Volg deze instructies om ComboFix te downloaden:

• Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console
  Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.
  
  OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
  schakel dan deze scanner uit en download Combofix opnieuw.
  Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  
  • Dubbelklik op Combofix.exe
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
  
  
  Plaats deze log in je volgende post, samen met een vers HijackThis logje.

Beste
Dank voor de snelle reactie. Daar het niet om mijn eigen computer gaat maar deze van de kleinkinderen, zal ik uw raadgeving slechts binnen enkele dagen kunnen uitvoeren. Ik meld me dan opnieuw met het resultaat.
Tot dan

Piet

Ik zie je antwoord wel verschijnen Piet

combofix

Hallo
Vandaag Combofix toegepast. Hierna log en hijacklog
ComboFix 08-03-14.4 - gebruiker 2008-03-19 15:04:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.563 [GMT 1:00]
Gestart vanuit: I:\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMd3f5e808.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system\tap64drv
C:\WINDOWS\system32\awtrqnl.dll
C:\WINDOWS\system32\drvrasr.dll
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\nqtwa.ini2
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qqstv.ini2
C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\wvvwa.ini
C:\WINDOWS\system32\wvvwa.ini2
C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_NTMLSVC
-------\LEGACY_RUNTIME
-------\NtmlSvc
-------\tap64drv


(((((((((((((((((((( Bestanden Gemaakt van 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))
.

