Mededeling

Collapse
No announcement yet.

Virusbesmetting

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Virusbesmetting

    Graag help en advies! Traag internet explorer en spontane verandering van webadres. Alle virusscans verwijderen veel maar de besmetting komt terug. Onder andere c:bot.exe en enkele invoegtoepassingen op IE

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:52:43, on 12/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\yhojy.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\gebruiker\Bureaublad\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [BMd3f5e808] Rundll32.exe "C:\WINDOWS\system32\fjikrwue.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WintelUpdate] C:\yhojy.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O21 - SSODL: CheckSrv - {e4537eee-35c6-49d8-8054-8befa62713a2} - (no file)
    O21 - SSODL: zip - {b8975304-c0b1-4e60-bf83-f418f4564b9c} - (no file)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Windows services (WinSecur05) - Unknown owner - C:\WINDOWS\system32\Microsoft\svchost.exe

    --
    End of file - 6577 bytes

  • #2
    Volg deze instructies om ComboFix te downloaden:
    • Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console
      Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

      OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
      schakel dan deze scanner uit en download Combofix opnieuw.
      Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
      • Dubbelklik op Combofix.exe
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.


      Plaats deze log in je volgende post, samen met een vers HijackThis logje.
    Groet,
    Pimmerd

    Comment


    • #3
      Beste
      Dank voor de snelle reactie. Daar het niet om mijn eigen computer gaat maar deze van de kleinkinderen, zal ik uw raadgeving slechts binnen enkele dagen kunnen uitvoeren. Ik meld me dan opnieuw met het resultaat.
      Tot dan

      Piet

      Comment


      • #4
        Ik zie je antwoord wel verschijnen Piet
        Groet,
        Pimmerd

        Comment


        • #5
          combofix

          Hallo
          Vandaag Combofix toegepast. Hierna log en hijacklog
          ComboFix 08-03-14.4 - gebruiker 2008-03-19 15:04:00.1 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.563 [GMT 1:00]
          Gestart vanuit: I:\ComboFix.exe
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\BMd3f5e808.xml
          C:\WINDOWS\pskt.ini
          C:\WINDOWS\system\tap64drv
          C:\WINDOWS\system32\awtrqnl.dll
          C:\WINDOWS\system32\drvrasr.dll
          C:\WINDOWS\system32\fhhkj.ini
          C:\WINDOWS\system32\fhhkj.ini2
          C:\WINDOWS\system32\nqtwa.ini
          C:\WINDOWS\system32\nqtwa.ini2
          C:\WINDOWS\system32\qqstv.ini
          C:\WINDOWS\system32\qqstv.ini2
          C:\WINDOWS\system32\ttvwa.ini
          C:\WINDOWS\system32\ttvwa.ini2
          C:\WINDOWS\system32\wvvwa.ini
          C:\WINDOWS\system32\wvvwa.ini2
          C:\WINDOWS\system32\yccdd.ini
          C:\WINDOWS\system32\yccdd.ini2

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          -------\LEGACY_NTMLSVC
          -------\LEGACY_RUNTIME
          -------\NtmlSvc
          -------\tap64drv


          (((((((((((((((((((( Bestanden Gemaakt van 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))
          .

