDOWS\system32\DrvTrNTm.dll
2008-01-24 20:38 . 2008-01-24 20:38 <DIR> d-------- C:\WINDOWS\naevius_yt_1
2008-01-24 20:38 . 2008-01-24 20:47 <DIR> d-------- C:\Program Files\Naevius YouTube Converter
2008-01-24 20:38 . 2008-02-10 15:42 <DIR> d-------- C:\naevius_temp_folder
2008-01-24 00:05 . 2008-01-24 00:05 <DIR> d-------- C:\Program Files\HighCriteria

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 20:26 --------- d-----w C:\Program Files\Outpost Firewall
2008-02-20 17:11 --------- d-----w C:\Program Files\capimonitor
2008-02-20 17:11 --------- d-----w C:\Documents and Settings\P\Application Data\OpenOffice.org2
2008-02-19 11:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-24 19:43 --------- d-----w C:\Program Files\DivX
2008-01-17 20:52 --------- d-----w C:\Program Files\Op de boerderij
2008-01-16 11:45 --------- d-----w C:\Program Files\Trend Micro
2008-01-16 10:55 262,144 ----a-w C:\ntuser.dat
2008-01-16 03:07 --------- d-----w C:\Program Files\Hitman Pro
2008-01-16 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 01:54 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-12 22:12 --------- d-----w C:\Program Files\Uniblue
2008-01-12 22:12 --------- d-----w C:\Program Files\Diafaan Oproep Lite
2008-01-12 22:12 --------- d-----w C:\Documents and Settings\P\Application Data\Uniblue
2008-01-08 17:21 --------- d-----w C:\Program Files\Webvox Instellingen
2008-01-08 15:30 --------- d-----w C:\Documents and Settings\P\Application Data\Samsung
2008-01-06 15:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 15:40 --------- d-----w C:\Program Files\Samsung
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-03 18:56 --------- d-----w C:\Program Files\DP
2008-01-02 10:48 --------- d-----w C:\Program Files\Payvision
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-29 13:11 160 ----a-w C:\install.dat
2007-11-14 08:27 69,632 ----a-w C:\Program Files\DBXtract.exe
2006-04-28 17:59 128,544 ----a-w C:\Program Files\FindFile.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2008-02-07 11:54 398768 --a------ C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 04:58 73728 C:\WINDOWS\SoundMan.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-05 11:05 2550272 C:\WINDOWS\ALCWZRD.EXE]
"FmctrlTray"="Fmctrl.EXE" [2001-08-20 14:47 270336 C:\WINDOWS\system32\fmctrl.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43 86016]
"Outpost Firewall"="C:\Program Files\Outpost Firewall\outpost.exe" [2004-03-10 15:18 87040]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RegistryMechanic"=""
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 01:32 86016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

C:\Documents and Settings\P\Menu Start\Programma's\Opstarten\
OpenOffice.org 2.3 .lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
Snelkoppeling naar capimonitor.lnk - C:\Program Files\capimonitor\capimonitor.exe [2006-05-20 22:53:38 1444864]
Snelkoppeling naar DateInTray.exe.lnk - C:\Program Files\DateInTray\DateInTray.exe [2006-02-15 14:30:32 78848]
Snelkoppeling naar NoteTab.lnk - C:\Program Files\NoteTab Light\NoteTab.exe [2006-05-21 11:45:08 1797632]
Snelkoppeling naar VoxVox32.lnk - C:\Program Files\Vox\VoxVox32.exe [2006-05-22 19:57:55 462848]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]