2008-03-19 15:08 . 2008-03-19 15:08 7,168 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-03-19 14:34 . 2008-03-19 14:57 <DIR> dr-h----- C:\Documents and Settings\gebruiker\Onlangs geopend
2008-03-12 18:11 . 2008-03-12 18:11 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-12 18:09 . 2008-03-12 18:09 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-12 17:13 . 2008-03-12 17:13 <DIR> d-------- C:\Program Files\CCleaner
2008-03-12 16:59 . 2008-03-12 16:59 38,400 --a------ C:\WINDOWS\system32\n
2008-03-12 15:32 . 2008-03-12 15:37 <DIR> d-------- C:\Program Files\RegistryFix
2008-03-08 13:48 . 2008-03-08 13:48 268 --ah----- C:\sqmdata19.sqm
2008-03-08 13:48 . 2008-03-08 13:48 244 --ah----- C:\sqmnoopt19.sqm
2008-03-08 12:06 . 2008-03-08 12:06 268 --ah----- C:\sqmdata18.sqm
2008-03-08 12:06 . 2008-03-08 12:06 244 --ah----- C:\sqmnoopt18.sqm
2008-03-08 00:55 . 2008-03-08 00:55 268 --ah----- C:\sqmdata17.sqm
2008-03-08 00:55 . 2008-03-08 00:55 244 --ah----- C:\sqmnoopt17.sqm
2008-03-07 22:36 . 2008-03-07 22:36 268 --ah----- C:\sqmdata16.sqm
2008-03-07 22:36 . 2008-03-07 22:36 244 --ah----- C:\sqmnoopt16.sqm
2008-03-07 20:55 . 2008-03-07 20:55 268 --ah----- C:\sqmdata15.sqm
2008-03-07 20:55 . 2008-03-07 20:55 244 --ah----- C:\sqmnoopt15.sqm
2008-03-06 19:52 . 2008-03-06 19:52 268 --ah----- C:\sqmdata14.sqm
2008-03-06 19:52 . 2008-03-06 19:52 244 --ah----- C:\sqmnoopt14.sqm
2008-03-06 19:43 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-06 19:07 . 2008-03-06 19:07 268 --ah----- C:\sqmdata13.sqm
2008-03-06 19:07 . 2008-03-06 19:07 244 --ah----- C:\sqmnoopt13.sqm
2008-03-06 17:56 . 2008-03-06 17:56 268 --ah----- C:\sqmdata12.sqm
2008-03-06 17:56 . 2008-03-06 17:56 244 --ah----- C:\sqmnoopt12.sqm
2008-03-06 16:35 . 2008-03-18 18:38 268 --ah----- C:\sqmdata11.sqm
2008-03-06 16:35 . 2008-03-18 18:38 244 --ah----- C:\sqmnoopt11.sqm
2008-03-05 18:48 . 2008-03-10 16:49 <DIR> d-------- C:\Downloads
2008-03-05 18:41 . 2008-03-11 21:48 <DIR> d-------- C:\Program Files\BitComet
2008-03-05 18:10 . 2008-03-05 18:15 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2008-03-05 18:03 . 2007-12-07 03:18 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-05 18:03 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-05 18:03 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-05 18:03 . 2007-12-07 03:18 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-05 18:03 . 2007-12-07 03:18 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-05 18:03 . 2007-12-07 03:18 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-05 18:03 . 2007-12-07 03:18 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-05 18:03 . 2007-12-07 03:18 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-05 18:03 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-05 17:14 . 2008-03-19 15:07 26,290,208 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-05 17:14 . 2008-03-19 15:07 300,608 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-05 17:13 . 2008-03-05 17:12 2,832,997 --a------ C:\WINDOWS\system32\fdxhelzg.xml
2008-03-05 17:13 . 2008-03-05 17:12 2,832,997 --a------ C:\WINDOWS\system32\erpojohy.xml
2008-03-05 17:12 . 2008-03-05 17:12 2,832,997 --a------ C:\WINDOWS\system32\vjxhovgy.xml
2008-03-05 17:11 . 2008-03-05 17:11 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-03-05 17:08 . 2008-03-05 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-05 17:08 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-03-05 17:08 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-03-05 17:08 . 2008-03-05 17:11 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-05 17:06 . 2008-03-05 17:06 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-05 17:05 . 2008-03-19 15:08 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-05 16:50 . 2008-03-05 16:50 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-05 14:50 . 2008-03-05 14:50 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-03-05 14:39 . 2008-03-05 14:39 <DIR> d-------- C:\Program Files\The Creative Assembly
2008-03-05 13:14 . 2008-03-18 18:06 268 --ah----- C:\sqmdata10.sqm