          2008-03-19 15:08 . 2008-03-19 15:08 7,168 --a------ C:\WINDOWS\system32\WLCtrl32.dll
          2008-03-19 14:34 . 2008-03-19 14:57 <DIR> dr-h----- C:\Documents and Settings\gebruiker\Onlangs geopend
          2008-03-12 18:11 . 2008-03-12 18:11 0 --a------ C:\WINDOWS\nsreg.dat
          2008-03-12 18:09 . 2008-03-12 18:09 127 --a------ C:\WINDOWS\system32\MRT.INI
          2008-03-12 17:13 . 2008-03-12 17:13 <DIR> d-------- C:\Program Files\CCleaner
          2008-03-12 16:59 . 2008-03-12 16:59 38,400 --a------ C:\WINDOWS\system32\n
          2008-03-12 15:32 . 2008-03-12 15:37 <DIR> d-------- C:\Program Files\RegistryFix
          2008-03-08 13:48 . 2008-03-08 13:48 268 --ah----- C:\sqmdata19.sqm
          2008-03-08 13:48 . 2008-03-08 13:48 244 --ah----- C:\sqmnoopt19.sqm
          2008-03-08 12:06 . 2008-03-08 12:06 268 --ah----- C:\sqmdata18.sqm
          2008-03-08 12:06 . 2008-03-08 12:06 244 --ah----- C:\sqmnoopt18.sqm
          2008-03-08 00:55 . 2008-03-08 00:55 268 --ah----- C:\sqmdata17.sqm
          2008-03-08 00:55 . 2008-03-08 00:55 244 --ah----- C:\sqmnoopt17.sqm
          2008-03-07 22:36 . 2008-03-07 22:36 268 --ah----- C:\sqmdata16.sqm
          2008-03-07 22:36 . 2008-03-07 22:36 244 --ah----- C:\sqmnoopt16.sqm
          2008-03-07 20:55 . 2008-03-07 20:55 268 --ah----- C:\sqmdata15.sqm
          2008-03-07 20:55 . 2008-03-07 20:55 244 --ah----- C:\sqmnoopt15.sqm
          2008-03-06 19:52 . 2008-03-06 19:52 268 --ah----- C:\sqmdata14.sqm
          2008-03-06 19:52 . 2008-03-06 19:52 244 --ah----- C:\sqmnoopt14.sqm
          2008-03-06 19:43 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
          2008-03-06 19:07 . 2008-03-06 19:07 268 --ah----- C:\sqmdata13.sqm
          2008-03-06 19:07 . 2008-03-06 19:07 244 --ah----- C:\sqmnoopt13.sqm
          2008-03-06 17:56 . 2008-03-06 17:56 268 --ah----- C:\sqmdata12.sqm
          2008-03-06 17:56 . 2008-03-06 17:56 244 --ah----- C:\sqmnoopt12.sqm
          2008-03-06 16:35 . 2008-03-18 18:38 268 --ah----- C:\sqmdata11.sqm
          2008-03-06 16:35 . 2008-03-18 18:38 244 --ah----- C:\sqmnoopt11.sqm
          2008-03-05 18:48 . 2008-03-10 16:49 <DIR> d-------- C:\Downloads
          2008-03-05 18:41 . 2008-03-11 21:48 <DIR> d-------- C:\Program Files\BitComet
          2008-03-05 18:10 . 2008-03-05 18:15 <DIR> d-------- C:\WINDOWS\system32\nl-nl
          2008-03-05 18:03 . 2007-12-07 03:18 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
          2008-03-05 18:03 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
          2008-03-05 18:03 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
          2008-03-05 18:03 . 2007-12-07 03:18 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
          2008-03-05 18:03 . 2007-12-07 03:18 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
          2008-03-05 18:03 . 2007-12-07 03:18 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
          2008-03-05 18:03 . 2007-12-07 03:18 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
          2008-03-05 18:03 . 2007-12-07 03:18 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
          2008-03-05 18:03 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
          2008-03-05 17:14 . 2008-03-19 15:07 26,290,208 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
          2008-03-05 17:14 . 2008-03-19 15:07 300,608 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
          2008-03-05 17:13 . 2008-03-05 17:12 2,832,997 --a------ C:\WINDOWS\system32\fdxhelzg.xml
          2008-03-05 17:13 . 2008-03-05 17:12 2,832,997 --a------ C:\WINDOWS\system32\erpojohy.xml
          2008-03-05 17:12 . 2008-03-05 17:12 2,832,997 --a------ C:\WINDOWS\system32\vjxhovgy.xml
          2008-03-05 17:11 . 2008-03-05 17:11 <DIR> d-------- C:\Program Files\ZoneAlarmSB
          2008-03-05 17:08 . 2008-03-05 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
          2008-03-05 17:08 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
          2008-03-05 17:08 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
          2008-03-05 17:08 . 2008-03-05 17:11 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
          2008-03-05 17:06 . 2008-03-05 17:06 <DIR> d-------- C:\Program Files\Zone Labs
          2008-03-05 17:05 . 2008-03-19 15:08 <DIR> d-------- C:\WINDOWS\Internet Logs
          2008-03-05 16:50 . 2008-03-05 16:50 <DIR> d-------- C:\Program Files\Windows Defender
          2008-03-05 14:50 . 2008-03-05 14:50 <DIR> d-------- C:\Program Files\GameSpy Arcade
          2008-03-05 14:39 . 2008-03-05 14:39 <DIR> d-------- C:\Program Files\The Creative Assembly
          2008-03-05 13:14 . 2008-03-18 18:06 268 --ah----- C:\sqmdata10.sqm
          2008-03-05 13:14 . 2008-03-18 18:06 244 --ah----- C:\sqmnoopt10.sqm
          2008-03-05 13:13 . 2008-03-05 13:12 2,832,997 --a------ C:\WINDOWS\system32\vvwywash.xml
          2008-03-04 20:57 . 2008-03-04 20:56 2,832,997 --a------ C:\WINDOWS\system32\slappwhi.xml
          2008-03-04 19:50 . 2008-03-04 19:50 <DIR> d-------- C:\Documents and Settings\_piekie_\Application Data\Macromedia
          2008-03-04 19:45 . 2008-03-04 19:45 <DIR> d-------- C:\Documents and Settings\_piekie_\Application Data\AVG7
          2008-03-04 19:44 . 2008-02-19 04:26 <DIR> d--h----- C:\Documents and Settings\_piekie_\Sjablonen
          2008-03-04 19:44 . 2008-03-04 19:44 <DIR> dr-h----- C:\Documents and Settings\_piekie_\SendTo
          2008-03-04 19:44 . 2008-03-04 19:45 <DIR> dr-h----- C:\Documents and Settings\_piekie_\Onlangs geopend
          2008-03-04 19:44 . 2008-02-19 05:22 <DIR> d--h----- C:\Documents and Settings\_piekie_\Netwerkprinteromgeving
          2008-03-04 19:44 . 2008-02-19 05:22 <DIR> d--h----- C:\Documents and Settings\_piekie_\NetHood
          2008-03-04 19:44 . 2008-03-07 15:41 <DIR> dr------- C:\Documents and Settings\_piekie_\Mijn documenten
          2008-03-04 19:44 . 2008-02-19 05:22 <DIR> dr------- C:\Documents and Settings\_piekie_\Menu Start
          2008-03-04 19:44 . 2008-03-19 15:06 <DIR> d--h----- C:\Documents and Settings\_piekie_\Local Settings
          2008-03-04 19:44 . 2008-03-07 15:39 <DIR> dr------- C:\Documents and Settings\_piekie_\Favorieten
          2008-03-04 19:44 . 2008-03-07 15:42 <DIR> d--hs---- C:\Documents and Settings\_piekie_\Cookies
          2008-03-04 19:44 . 2008-02-19 05:22 <DIR> d-------- C:\Documents and Settings\_piekie_\Bureaublad
          2008-03-04 19:44 . 2008-03-05 14:39 <DIR> d---s---- C:\Documents and Settings\_piekie_\Application Data\Microsoft
          2008-03-04 19:44 . 2008-03-04 19:44 <DIR> d-------- C:\Documents and Settings\_piekie_\Application Data\Identities
          2008-03-04 19:44 . 2008-03-04 19:45 <DIR> dr-h----- C:\Documents and Settings\_piekie_\Application Data
          2008-03-04 19:44 . 2008-03-12 18:09 786,432 --ah----- C:\Documents and Settings\_piekie_\NTUSER.DAT
          2008-03-04 17:55 . 2008-03-04 17:50 2,832,997 --a------ C:\WINDOWS\system32\fshtkvuc.xml
          2008-03-04 12:40 . 2008-03-05 18:55 <DIR> d-------- C:\Program Files\LimeWire
          2008-03-04 12:34 . 2008-03-04 12:33 2,832,980 --a------ C:\WINDOWS\system32\bwqslrqe.xml
          2008-03-04 07:44 . 2008-03-04 07:39 2,832,980 --a------ C:\WINDOWS\system32\qaumchlu.xml
          2008-03-03 22:07 . 2008-03-03 22:05 2,832,980 --a------ C:\WINDOWS\system32\hwhhindf.xml
          2008-03-03 18:18 . 2008-03-05 18:48 2,833,048 --a------ C:\WINDOWS\system32\nuukctjq.xml
          2008-03-02 18:29 . 2008-03-17 18:06 268 --ah----- C:\sqmdata09.sqm
          2008-03-02 18:29 . 2008-03-17 18:06 244 --ah----- C:\sqmnoopt09.sqm
          2008-03-02 18:07 . 2008-03-15 17:40 268 --ah----- C:\sqmdata08.sqm
          2008-03-02 18:07 . 2008-03-15 17:40 244 --ah----- C:\sqmnoopt08.sqm
          2008-03-02 17:53 . 2008-03-14 19:52 268 --ah----- C:\sqmdata07.sqm
          2008-03-02 17:53 . 2008-03-14 19:52 244 --ah----- C:\sqmnoopt07.sqm
          2008-03-02 12:18 . 2008-03-14 17:32 268 --ah----- C:\sqmdata06.sqm
          2008-03-02 12:18 . 2008-03-14 17:32 244 --ah----- C:\sqmnoopt06.sqm
          2008-03-01 14:12 . 2008-03-04 12:36 <DIR> d-------- C:\Documents and Settings\Annelore\Shared
          2008-03-01 14:12 . 2008-03-04 12:37 <DIR> d-------- C:\Documents and Settings\Annelore\Incomplete
          2008-03-01 14:10 . 2008-03-04 12:52 <DIR> d-------- C:\Documents and Settings\Annelore\Application Data\LimeWire
          2008-03-01 12:09 . 2008-03-12 20:58 268 --ah----- C:\sqmdata05.sqm
          2008-03-01 12:09 . 2008-03-12 20:58 244 --ah----- C:\sqmnoopt05.sqm
          2008-02-28 17:43 . 2008-03-12 12:47 268 --ah----- C:\sqmdata04.sqm
          2008-02-28 17:43 . 2008-03-12 12:47 244 --ah----- C:\sqmnoopt04.sqm
          2008-02-27 21:10 . 2008-02-27 21:10 <DIR> d--hs---- C:\Documents and Settings\Annelore\UserData
          2008-02-27 20:43 . 2008-03-09 17:18 268 --ah----- C:\sqmdata03.sqm
          2008-02-27 20:43 . 2008-03-09 17:18 244 --ah----- C:\sqmnoopt03.sqm
          2008-02-27 16:55 . 2008-03-19 14:45 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
          2008-02-27 16:42 . 2008-02-27 16:42 <DIR> d-------- C:\Documents and Settings\gebruiker\Application Data\Uniblue