R1 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\OUTPOS~1\kernel\2000\FILTNT.SYS [2004-03-10 15:16]
R2 AVMPORT;AVMPORT;C:\WINDOWS\system32\drivers\avmport.sys [2007-09-30 01:10]
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\PROGRA~1\OUTPOS~1\kernel\ADBLOCK.DLL [2004-03-10 15:17]
R3 AVMWAN;NDIS WAN CAPI drivers;C:\WINDOWS\system32\DRIVERS\avmwan.sys [2002-08-01 01:00]
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\CONTENT.DLL [2004-03-10 15:17]
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\PROGRA~1\OUTPOS~1\kernel\DNSCACHE.DLL [2004-03-10 15:16]
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\FTPFILT.DLL [2004-03-10 15:18]
R3 fxusbase;Webvox (Win XP/2000);C:\WINDOWS\system32\DRIVERS\fxusbase.sys [2002-08-01 01:00]
R3 gameport;FM801 PCI Joystick;C:\WINDOWS\system32\DRIVERS\fmjoy.sys [2001-06-15 00:59]
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\HTMLFILT.DLL [2004-03-10 15:16]
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\HTTPFILT.DLL [2004-03-10 15:34]
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\IMAPFILT.DLL [2004-03-10 15:17]
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\MAILFILT.DLL [2004-03-10 15:17]
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\NNTPFILT.DLL [2004-03-10 15:17]
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\POP3FILT.DLL [2004-03-10 15:17]
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\PROTECT.DLL [2004-03-10 15:18]
R3 wdm_fm801;FM801 PCI Audio (WDM);C:\WINDOWS\system32\drivers\fm801.sys [2001-11-02 07:33]
S3 DIGIRPS;Digi PortServer-stuurprogramma;C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-09-06 18:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24f424cf-bdfd-11dc-b1de-00112fb33673}]
\Shell\AutoRun\command - I:\2ifetri.cmd
\Shell\explore\Command - I:\2ifetri.cmd
\Shell\open\Command - I:\2ifetri.cmd

.
Inhoud van de 'Gedeelde Taken' map
"2008-02-18 01:00:27 C:\WINDOWS\Tasks\maak kopie van map pvk.job"
- C:\WINDOWS\system32\ntbackup.exeRbackup
"2008-02-20 20:28:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-11 18:47:06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 22:24:12
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-02-20 22:24:37
ComboFix-quarantined-files.txt 2008-02-20 21:24:35
ComboFix2.txt 2008-02-20 17:58:24
ComboFix3.txt 2008-02-20 17:00:07
ComboFix4.txt 2008-01-29 10:58:00
ComboFix5.txt 2008-01-29 10:47:45

Kan je de blauwe tekst uit bericht #5 nog een keer in notepad copieren en opslaan als CFScript.txt op je bureaublad. Sleep dan nogmaals het bestandje naar ComboFix.

Ik heb de code iets aangepast waardoor die regel nu wel wordt verwijderd. Post opnieuw het log.

ok, komt ie nog een keer:

ComboFix 08-02-20.2 - pvk 2008-02-21 0:11:07.14 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.549 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\P\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\P\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))
.

2008-02-17 14:37 . 2008-02-17 14:38 <DIR> d-------- C:\Program Files\iMesh Applications
2008-02-17 14:37 . 2008-02-17 15:50 <DIR> d-------- C:\Documents and Settings\P\Application Data\iMesh
2008-02-17 14:37 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-02-14 18:28 . 2008-02-14 18:28 <DIR> d-------- C:\Program Files\Intelore
2008-02-14 18:28 . 2008-02-14 18:28 <DIR> d-------- C:\Documents and Settings\P\Application Data\Intelore
2008-02-12 19:37 . 2008-02-12 19:37 <DIR> d-------- C:\Program Files\Overhoor
2008-02-12 19:34 . 2008-02-12 19:34 <DIR> d-------- C:\Program Files\DrillAss
2008-02-12 19:34 . 2008-02-12 19:35 295 --a------ C:\WINDOWS\DrillAss.ini
2008-02-12 19:34 . 2008-02-12 19:37 47 --a------ C:\WINDOWS\OH4WIN.REG
2008-02-08 14:22 . 2008-02-08 14:22 104 --a------ C:\WINDOWS\packspel.dat
2008-02-05 14:15 . 2008-02-05 14:15 <DIR> d-------- C:\HAVEN
2008-02-05 14:10 . 2008-02-08 14:21 <DIR> d-------- C:\PACKMOB
2008-02-01 23:53 . 2008-02-01 23:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-01 23:53 . 2008-02-01 23:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 14:34 . 2008-01-28 14:34 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-28 14:34 . 2008-01-28 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-28 14:33 . 2008-01-28 14:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-25 14:45 . 2006-05-11 10:48 106,496 --a------ C:\WINDOWS\system32\DrvTrNTl.dll
2008-01-25 14:45 . 2006-05-17 21:53 54,272 --a------ C:\WINDOWS\system32\DrvTrNTm.dll
2008-01-24 20:38 . 2008-01-24 20:38 <DIR> d-------- C:\WINDOWS\naevius_yt_1
2008-01-24 20:38 . 2008-01-24 20:47 <DIR> d-------- C:\Program Files\Naevius YouTube Converter
2008-01-24 20:38 . 2008-02-10 15:42 <DIR> d-------- C:\naevius_temp_folder
2008-01-24 00:05 . 2008-01-24 00:05 <DIR> d-------- C:\Program Files\HighCriteria