2008-03-05 13:14 . 2008-03-18 18:06 244 --ah----- C:\sqmnoopt10.sqm
2008-03-05 13:13 . 2008-03-05 13:12 2,832,997 --a------ C:\WINDOWS\system32\vvwywash.xml
2008-03-04 20:57 . 2008-03-04 20:56 2,832,997 --a------ C:\WINDOWS\system32\slappwhi.xml
2008-03-04 19:50 . 2008-03-04 19:50 <DIR> d-------- C:\Documents and Settings\_piekie_\Application Data\Macromedia
2008-03-04 19:45 . 2008-03-04 19:45 <DIR> d-------- C:\Documents and Settings\_piekie_\Application Data\AVG7
2008-03-04 19:44 . 2008-02-19 04:26 <DIR> d--h----- C:\Documents and Settings\_piekie_\Sjablonen
2008-03-04 19:44 . 2008-03-04 19:44 <DIR> dr-h----- C:\Documents and Settings\_piekie_\SendTo
2008-03-04 19:44 . 2008-03-04 19:45 <DIR> dr-h----- C:\Documents and Settings\_piekie_\Onlangs geopend
2008-03-04 19:44 . 2008-02-19 05:22 <DIR> d--h----- C:\Documents and Settings\_piekie_\Netwerkprinteromgeving
2008-03-04 19:44 . 2008-02-19 05:22 <DIR> d--h----- C:\Documents and Settings\_piekie_\NetHood
2008-03-04 19:44 . 2008-03-07 15:41 <DIR> dr------- C:\Documents and Settings\_piekie_\Mijn documenten
2008-03-04 19:44 . 2008-02-19 05:22 <DIR> dr------- C:\Documents and Settings\_piekie_\Menu Start
2008-03-04 19:44 . 2008-03-19 15:06 <DIR> d--h----- C:\Documents and Settings\_piekie_\Local Settings
2008-03-04 19:44 . 2008-03-07 15:39 <DIR> dr------- C:\Documents and Settings\_piekie_\Favorieten
2008-03-04 19:44 . 2008-03-07 15:42 <DIR> d--hs---- C:\Documents and Settings\_piekie_\Cookies
2008-03-04 19:44 . 2008-02-19 05:22 <DIR> d-------- C:\Documents and Settings\_piekie_\Bureaublad
2008-03-04 19:44 . 2008-03-05 14:39 <DIR> d---s---- C:\Documents and Settings\_piekie_\Application Data\Microsoft
2008-03-04 19:44 . 2008-03-04 19:44 <DIR> d-------- C:\Documents and Settings\_piekie_\Application Data\Identities
2008-03-04 19:44 . 2008-03-04 19:45 <DIR> dr-h----- C:\Documents and Settings\_piekie_\Application Data
2008-03-04 19:44 . 2008-03-12 18:09 786,432 --ah----- C:\Documents and Settings\_piekie_\NTUSER.DAT
2008-03-04 17:55 . 2008-03-04 17:50 2,832,997 --a------ C:\WINDOWS\system32\fshtkvuc.xml
2008-03-04 12:40 . 2008-03-05 18:55 <DIR> d-------- C:\Program Files\LimeWire
2008-03-04 12:34 . 2008-03-04 12:33 2,832,980 --a------ C:\WINDOWS\system32\bwqslrqe.xml
2008-03-04 07:44 . 2008-03-04 07:39 2,832,980 --a------ C:\WINDOWS\system32\qaumchlu.xml
2008-03-03 22:07 . 2008-03-03 22:05 2,832,980 --a------ C:\WINDOWS\system32\hwhhindf.xml
2008-03-03 18:18 . 2008-03-05 18:48 2,833,048 --a------ C:\WINDOWS\system32\nuukctjq.xml
2008-03-02 18:29 . 2008-03-17 18:06 268 --ah----- C:\sqmdata09.sqm
2008-03-02 18:29 . 2008-03-17 18:06 244 --ah----- C:\sqmnoopt09.sqm
2008-03-02 18:07 . 2008-03-15 17:40 268 --ah----- C:\sqmdata08.sqm
2008-03-02 18:07 . 2008-03-15 17:40 244 --ah----- C:\sqmnoopt08.sqm
2008-03-02 17:53 . 2008-03-14 19:52 268 --ah----- C:\sqmdata07.sqm
2008-03-02 17:53 . 2008-03-14 19:52 244 --ah----- C:\sqmnoopt07.sqm
2008-03-02 12:18 . 2008-03-14 17:32 268 --ah----- C:\sqmdata06.sqm
2008-03-02 12:18 . 2008-03-14 17:32 244 --ah----- C:\sqmnoopt06.sqm
2008-03-01 14:12 . 2008-03-04 12:36 <DIR> d-------- C:\Documents and Settings\Annelore\Shared
2008-03-01 14:12 . 2008-03-04 12:37 <DIR> d-------- C:\Documents and Settings\Annelore\Incomplete
2008-03-01 14:10 . 2008-03-04 12:52 <DIR> d-------- C:\Documents and Settings\Annelore\Application Data\LimeWire
2008-03-01 12:09 . 2008-03-12 20:58 268 --ah----- C:\sqmdata05.sqm
2008-03-01 12:09 . 2008-03-12 20:58 244 --ah----- C:\sqmnoopt05.sqm
2008-02-28 17:43 . 2008-03-12 12:47 268 --ah----- C:\sqmdata04.sqm
2008-02-28 17:43 . 2008-03-12 12:47 244 --ah----- C:\sqmnoopt04.sqm
2008-02-27 21:10 . 2008-02-27 21:10 <DIR> d--hs---- C:\Documents and Settings\Annelore\UserData
2008-02-27 20:43 . 2008-03-09 17:18 268 --ah----- C:\sqmdata03.sqm
2008-02-27 20:43 . 2008-03-09 17:18 244 --ah----- C:\sqmnoopt03.sqm
2008-02-27 16:55 . 2008-03-19 14:45 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-02-27 16:42 . 2008-02-27 16:42 <DIR> d-------- C:\Documents and Settings\gebruiker\Application Data\Uniblue