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-03-19 13:08 7,999,408 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
          2008-03-15 12:08 1,452,544 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
          2008-03-14 22:10 1,452,032 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
          2008-03-11 20:47 4,373,504 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
          2008-03-10 17:02 1,415,168 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
          2008-03-08 17:10 1,406,976 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
          2008-03-06 11:44 3,182,592 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
          2008-03-05 13:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-02-20 13:21 12,288 ----a-w C:\Program Files\Common Files\main.ini
          2008-02-20 13:03 --------- d-----w C:\Program Files\microsoft frontpage
          2008-02-20 09:57 9,709,568 ----a-w C:\WINDOWS\RTLCPL.exe
          2008-02-20 09:57 86,016 ----a-w C:\WINDOWS\SoundMan.exe
          2008-02-20 09:57 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
          2008-02-20 09:57 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
          2008-02-20 09:57 4,484,608 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
          2008-02-20 09:57 315,392 ----a-w C:\WINDOWS\HideWin.exe
          2008-02-20 09:57 2,879,488 ----a-w C:\WINDOWS\SkyTel.exe
          2008-02-20 09:57 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe
          2008-02-20 09:57 2,157,568 ----a-w C:\WINDOWS\MicCal.exe
          2008-02-20 09:57 16,125,440 ----a-w C:\WINDOWS\RTHDCPL.exe
          2008-02-20 09:57 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
          2008-02-20 09:57 --------- d-----w C:\Program Files\Common Files\InstallShield
          2008-02-19 04:52 --------- d-----w C:\Program Files\Prime95
          2008-02-19 04:51 --------- d-----w C:\Program Files\CyberLink
          2008-02-19 04:51 --------- d-----w C:\Program Files\Common Files\Ahead
          2008-02-19 04:51 --------- d-----w C:\Program Files\Ahead
          2008-02-19 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
          2008-02-19 03:55 --------- d-----w C:\Program Files\Futuremark
          2008-02-19 03:53 --------- d-----w C:\Program Files\Windows Media Components
          2008-02-19 03:53 --------- d-----w C:\Program Files\Malicious Software Removal Tool
          2008-02-19 03:51 --------- d-----w C:\Program Files\Java
          2008-02-19 03:51 --------- d-----w C:\Program Files\Common Files\Java
          2008-02-19 03:34 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
          2008-02-13 08:34 100,736 ----a-w C:\WINDOWS\system32\drivers\nvatabus.sys
          2008-02-01 10:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
          2008-03-05 17:11 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
          "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-03-05 17:11 262144]