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 20:26 --------- d-----w C:\Program Files\Outpost Firewall
2008-02-20 17:11 --------- d-----w C:\Program Files\capimonitor
2008-02-20 17:11 --------- d-----w C:\Documents and Settings\P\Application Data\OpenOffice.org2
2008-02-19 11:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-24 19:43 --------- d-----w C:\Program Files\DivX
2008-01-17 20:52 --------- d-----w C:\Program Files\Op de boerderij
2008-01-16 11:45 --------- d-----w C:\Program Files\Trend Micro
2008-01-16 10:55 262,144 ----a-w C:\ntuser.dat
2008-01-16 03:07 --------- d-----w C:\Program Files\Hitman Pro
2008-01-16 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 01:54 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-12 22:12 --------- d-----w C:\Program Files\Uniblue
2008-01-12 22:12 --------- d-----w C:\Program Files\Diafaan Oproep Lite
2008-01-12 22:12 --------- d-----w C:\Documents and Settings\P\Application Data\Uniblue
2008-01-08 17:21 --------- d-----w C:\Program Files\Webvox Instellingen
2008-01-08 15:30 --------- d-----w C:\Documents and Settings\P\Application Data\Samsung
2008-01-06 15:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 15:40 --------- d-----w C:\Program Files\Samsung
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-03 18:56 --------- d-----w C:\Program Files\DP
2008-01-02 10:48 --------- d-----w C:\Program Files\Payvision
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-29 13:11 160 ----a-w C:\install.dat
2007-11-14 08:27 69,632 ----a-w C:\Program Files\DBXtract.exe
2006-04-28 17:59 128,544 ----a-w C:\Program Files\FindFile.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2008-02-07 11:54 398768 --a------ C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 04:58 73728 C:\WINDOWS\SoundMan.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-05 11:05 2550272 C:\WINDOWS\ALCWZRD.EXE]
"FmctrlTray"="Fmctrl.EXE" [2001-08-20 14:47 270336 C:\WINDOWS\system32\fmctrl.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43 86016]
"Outpost Firewall"="C:\Program Files\Outpost Firewall\outpost.exe" [2004-03-10 15:18 87040]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RegistryMechanic"=""
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 01:32 86016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

C:\Documents and Settings\P\Menu Start\Programma's\Opstarten\
OpenOffice.org 2.3 .lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
Snelkoppeling naar capimonitor.lnk - C:\Program Files\capimonitor\capimonitor.exe [2006-05-20 22:53:38 1444864]
Snelkoppeling naar DateInTray.exe.lnk - C:\Program Files\DateInTray\DateInTray.exe [2006-02-15 14:30:32 78848]
Snelkoppeling naar NoteTab.lnk - C:\Program Files\NoteTab Light\NoteTab.exe [2006-05-21 11:45:08 1797632]
Snelkoppeling naar VoxVox32.lnk - C:\Program Files\Vox\VoxVox32.exe [2006-05-22 19:57:55 462848]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]