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 13:08 7,999,408 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-15 12:08 1,452,544 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-03-14 22:10 1,452,032 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-03-11 20:47 4,373,504 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-03-10 17:02 1,415,168 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-03-08 17:10 1,406,976 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-06 11:44 3,182,592 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-05 13:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 13:21 12,288 ----a-w C:\Program Files\Common Files\main.ini
2008-02-20 13:03 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-20 09:57 9,709,568 ----a-w C:\WINDOWS\RTLCPL.exe
2008-02-20 09:57 86,016 ----a-w C:\WINDOWS\SoundMan.exe
2008-02-20 09:57 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
2008-02-20 09:57 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-02-20 09:57 4,484,608 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-02-20 09:57 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-20 09:57 2,879,488 ----a-w C:\WINDOWS\SkyTel.exe
2008-02-20 09:57 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe
2008-02-20 09:57 2,157,568 ----a-w C:\WINDOWS\MicCal.exe
2008-02-20 09:57 16,125,440 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-02-20 09:57 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
2008-02-20 09:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-19 04:52 --------- d-----w C:\Program Files\Prime95
2008-02-19 04:51 --------- d-----w C:\Program Files\CyberLink
2008-02-19 04:51 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-19 04:51 --------- d-----w C:\Program Files\Ahead
2008-02-19 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-19 03:55 --------- d-----w C:\Program Files\Futuremark
2008-02-19 03:53 --------- d-----w C:\Program Files\Windows Media Components
2008-02-19 03:53 --------- d-----w C:\Program Files\Malicious Software Removal Tool
2008-02-19 03:51 --------- d-----w C:\Program Files\Java
2008-02-19 03:51 --------- d-----w C:\Program Files\Common Files\Java
2008-02-19 03:34 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2008-02-13 08:34 100,736 ----a-w C:\WINDOWS\system32\drivers\nvatabus.sys
2008-02-01 10:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-03-05 17:11 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-03-05 17:11 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-03-05 17:11 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-13 08:34 8466432]
"nwiz"="nwiz.exe" [2007-07-13 08:34 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-13 08:34 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-02-19 04:51 77824]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-20 10:57 16125440 C:\WINDOWS\RTHDCPL.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-20 14:13 579072]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-20 14:12 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"="cmd.exe" [2004-08-04 12:00 399360 C:\WINDOWS\system32\cmd.exe]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdbxy]
iifdbxy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winuqw32]
winuqw32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-03-19 15:08 7168 C:\WINDOWS\system32\WLCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-02-20 10:57 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2008-02-20 10:57 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WintelUpdate]
--a------ 2008-02-20 20:02 52236 C:\yhojy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12256:TCP"= 12256:TCP:BitComet 12256 TCP
"12256:UDP"= 12256:UDP:BitComet 12256 UDP
"9190:TCP"= 9190:TCP:BitComet 9190 TCP
"9190:UDP"= 9190:UDP:BitComet 9190 UDP