          [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
          "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-03-05 17:11 262144]

          [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-13 08:34 8466432]
          "nwiz"="nwiz.exe" [2007-07-13 08:34 1626112 C:\WINDOWS\system32\nwiz.exe]
          "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-13 08:34 81920]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-02-19 04:51 77824]
          "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
          "RTHDCPL"="RTHDCPL.EXE" [2008-02-20 10:57 16125440 C:\WINDOWS\RTHDCPL.exe]
          "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-20 14:13 579072]
          "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
          "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
          "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-20 14:12 219136]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
          "nltide3"="cmd.exe" [2004-08-04 12:00 399360 C:\WINDOWS\system32\cmd.exe]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]
          hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdbxy]
          iifdbxy.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winuqw32]
          winuqw32.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
          WLCtrl32.dll 2008-03-19 15:08 7168 C:\WINDOWS\system32\WLCtrl32.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
          --a------ 2008-02-20 10:57 69632 C:\WINDOWS\Alcmtr.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
          --a------ 2008-02-20 10:57 2879488 C:\WINDOWS\SkyTel.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
          C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WintelUpdate]
          --a------ 2008-02-20 20:02 52236 C:\yhojy.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\security center]
          "FirewallOverride"=dword:00000001

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
          "DisableMonitoring"=dword:00000001

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
          "EnableFirewall"= 0 (0x0)

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
          "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
          "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
          "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
          "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
          "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
          "C:\\Program Files\\LimeWire\\LimeWire.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
          "12256:TCP"= 12256:TCP:BitComet 12256 TCP
          "12256:UDP"= 12256:UDP:BitComet 12256 UDP
          "9190:TCP"= 9190:TCP:BitComet 9190 TCP
          "9190:UDP"= 9190:UDP:BitComet 9190 UDP

          R0 Msy28;Msy28;C:\WINDOWS\system32\Drivers\Msy28.sys [2008-02-20 14:21]
          R2 WinSecur05;Windows services ;C:\WINDOWS\system32\Microsoft\svchost.exe [2008-02-20 14:21]

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-02-20 17:39:54 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1203529123.job"
          - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
          "2008-03-19 13:11:17 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
          - C:\Program Files\Windows Defender\MpCmdRun.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-03-19 15:08:45
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Program Files\Windows Defender\MsMpEng.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-03-19 15:10:38 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-03-19 14:10:34
          .
          2008-03-19 09:03:00 --- E O F ---

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 15:19:29, on 19/03/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16608)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Windows Defender\MsMpEng.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\ZoneLabs\vsmon.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\Program Files\Java\jre1.6.0\bin\jusched.exe
          C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
          C:\WINDOWS\RTHDCPL.EXE
          C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
          C:\Program Files\Windows Defender\MSASCui.exe
          C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
          C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
          C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
          C:\WINDOWS\explorer.exe
          C:\WINDOWS\system32\notepad.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
          C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
          C:\Documents and Settings\gebruiker\Bureaublad\HiJackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
          O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
          O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
          O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
          O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
          O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
          O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
          O4 - Global Startup: hp psc 1000 series.lnk = ?
          O4 - Global Startup: hpoddt01.exe.lnk = ?
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
          O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
          O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O20 - Winlogon Notify: iifdbxy - iifdbxy.dll (file missing)
          O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)
          O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
          O21 - SSODL: CheckSrv - {e4537eee-35c6-49d8-8054-8befa62713a2} - (no file)
          O21 - SSODL: zip - {b8975304-c0b1-4e60-bf83-f418f4564b9c} - (no file)
          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
          O23 - Service: Windows services (WinSecur05) - Unknown owner - C:\WINDOWS\system32\Microsoft\svchost.exe

          --
          End of file - 6776 bytes

          Alvast dank voor de tip. Hopelijk loopt alles nu beter

          Piet

          Comment


          • #6
            Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

            File::
            C:\WINDOWS\system32\WLCtrl32.dll
            C:\WINDOWS\system32\vjxhovgy.xml
            C:\WINDOWS\system32\fdxhelzg.xml
            C:\WINDOWS\system32\erpojohy.xml
            C:\WINDOWS\system32\slappwhi.xml
            C:\WINDOWS\system32\vvwywash.xml
            C:\WINDOWS\system32\fshtkvuc.xml
            C:\WINDOWS\system32\bwqslrqe.xml
            C:\WINDOWS\system32\qaumchlu.xml
            C:\WINDOWS\system32\hwhhindf.xml
            C:\WINDOWS\system32\nuukctjq.xml
            C:\WINDOWS\system32\WLCtrl32.dll
            C:\yhojy.exe