R1 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\OUTPOS~1\kernel\2000\FILTNT.SYS [2004-03-10 15:16]
R2 AVMPORT;AVMPORT;C:\WINDOWS\system32\drivers\avmport.sys [2007-09-30 01:10]
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\PROGRA~1\OUTPOS~1\kernel\ADBLOCK.DLL [2004-03-10 15:17]
R3 AVMWAN;NDIS WAN CAPI drivers;C:\WINDOWS\system32\DRIVERS\avmwan.sys [2002-08-01 01:00]
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\CONTENT.DLL [2004-03-10 15:17]
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\PROGRA~1\OUTPOS~1\kernel\DNSCACHE.DLL [2004-03-10 15:16]
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\FTPFILT.DLL [2004-03-10 15:18]
R3 fxusbase;Webvox (Win XP/2000);C:\WINDOWS\system32\DRIVERS\fxusbase.sys [2002-08-01 01:00]
R3 gameport;FM801 PCI Joystick;C:\WINDOWS\system32\DRIVERS\fmjoy.sys [2001-06-15 00:59]
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\HTMLFILT.DLL [2004-03-10 15:16]
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\HTTPFILT.DLL [2004-03-10 15:34]
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\IMAPFILT.DLL [2004-03-10 15:17]
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\MAILFILT.DLL [2004-03-10 15:17]
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\NNTPFILT.DLL [2004-03-10 15:17]
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\POP3FILT.DLL [2004-03-10 15:17]
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\PROTECT.DLL [2004-03-10 15:18]
R3 wdm_fm801;FM801 PCI Audio (WDM);C:\WINDOWS\system32\drivers\fm801.sys [2001-11-02 07:33]
S3 DIGIRPS;Digi PortServer-stuurprogramma;C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-09-06 18:36]

.
Inhoud van de 'Gedeelde Taken' map
"2008-02-18 01:00:27 C:\WINDOWS\Tasks\maak kopie van map pvk.job"
- C:\WINDOWS\system32\ntbackup.exeRbackup
"2008-02-20 20:28:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-11 18:47:06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 00:11:55
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-02-21 0:12:20
ComboFix-quarantined-files.txt 2008-02-20 23:12:18
ComboFix2.txt 2008-02-20 21:24:38
ComboFix3.txt 2008-02-20 17:58:24
ComboFix4.txt 2008-02-20 17:00:07
ComboFix5.txt 2008-01-29 10:58:00

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

Open de verkenner ("Deze Computer") en kies Extra -> Mapopties...
Controleer onder Weergave de volgende instellingen:

Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
Uitzetten: Extensies voor bekende bestandstypen verbergen

Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
Selecteer: Verborgen bestanden en mappen weergeven

Druk daarna op Toepassen gevolgd door Ok.

Controleer of je het volgende (verborgen) bestand nog ziet:
I:\2ifetri.cmd (Wel je MP3-player aansluiten)

Alles nu in orde?

Combofix verwijderd, weergave-instellingen aangepast , maar 2ifetri.cmd niet te vinden

Gelukkig niet meer aanwezig.
Dan kan deze naar Opgelost worden verplaatst.

alvorens je dat doet, heb ik toch nog een vraagje: morgen komt mijn kleindochter . die heeft
- een mobieltje waar ze gedownloade muziek op zet
- nog een andere usb stick van mij.

hoe te handelen:
-a- scannen met avast is voldoende
-b- de hele procedure met logjes herhalen, uiteraard met aangesloten apparaten

graag advies.

Over het uitzetten van de "Autorun" functie moet ik nog eens een pagina voor maken, maar lees deze pagina. (Is wel engels)

Hierbij wordt gebruik gemaakt van het programma TweakUI van Microsoft, waarmee je aanpassingen kunt maken zonder in het register te duiken.

Er staat dus goed beschreven hoe je die Autorun uit moet zetten voor USB-drives.

Dan kan je dus wel een USB apparaat zoals MP3-speler of mobiel aansluiten zonder dat een eventueel virus wordt gestart.
Daarna kan je dus met avast de "disk" scannen.