R0 Msy28;Msy28;C:\WINDOWS\system32\Drivers\Msy28.sys [2008-02-20 14:21]
R2 WinSecur05;Windows services ;C:\WINDOWS\system32\Microsoft\svchost.exe [2008-02-20 14:21]

.
Inhoud van de 'Gedeelde Taken' map
"2008-02-20 17:39:54 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1203529123.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-03-19 13:11:17 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 15:08:45
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Voltooingstijd: 2008-03-19 15:10:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-19 14:10:34
.
2008-03-19 09:03:00 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:29, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\Documents and Settings\gebruiker\Bureaublad\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: iifdbxy - iifdbxy.dll (file missing)
O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: CheckSrv - {e4537eee-35c6-49d8-8054-8befa62713a2} - (no file)
O21 - SSODL: zip - {b8975304-c0b1-4e60-bf83-f418f4564b9c} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows services (WinSecur05) - Unknown owner - C:\WINDOWS\system32\Microsoft\svchost.exe

--
End of file - 6776 bytes

Alvast dank voor de tip. Hopelijk loopt alles nu beter

Piet

Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

File::
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\vjxhovgy.xml
C:\WINDOWS\system32\fdxhelzg.xml
C:\WINDOWS\system32\erpojohy.xml
C:\WINDOWS\system32\slappwhi.xml
C:\WINDOWS\system32\vvwywash.xml
C:\WINDOWS\system32\fshtkvuc.xml
C:\WINDOWS\system32\bwqslrqe.xml
C:\WINDOWS\system32\qaumchlu.xml
C:\WINDOWS\system32\hwhhindf.xml
C:\WINDOWS\system32\nuukctjq.xml
C:\WINDOWS\system32\WLCtrl32.dll
C:\yhojy.exe

Registry::
[-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdbxy]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winuqw32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WintelUpdate]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\currentVersion\Explorer\SharedTaskScheduler]
"e4537eee-35c6-49d8-8054-8befa62713a2"=-
"b8975304-c0b1-4e60-bf83-f418f4564b9c"=-

Driver::
Msy28
WinSecur05

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Hallo,

Zal het nodige doen bij eerstkomend bezoek. Tot dan
Groeten
Piet

Ik zie je antwoord wel tegemoet Piet.
Succes.

Laatste ingreep heeft nog niet plaats gevonden, allicht vandaag of in weekend. Nog even geduld a.u.b.

Prima Piet

Laatste Combofix

Ziehier de twee logs na uitvoering van de CFscript.

ComboFix 08-03-26.3 - gebruiker 2008-03-30 21:02:00.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.482 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\gebruiker\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\gebruiker\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::
C:\WINDOWS\system32\bwqslrqe.xml
C:\WINDOWS\system32\erpojohy.xml
C:\WINDOWS\system32\fdxhelzg.xml
C:\WINDOWS\system32\fshtkvuc.xml
C:\WINDOWS\system32\hwhhindf.xml
C:\WINDOWS\system32\nuukctjq.xml
C:\WINDOWS\system32\qaumchlu.xml
C:\WINDOWS\system32\slappwhi.xml
C:\WINDOWS\system32\vjxhovgy.xml
C:\WINDOWS\system32\vvwywash.xml
C:\WINDOWS\system32\WLCtrl32.dll
C:\yhojy.exe
.
TimedOut: Windir.dat

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bwqslrqe.xml
C:\WINDOWS\system32\erpojohy.xml
C:\WINDOWS\system32\fdxhelzg.xml
C:\WINDOWS\system32\fshtkvuc.xml
C:\WINDOWS\system32\hwhhindf.xml
C:\WINDOWS\system32\nuukctjq.xml
C:\WINDOWS\system32\qaumchlu.xml
C:\WINDOWS\system32\slappwhi.xml
C:\WINDOWS\system32\vjxhovgy.xml
C:\WINDOWS\system32\vvwywash.xml
C:\WINDOWS\system32\WLCtrl32.dll
C:\yhojy.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSY28
-------\Legacy_WINSECUR05
-------\Service_Msy28
-------\Service_WinSecur05


(((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))
.