            Registry::
            [-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
            [-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
            "nltide3"=-
            [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdbxy]
            [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winuqw32]
            [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WintelUpdate]
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\currentVersion\Explorer\SharedTaskScheduler]
            "e4537eee-35c6-49d8-8054-8befa62713a2"=-
            "b8975304-c0b1-4e60-bf83-f418f4564b9c"=-

            Driver::
            Msy28
            WinSecur05

            Sla dit op op je Bureaublad als CFScript.txt

            Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



            Dit zal ComboFix doen herstarten.
            Start opnieuw op als daarom gevraagd wordt,
            en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
            Groet,
            Pimmerd

            Comment


            • #7
              Hallo,

              Zal het nodige doen bij eerstkomend bezoek. Tot dan
              Groeten
              Piet

              Comment


              • #8
                Ik zie je antwoord wel tegemoet Piet.
                Succes.
                Groet,
                Pimmerd

                Comment


                • #9
                  Laatste ingreep heeft nog niet plaats gevonden, allicht vandaag of in weekend. Nog even geduld a.u.b.

                  Comment


                  • #10
                    Prima Piet
                    Groet,
                    Pimmerd

                    Comment


                    • #11
                      Laatste Combofix

                      Ziehier de twee logs na uitvoering van de CFscript.

                      ComboFix 08-03-26.3 - gebruiker 2008-03-30 21:02:00.3 - NTFSx86
                      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.482 [GMT 2:00]
                      Gestart vanuit: C:\Documents and Settings\gebruiker\Bureaublad\ComboFix.exe
                      Command switches used :: C:\Documents and Settings\gebruiker\Bureaublad\CFScript.txt
                      * Nieuw herstelpunt werd aangemaakt

                      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

                      FILE ::
                      C:\WINDOWS\system32\bwqslrqe.xml
                      C:\WINDOWS\system32\erpojohy.xml
                      C:\WINDOWS\system32\fdxhelzg.xml
                      C:\WINDOWS\system32\fshtkvuc.xml
                      C:\WINDOWS\system32\hwhhindf.xml
                      C:\WINDOWS\system32\nuukctjq.xml
                      C:\WINDOWS\system32\qaumchlu.xml
                      C:\WINDOWS\system32\slappwhi.xml
                      C:\WINDOWS\system32\vjxhovgy.xml
                      C:\WINDOWS\system32\vvwywash.xml
                      C:\WINDOWS\system32\WLCtrl32.dll
                      C:\yhojy.exe
                      .
                      TimedOut: Windir.dat

                      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                      .

                      C:\WINDOWS\system32\bwqslrqe.xml
                      C:\WINDOWS\system32\erpojohy.xml
                      C:\WINDOWS\system32\fdxhelzg.xml
                      C:\WINDOWS\system32\fshtkvuc.xml
                      C:\WINDOWS\system32\hwhhindf.xml
                      C:\WINDOWS\system32\nuukctjq.xml
                      C:\WINDOWS\system32\qaumchlu.xml
                      C:\WINDOWS\system32\slappwhi.xml
                      C:\WINDOWS\system32\vjxhovgy.xml
                      C:\WINDOWS\system32\vvwywash.xml
                      C:\WINDOWS\system32\WLCtrl32.dll
                      C:\yhojy.exe

                      .
                      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
                      .

                      -------\Legacy_MSY28
                      -------\Legacy_WINSECUR05
                      -------\Service_Msy28
                      -------\Service_WinSecur05


                      (((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))
                      .