2008-03-26 18:28 . 2008-03-26 18:28 <DIR> d-------- C:\Program Files\DNA
2008-03-26 18:28 . 2008-03-26 18:28 <DIR> d-------- C:\Program Files\BitTorrent
2008-03-26 18:28 . 2008-03-27 23:42 <DIR> d-------- C:\Documents and Settings\Annelore\Application Data\DNA
2008-03-26 18:28 . 2008-03-26 18:43 <DIR> d-------- C:\Documents and Settings\Annelore\Application Data\BitTorrent
2008-03-26 18:19 . 2008-03-26 18:19 <DIR> d-------- C:\Documents and Settings\gebruiker\Application Data\AdobeUM
2008-03-21 18:26 . 2008-03-21 18:26 <DIR> d-------- C:\Program Files\Mio Technology
2008-03-21 18:16 . 2008-03-21 18:16 <DIR> d-------- C:\Documents and Settings\Annelore\Application Data\AdobeUM
2008-03-21 18:15 . 2008-03-21 18:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-21 18:13 . 2008-03-21 18:13 <DIR> d-------- C:\WINDOWS\Cache
2008-03-21 16:35 . 2008-03-21 16:35 <DIR> d-------- C:\WINDOWS\Sun
2008-03-21 15:12 . 2001-08-17 22:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-03-21 15:12 . 2001-08-17 22:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-03-19 18:12 . 2008-03-19 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-19 18:04 . 2008-03-27 23:23 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-19 17:17 . 2008-03-20 16:51 <DIR> d-------- C:\Program Files\Google
2008-03-19 15:34 . 2008-03-29 21:59 <DIR> dr-h----- C:\Documents and Settings\gebruiker\Onlangs geopend
2008-03-12 19:11 . 2008-03-12 19:11 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-12 19:09 . 2008-03-12 19:09 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-12 18:13 . 2008-03-12 18:13 <DIR> d-------- C:\Program Files\CCleaner
2008-03-12 16:32 . 2008-03-12 16:37 <DIR> d-------- C:\Program Files\RegistryFix
2008-03-08 14:48 . 2008-03-25 19:12 268 --ah----- C:\sqmdata19.sqm
2008-03-08 14:48 . 2008-03-25 19:12 244 --ah----- C:\sqmnoopt19.sqm
2008-03-08 13:06 . 2008-03-25 15:22 268 --ah----- C:\sqmdata18.sqm
2008-03-08 13:06 . 2008-03-25 15:22 244 --ah----- C:\sqmnoopt18.sqm
2008-03-08 01:55 . 2008-03-24 13:53 268 --ah----- C:\sqmdata17.sqm
2008-03-08 01:55 . 2008-03-24 13:53 244 --ah----- C:\sqmnoopt17.sqm
2008-03-07 23:36 . 2008-03-22 22:00 268 --ah----- C:\sqmdata16.sqm
2008-03-07 23:36 . 2008-03-22 22:00 244 --ah----- C:\sqmnoopt16.sqm
2008-03-07 21:55 . 2008-03-22 21:28 268 --ah----- C:\sqmdata15.sqm
2008-03-07 21:55 . 2008-03-22 21:28 244 --ah----- C:\sqmnoopt15.sqm
2008-03-06 20:52 . 2008-03-22 12:21 268 --ah----- C:\sqmdata14.sqm
2008-03-06 20:52 . 2008-03-22 12:21 244 --ah----- C:\sqmnoopt14.sqm
2008-03-06 20:43 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-06 20:07 . 2008-03-20 13:45 268 --ah----- C:\sqmdata13.sqm
2008-03-06 20:07 . 2008-03-20 13:45 244 --ah----- C:\sqmnoopt13.sqm
2008-03-06 18:56 . 2008-03-20 12:09 268 --ah----- C:\sqmdata12.sqm
2008-03-06 18:56 . 2008-03-20 12:09 244 --ah----- C:\sqmnoopt12.sqm
2008-03-06 17:35 . 2008-03-18 19:38 268 --ah----- C:\sqmdata11.sqm
2008-03-06 17:35 . 2008-03-18 19:38 244 --ah----- C:\sqmnoopt11.sqm
2008-03-05 19:48 . 2008-03-10 17:49 <DIR> d-------- C:\Downloads
2008-03-05 19:41 . 2008-03-11 22:48 <DIR> d-------- C:\Program Files\BitComet
2008-03-05 19:10 . 2008-03-05 19:15 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2008-03-05 19:03 . 2007-12-07 04:18 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-05 19:03 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-05 19:03 . 2007-07-01 05:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-05 19:03 . 2007-12-07 04:18 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-05 19:03 . 2007-12-07 04:18 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-05 19:03 . 2007-12-07 04:18 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-05 19:03 . 2007-12-07 04:18 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-05 19:03 . 2007-12-07 04:18 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-05 19:03 . 2007-12-06 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-05 18:14 . 2008-03-30 21:05 47,519,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-05 18:14 . 2008-03-30 21:05 547,028 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-05 18:11 . 2008-03-05 18:11 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-03-05 18:08 . 2008-03-05 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-05 18:08 . 2007-11-14 17:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-03-05 18:08 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-03-05 18:08 . 2008-03-05 18:11 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-05 18:06 . 2008-03-05 18:06 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-05 18:05 . 2008-03-30 20:52 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-05 17:50 . 2008-03-05 17:50 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-05 15:50 . 2008-03-05 15:50 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-03-05 15:39 . 2008-03-05 15:39 <DIR> d-------- C:\Program Files\The Creative Assembly
2008-03-05 14:14 . 2008-03-18 19:06 268 --ah----- C:\sqmdata10.sqm
2008-03-05 14:14 . 2008-03-18 19:06 244 --ah----- C:\sqmnoopt10.sqm
2008-03-04 20:50 . 2008-03-04 20:50 <DIR> d-------- C:\Documents and Settings\_piekie_\Application Data\Macromedia
2008-03-04 20:45 . 2008-03-04 20:45 <DIR> d-------- C:\Documents and Settings\_piekie_\Application Data\AVG7
2008-03-04 20:44 . 2008-02-19 05:26 <DIR> d--h----- C:\Documents and Settings\_piekie_\Sjablonen
2008-03-04 20:44 . 2008-03-04 20:44 <DIR> dr-h----- C:\Documents and Settings\_piekie_\SendTo
2008-03-04 20:44 . 2008-03-04 20:45 <DIR> dr-h----- C:\Documents and Settings\_piekie_\Onlangs geopend
2008-03-04 20:44 . 2008-02-19 06:22 <DIR> d--h----- C:\Documents and Settings\_piekie_\Netwerkprinteromgeving
2008-03-04 20:44 . 2008-02-19 06:22 <DIR> d--h----- C:\Documents and Settings\_piekie_\NetHood
2008-03-04 20:44 . 2008-03-07 16:41 <DIR> dr------- C:\Documents and Settings\_piekie_\Mijn documenten
2008-03-04 20:44 . 2008-02-19 06:22 <DIR> dr------- C:\Documents and Settings\_piekie_\Menu Start
2008-03-04 20:44 . 2008-03-28 18:50 <DIR> d--h----- C:\Documents and Settings\_piekie_\Local Settings
2008-03-04 20:44 . 2008-03-07 16:39 <DIR> dr------- C:\Documents and Settings\_piekie_\Favorieten
2008-03-04 20:44 . 2008-03-07 16:42 <DIR> d--hs---- C:\Documents and Settings\_piekie_\Cookies
2008-03-04 20:44 . 2008-02-19 06:22 <DIR> d-------- C:\Documents and Settings\_piekie_\Bureaublad
2008-03-04 20:44 . 2008-03-05 15:39 <DIR> d---s---- C:\Documents and Settings\_piekie_\Application Data\Microsoft
2008-03-04 20:44 . 2008-03-04 20:44 <DIR> d-------- C:\Documents and Settings\_piekie_\Application Data\Identities
2008-03-04 20:44 . 2008-03-27 20:56 <DIR> dr-h----- C:\Documents and Settings\_piekie_\Application Data
2008-03-04 20:44 . 2008-03-27 20:56 786,432 --ah----- C:\Documents and Settings\_piekie_\NTUSER.DAT
2008-03-04 13:40 . 2008-03-26 18:30 <DIR> d-------- C:\Program Files\LimeWire
2008-03-02 19:29 . 2008-03-17 19:06 268 --ah----- C:\sqmdata09.sqm
2008-03-02 19:29 . 2008-03-17 19:06 244 --ah----- C:\sqmnoopt09.sqm
2008-03-02 19:07 . 2008-03-15 18:40 268 --ah----- C:\sqmdata08.sqm
2008-03-02 19:07 . 2008-03-15 18:40 244 --ah----- C:\sqmnoopt08.sqm
2008-03-02 18:53 . 2008-03-14 20:52 268 --ah----- C:\sqmdata07.sqm
2008-03-02 18:53 . 2008-03-14 20:52 244 --ah----- C:\sqmnoopt07.sqm
2008-03-02 13:18 . 2008-03-14 18:32 268 --ah----- C:\sqmdata06.sqm
2008-03-02 13:18 . 2008-03-14 18:32 244 --ah----- C:\sqmnoopt06.sqm
2008-03-01 15:12 . 2008-03-04 13:36 <DIR> d-------- C:\Documents and Settings\Annelore\Shared
2008-03-01 15:12 . 2008-03-04 13:37 <DIR> d-------- C:\Documents and Settings\Annelore\Incomplete
2008-03-01 15:10 . 2008-03-26 18:29 <DIR> d-------- C:\Documents and Settings\Annelore\Application Data\LimeWire
2008-03-01 13:09 . 2008-03-27 16:52 268 --ah----- C:\sqmdata05.sqm
2008-03-01 13:09 . 2008-03-27 16:52 244 --ah----- C:\sqmnoopt05.sqm
2008-02-28 18:43 . 2008-03-27 16:36 268 --ah----- C:\sqmdata04.sqm
2008-02-28 18:43 . 2008-03-27 16:36 244 --ah----- C:\sqmnoopt04.sqm
2008-02-27 22:10 . 2008-02-27 22:10 <DIR> d--hs---- C:\Documents and Settings\Annelore\UserData
2008-02-27 21:43 . 2008-03-26 22:48 268 --ah----- C:\sqmdata03.sqm

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-30 14:23 1,295,872 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-03-30 09:56 1,295,360 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-03-30 08:29 1,295,360 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-03-29 17:51 1,271,296 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-03-29 14:56 1,269,760 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-03-29 13:34 1,271,296 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-03-29 09:26 3,252,224 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-03-29 09:26 1,549,824 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-03-29 09:24 1,549,312 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-03-29 08:43 1,549,312 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-03-26 12:45 1,514,496 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-03-22 19:57 8,456,033 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-19 15:17 --------- d-----w C:\Program Files\Java
2008-03-15 12:08 1,452,544 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-03-14 22:10 1,452,032 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-03-11 20:47 4,373,504 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-03-10 17:02 1,415,168 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-03-08 17:10 1,406,976 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-06 11:44 3,182,592 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-05 13:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 13:03 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-20 09:57 9,709,568 ----a-w C:\WINDOWS\RTLCPL.exe
2008-02-20 09:57 86,016 ----a-w C:\WINDOWS\SoundMan.exe
2008-02-20 09:57 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
2008-02-20 09:57 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-02-20 09:57 4,484,608 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-02-20 09:57 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-20 09:57 2,879,488 ----a-w C:\WINDOWS\SkyTel.exe
2008-02-20 09:57 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe
2008-02-20 09:57 2,157,568 ----a-w C:\WINDOWS\MicCal.exe
2008-02-20 09:57 16,125,440 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-02-20 09:57 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
2008-02-20 09:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-19 04:52 --------- d-----w C:\Program Files\Prime95
2008-02-19 04:51 --------- d-----w C:\Program Files\CyberLink
2008-02-19 04:51 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-19 04:51 --------- d-----w C:\Program Files\Ahead
2008-02-19 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-19 03:55 --------- d-----w C:\Program Files\Futuremark
2008-02-19 03:53 --------- d-----w C:\Program Files\Windows Media Components
2008-02-19 03:53 --------- d-----w C:\Program Files\Malicious Software Removal Tool
2008-02-19 03:51 --------- d-----w C:\Program Files\Common Files\Java
2008-02-19 03:34 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((( [email protected]_15.10.21.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-11-04 04:39:49 227,085 ----a-w C:\WINDOWS\Cache\Adobe Reader 6.0.1\NLDMIN\setup.exe
- 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-03-21 16:15:34 23,558 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1043-7646-A00000000001}\ARPPRODUCTICON.exe
- 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2008-02-19 03:51:56 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-19 03:51:56 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-19 03:51:56 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-02-23 11:31:27 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-30 16:58:51 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-02-23 11:31:27 76,582 ----a-w C:\WINDOWS\system32\perfc013.dat
+ 2008-03-30 16:58:51 76,582 ----a-w C:\WINDOWS\system32\perfc013.dat
- 2008-02-23 11:31:27 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-30 16:58:51 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-02-23 11:31:27 455,614 ----a-w C:\WINDOWS\system32\perfh013.dat
+ 2008-03-30 16:58:51 455,614 ----a-w C:\WINDOWS\system32\perfh013.dat
- 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-03-05 18:11 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-13 09:34 8466432]
"nwiz"="nwiz.exe" [2007-07-13 09:34 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-13 09:34 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-20 11:57 16125440 C:\WINDOWS\RTHDCPL.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-20 15:13 579072]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-20 15:12 219136]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
MioSync.lnk - C:\Program Files\Mio Technology\MioSync\mioSync.exe [2008-03-21 18:26:23 647168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-02-20 11:57 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2008-02-20 11:57 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12256:TCP"= 12256:TCP:BitComet 12256 TCP
"12256:UDP"= 12256:UDP:BitComet 12256 UDP
"9190:TCP"= 9190:TCP:BitComet 9190 TCP
"9190:UDP"= 9190:UDP:BitComet 9190 UDP