                      2008-03-26 18:28 . 2008-03-26 18:28 <DIR> d-------- C:\Program Files\DNA
                      2008-03-26 18:28 . 2008-03-26 18:28 <DIR> d-------- C:\Program Files\BitTorrent
                      2008-03-26 18:28 . 2008-03-27 23:42 <DIR> d-------- C:\Documents and Settings\Annelore\Application Data\DNA
                      2008-03-26 18:28 . 2008-03-26 18:43 <DIR> d-------- C:\Documents and Settings\Annelore\Application Data\BitTorrent
                      2008-03-26 18:19 . 2008-03-26 18:19 <DIR> d-------- C:\Documents and Settings\gebruiker\Application Data\AdobeUM
                      2008-03-21 18:26 . 2008-03-21 18:26 <DIR> d-------- C:\Program Files\Mio Technology
                      2008-03-21 18:16 . 2008-03-21 18:16 <DIR> d-------- C:\Documents and Settings\Annelore\Application Data\AdobeUM
                      2008-03-21 18:15 . 2008-03-21 18:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
                      2008-03-21 18:13 . 2008-03-21 18:13 <DIR> d-------- C:\WINDOWS\Cache
                      2008-03-21 16:35 . 2008-03-21 16:35 <DIR> d-------- C:\WINDOWS\Sun
                      2008-03-21 15:12 . 2001-08-17 22:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
                      2008-03-21 15:12 . 2001-08-17 22:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
                      2008-03-19 18:12 . 2008-03-19 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
                      2008-03-19 18:04 . 2008-03-27 23:23 69 --a------ C:\WINDOWS\NeroDigital.ini
                      2008-03-19 17:17 . 2008-03-20 16:51 <DIR> d-------- C:\Program Files\Google
                      2008-03-19 15:34 . 2008-03-29 21:59 <DIR> dr-h----- C:\Documents and Settings\gebruiker\Onlangs geopend
                      2008-03-12 19:11 . 2008-03-12 19:11 0 --a------ C:\WINDOWS\nsreg.dat
                      2008-03-12 19:09 . 2008-03-12 19:09 127 --a------ C:\WINDOWS\system32\MRT.INI
                      2008-03-12 18:13 . 2008-03-12 18:13 <DIR> d-------- C:\Program Files\CCleaner
                      2008-03-12 16:32 . 2008-03-12 16:37 <DIR> d-------- C:\Program Files\RegistryFix
                      2008-03-08 14:48 . 2008-03-25 19:12 268 --ah----- C:\sqmdata19.sqm
                      2008-03-08 14:48 . 2008-03-25 19:12 244 --ah----- C:\sqmnoopt19.sqm
                      2008-03-08 13:06 . 2008-03-25 15:22 268 --ah----- C:\sqmdata18.sqm
                      2008-03-08 13:06 . 2008-03-25 15:22 244 --ah----- C:\sqmnoopt18.sqm
                      2008-03-08 01:55 . 2008-03-24 13:53 268 --ah----- C:\sqmdata17.sqm
                      2008-03-08 01:55 . 2008-03-24 13:53 244 --ah----- C:\sqmnoopt17.sqm
                      2008-03-07 23:36 . 2008-03-22 22:00 268 --ah----- C:\sqmdata16.sqm
                      2008-03-07 23:36 . 2008-03-22 22:00 244 --ah----- C:\sqmnoopt16.sqm
                      2008-03-07 21:55 . 2008-03-22 21:28 268 --ah----- C:\sqmdata15.sqm
                      2008-03-07 21:55 . 2008-03-22 21:28 244 --ah----- C:\sqmnoopt15.sqm
                      2008-03-06 20:52 . 2008-03-22 12:21 268 --ah----- C:\sqmdata14.sqm
                      2008-03-06 20:52 . 2008-03-22 12:21 244 --ah----- C:\sqmnoopt14.sqm
                      2008-03-06 20:43 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
                      2008-03-06 20:07 . 2008-03-20 13:45 268 --ah----- C:\sqmdata13.sqm
                      2008-03-06 20:07 . 2008-03-20 13:45 244 --ah----- C:\sqmnoopt13.sqm
                      2008-03-06 18:56 . 2008-03-20 12:09 268 --ah----- C:\sqmdata12.sqm
                      2008-03-06 18:56 . 2008-03-20 12:09 244 --ah----- C:\sqmnoopt12.sqm
                      2008-03-06 17:35 . 2008-03-18 19:38 268 --ah----- C:\sqmdata11.sqm
                      2008-03-06 17:35 . 2008-03-18 19:38 244 --ah----- C:\sqmnoopt11.sqm
                      2008-03-05 19:48 . 2008-03-10 17:49 <DIR> d-------- C:\Downloads
                      2008-03-05 19:41 . 2008-03-11 22:48 <DIR> d-------- C:\Program Files\BitComet
                      2008-03-05 19:10 . 2008-03-05 19:15 <DIR> d-------- C:\WINDOWS\system32\nl-nl
                      2008-03-05 19:03 . 2007-12-07 04:18 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
                      2008-03-05 19:03 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
                      2008-03-05 19:03 . 2007-07-01 05:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
                      2008-03-05 19:03 . 2007-12-07 04:18 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
                      2008-03-05 19:03 . 2007-12-07 04:18 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
                      2008-03-05 19:03 . 2007-12-07 04:18 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
                      2008-03-05 19:03 . 2007-12-07 04:18 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
                      2008-03-05 19:03 . 2007-12-07 04:18 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
                      2008-03-05 19:03 . 2007-12-06 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
                      2008-03-05 18:14 . 2008-03-30 21:05 47,519,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
                      2008-03-05 18:14 . 2008-03-30 21:05 547,028 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
                      2008-03-05 18:11 . 2008-03-05 18:11 <DIR> d-------- C:\Program Files\ZoneAlarmSB
                      2008-03-05 18:08 . 2008-03-05 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
                      2008-03-05 18:08 . 2007-11-14 17:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
                      2008-03-05 18:08 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
                      2008-03-05 18:08 . 2008-03-05 18:11 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
                      2008-03-05 18:06 . 2008-03-05 18:06 <DIR> d-------- C:\Program Files\Zone Labs
                      2008-03-05 18:05 . 2008-03-30 20:52 <DIR> d-------- C:\WINDOWS\Internet Logs
                      2008-03-05 17:50 . 2008-03-05 17:50 <DIR> d-------- C:\Program Files\Windows Defender
                      2008-03-05 15:50 . 2008-03-05 15:50 <DIR> d-------- C:\Program Files\GameSpy Arcade
                      2008-03-05 15:39 . 2008-03-05 15:39 <DIR> d-------- C:\Program Files\The Creative Assembly
                      2008-03-05 14:14 . 2008-03-18 19:06 268 --ah----- C:\sqmdata10.sqm
                      2008-03-05 14:14 . 2008-03-18 19:06 244 --ah----- C:\sqmnoopt10.sqm
                      2008-03-04 20:50 . 2008-03-04 20:50 <DIR> d-------- C:\Documents and Settings\_piekie_\Application Data\Macromedia
                      2008-03-04 20:45 . 2008-03-04 20:45 <DIR> d-------- C:\Documents and Settings\_piekie_\Application Data\AVG7
                      2008-03-04 20:44 . 2008-02-19 05:26 <DIR> d--h----- C:\Documents and Settings\_piekie_\Sjablonen
                      2008-03-04 20:44 . 2008-03-04 20:44 <DIR> dr-h----- C:\Documents and Settings\_piekie_\SendTo
                      2008-03-04 20:44 . 2008-03-04 20:45 <DIR> dr-h----- C:\Documents and Settings\_piekie_\Onlangs geopend
                      2008-03-04 20:44 . 2008-02-19 06:22 <DIR> d--h----- C:\Documents and Settings\_piekie_\Netwerkprinteromgeving
                      2008-03-04 20:44 . 2008-02-19 06:22 <DIR> d--h----- C:\Documents and Settings\_piekie_\NetHood
                      2008-03-04 20:44 . 2008-03-07 16:41 <DIR> dr------- C:\Documents and Settings\_piekie_\Mijn documenten
                      2008-03-04 20:44 . 2008-02-19 06:22 <DIR> dr------- C:\Documents and Settings\_piekie_\Menu Start
                      2008-03-04 20:44 . 2008-03-28 18:50 <DIR> d--h----- C:\Documents and Settings\_piekie_\Local Settings
                      2008-03-04 20:44 . 2008-03-07 16:39 <DIR> dr------- C:\Documents and Settings\_piekie_\Favorieten
                      2008-03-04 20:44 . 2008-03-07 16:42 <DIR> d--hs---- C:\Documents and Settings\_piekie_\Cookies
                      2008-03-04 20:44 . 2008-02-19 06:22 <DIR> d-------- C:\Documents and Settings\_piekie_\Bureaublad
                      2008-03-04 20:44 . 2008-03-05 15:39 <DIR> d---s---- C:\Documents and Settings\_piekie_\Application Data\Microsoft
                      2008-03-04 20:44 . 2008-03-04 20:44 <DIR> d-------- C:\Documents and Settings\_piekie_\Application Data\Identities
                      2008-03-04 20:44 . 2008-03-27 20:56 <DIR> dr-h----- C:\Documents and Settings\_piekie_\Application Data
                      2008-03-04 20:44 . 2008-03-27 20:56 786,432 --ah----- C:\Documents and Settings\_piekie_\NTUSER.DAT
                      2008-03-04 13:40 . 2008-03-26 18:30 <DIR> d-------- C:\Program Files\LimeWire
                      2008-03-02 19:29 . 2008-03-17 19:06 268 --ah----- C:\sqmdata09.sqm
                      2008-03-02 19:29 . 2008-03-17 19:06 244 --ah----- C:\sqmnoopt09.sqm
                      2008-03-02 19:07 . 2008-03-15 18:40 268 --ah----- C:\sqmdata08.sqm
                      2008-03-02 19:07 . 2008-03-15 18:40 244 --ah----- C:\sqmnoopt08.sqm
                      2008-03-02 18:53 . 2008-03-14 20:52 268 --ah----- C:\sqmdata07.sqm
                      2008-03-02 18:53 . 2008-03-14 20:52 244 --ah----- C:\sqmnoopt07.sqm
                      2008-03-02 13:18 . 2008-03-14 18:32 268 --ah----- C:\sqmdata06.sqm
                      2008-03-02 13:18 . 2008-03-14 18:32 244 --ah----- C:\sqmnoopt06.sqm
                      2008-03-01 15:12 . 2008-03-04 13:36 <DIR> d-------- C:\Documents and Settings\Annelore\Shared
                      2008-03-01 15:12 . 2008-03-04 13:37 <DIR> d-------- C:\Documents and Settings\Annelore\Incomplete
                      2008-03-01 15:10 . 2008-03-26 18:29 <DIR> d-------- C:\Documents and Settings\Annelore\Application Data\LimeWire
                      2008-03-01 13:09 . 2008-03-27 16:52 268 --ah----- C:\sqmdata05.sqm
                      2008-03-01 13:09 . 2008-03-27 16:52 244 --ah----- C:\sqmnoopt05.sqm
                      2008-02-28 18:43 . 2008-03-27 16:36 268 --ah----- C:\sqmdata04.sqm
                      2008-02-28 18:43 . 2008-03-27 16:36 244 --ah----- C:\sqmnoopt04.sqm
                      2008-02-27 22:10 . 2008-02-27 22:10 <DIR> d--hs---- C:\Documents and Settings\Annelore\UserData
                      2008-02-27 21:43 . 2008-03-26 22:48 268 --ah----- C:\sqmdata03.sqm

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-03-30 14:23 1,295,872 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
                      2008-03-30 09:56 1,295,360 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
                      2008-03-30 08:29 1,295,360 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
                      2008-03-29 17:51 1,271,296 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
                      2008-03-29 14:56 1,269,760 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
                      2008-03-29 13:34 1,271,296 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
                      2008-03-29 09:26 3,252,224 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
                      2008-03-29 09:26 1,549,824 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
                      2008-03-29 09:24 1,549,312 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
                      2008-03-29 08:43 1,549,312 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
                      2008-03-26 12:45 1,514,496 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
                      2008-03-22 19:57 8,456,033 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
                      2008-03-19 15:17 --------- d-----w C:\Program Files\Java
                      2008-03-15 12:08 1,452,544 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
                      2008-03-14 22:10 1,452,032 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
                      2008-03-11 20:47 4,373,504 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
                      2008-03-10 17:02 1,415,168 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
                      2008-03-08 17:10 1,406,976 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
                      2008-03-06 11:44 3,182,592 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
                      2008-03-05 13:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
                      2008-02-20 13:03 --------- d-----w C:\Program Files\microsoft frontpage
                      2008-02-20 09:57 9,709,568 ----a-w C:\WINDOWS\RTLCPL.exe
                      2008-02-20 09:57 86,016 ----a-w C:\WINDOWS\SoundMan.exe
                      2008-02-20 09:57 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
                      2008-02-20 09:57 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
                      2008-02-20 09:57 4,484,608 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
                      2008-02-20 09:57 315,392 ----a-w C:\WINDOWS\HideWin.exe
                      2008-02-20 09:57 2,879,488 ----a-w C:\WINDOWS\SkyTel.exe
                      2008-02-20 09:57 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe
                      2008-02-20 09:57 2,157,568 ----a-w C:\WINDOWS\MicCal.exe
                      2008-02-20 09:57 16,125,440 ----a-w C:\WINDOWS\RTHDCPL.exe
                      2008-02-20 09:57 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
                      2008-02-20 09:57 --------- d-----w C:\Program Files\Common Files\InstallShield
                      2008-02-19 04:52 --------- d-----w C:\Program Files\Prime95
                      2008-02-19 04:51 --------- d-----w C:\Program Files\CyberLink
                      2008-02-19 04:51 --------- d-----w C:\Program Files\Common Files\Ahead
                      2008-02-19 04:51 --------- d-----w C:\Program Files\Ahead
                      2008-02-19 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
                      2008-02-19 03:55 --------- d-----w C:\Program Files\Futuremark
                      2008-02-19 03:53 --------- d-----w C:\Program Files\Windows Media Components
                      2008-02-19 03:53 --------- d-----w C:\Program Files\Malicious Software Removal Tool
                      2008-02-19 03:51 --------- d-----w C:\Program Files\Common Files\Java
                      2008-02-19 03:34 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
                      2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
                      2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
                      .