.
Inhoud van de 'Gedeelde Taken' map
"2008-03-20 17:39:07 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1203529123.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-03-30 19:09:35 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 21:07:02
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Voltooingstijd: 2008-03-30 21:09:51 - machine was rebooted [gebruiker]
ComboFix-quarantined-files.txt 2008-03-30 19:09:47
ComboFix2.txt 2008-03-28 16:50:11
ComboFix3.txt 2008-03-19 14:10:39
Pre-Run: 28,855,959,552 bytes beschikbaar
Post-Run: 28,842,573,824 bytes beschikbaar
.
2008-03-28 11:23:04 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:30, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\gebruiker\Bureaublad\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WLCtrl32 - WLCtrl32.dll (file missing)
O21 - SSODL: CheckSrv - {e4537eee-35c6-49d8-8054-8befa62713a2} - (no file)
O21 - SSODL: zip - {b8975304-c0b1-4e60-bf83-f418f4564b9c} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7080 bytes


PC werkt terug sneller. Ondertussen ook alle oude herstelpunten verwijderd. Er worden nog steeds enkele trojans tegengehouden door AVG.
Een probleem dat ongeveer op hetzelfde tijdstip ondstond maar allicht een andere oorzaak kent : beeldscherm wordt niet geactiveerd of soms na zeer lange tijd. Er komt ook een "runtime error" bij elke opstart.

Bedankt voor de raadgevingen en het geduld.

Groeten
Piet

Zet aub de Windows Defender Real Time Protection uit omdat het de fix kan verstoren. Om het uit te zetten:

• Open Windows Defender
  Klik Tool
  Klik General Settings
  Scroll naar Real Time Protection Options
  Haal het vinkje weg bij Turn on Real Time Protection (recommended)
  Klik Save
  Sluit Windows Defender

Als je log schoon is kan je het weer aanzetten.

Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O20 - Winlogon Notify: WLCtrl32 - WLCtrl32.dll (file missing)
O21 - SSODL: CheckSrv - {e4537eee-35c6-49d8-8054-8befa62713a2} - (no file)
O21 - SSODL: zip - {b8975304-c0b1-4e60-bf83-f418f4564b9c} - (no file)

Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

* Clean de Cache and Cookies in IE:

* Sluit Internet Explorer.
* Ga naar Configuratiescherm > Internet Opties > tab Algemeen
* Klik de Cookies verwijderen knop
* Klik op de Bestanden verwijderen knop ernaast
* Vink aan: Ook alle off line items verwijderen, klik OK

* Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):

* Go to Extra > Opties.
* Klik Privacy in het menu.
* Klik op de knop wissen (Geschiedenis, Cookies, Cache).
* Klik OK om het venster opnieuw te sluiten.

* Clean andere Temporary files + Prullenbak

* Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
* Laat het je systeem scannen op bestanden die moeten verwijderd worden
* Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
* Klik daarna op OK.


Update vervolgens Avg, laat deze een volledige systeem scan doen en laat verwijderen wat gevonden worden.
Kijk of er nog steeds iets wordt geblokkeert, zoja, vermeldt de exacte locatie ervan even.

Nog problemen verder?

Laatste ingreep

Beste Pimmerd,

We naderen het einde. Vandaag uw laatste suggestie uitgevoerd.
Bij de laatste AVG scan waren drie detecties in het "system volume information", door AVG gedeleted. Nogmaals herstelpunten opgeruimd en nieuw aangemaakt.
Verdere vermelding:
C:/Windows/system32/kernel32.dll
C:/Windows/system32/ntoskrnl.exe
C:/Windows/system32/drivers/etc/hosts

Bij alle drie de vermelding status change /change

Zonder tegenbericht van jou sluit ik de thread af.
Nogmaals hartelijk dank en misschien tot later

Groeten

Piet

Als dat allemaal nog in systeemherstel wordt gevonden en je deze hebt verwijderd is weer schoon, ondervindt je zelf nog problemen?

Deinstalleer Combofix:
Ga naar start --> uitvoeren en typ daar: combofix /u
Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.