                      ((((((((((((((((((((((((((((( [email protected]_15.10.21.18 )))))))))))))))))))))))))))))))))))))))))
                      .
                      + 2003-11-04 04:39:49 227,085 ----a-w C:\WINDOWS\Cache\Adobe Reader 6.0.1\NLDMIN\setup.exe
                      - 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
                      + 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
                      - 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
                      + 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
                      + 2008-03-21 16:15:34 23,558 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1043-7646-A00000000001}\ARPPRODUCTICON.exe
                      - 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
                      + 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
                      - 2008-02-19 03:51:56 135,168 ----a-w C:\WINDOWS\system32\java.exe
                      + 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
                      - 2008-02-19 03:51:56 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
                      + 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
                      - 2008-02-19 03:51:56 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
                      + 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
                      - 2008-02-23 11:31:27 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat
                      + 2008-03-30 16:58:51 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat
                      - 2008-02-23 11:31:27 76,582 ----a-w C:\WINDOWS\system32\perfc013.dat
                      + 2008-03-30 16:58:51 76,582 ----a-w C:\WINDOWS\system32\perfc013.dat
                      - 2008-02-23 11:31:27 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat
                      + 2008-03-30 16:58:51 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat
                      - 2008-02-23 11:31:27 455,614 ----a-w C:\WINDOWS\system32\perfh013.dat
                      + 2008-03-30 16:58:51 455,614 ----a-w C:\WINDOWS\system32\perfh013.dat
                      - 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
                      + 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
                      .
                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
                      2008-03-05 18:11 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
                      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
                      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe" [ ]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-13 09:34 8466432]
                      "nwiz"="nwiz.exe" [2007-07-13 09:34 1626112 C:\WINDOWS\system32\nwiz.exe]
                      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-13 09:34 81920]
                      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
                      "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768]
                      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
                      "RTHDCPL"="RTHDCPL.EXE" [2008-02-20 11:57 16125440 C:\WINDOWS\RTHDCPL.exe]
                      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-20 15:13 579072]
                      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
                      "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
                      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-20 15:12 219136]

                      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                      hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18 147456]
                      hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672]
                      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
                      MioSync.lnk - C:\Program Files\Mio Technology\MioSync\mioSync.exe [2008-03-21 18:26:23 647168]

                      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
                      WLCtrl32.dll

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
                      --a------ 2008-02-20 11:57 69632 C:\WINDOWS\Alcmtr.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
                      --a------ 2008-02-20 11:57 2879488 C:\WINDOWS\SkyTel.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
                      C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                      "FirewallOverride"=dword:00000001

                      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
                      "DisableMonitoring"=dword:00000001

                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                      "EnableFirewall"= 0 (0x0)

                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                      "%windir%\\system32\\sessmgr.exe"=
                      "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
                      "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
                      "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
                      "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
                      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
                      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
                      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
                      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                      "C:\\Program Files\\DNA\\btdna.exe"=
                      "C:\\Program Files\\BitTorrent\\bittorrent.exe"=

                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                      "12256:TCP"= 12256:TCP:BitComet 12256 TCP
                      "12256:UDP"= 12256:UDP:BitComet 12256 UDP
                      "9190:TCP"= 9190:TCP:BitComet 9190 TCP
                      "9190:UDP"= 9190:UDP:BitComet 9190 UDP


                      .
                      Inhoud van de 'Gedeelde Taken' map
                      "2008-03-20 17:39:07 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1203529123.job"
                      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
                      "2008-03-30 19:09:35 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
                      - C:\Program Files\Windows Defender\MpCmdRun.exe
                      .
                      **************************************************************************

                      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-03-30 21:07:02
                      Windows 5.1.2600 Service Pack 2 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************
                      .
                      ------------------------ Other Running Processes ------------------------
                      .
                      C:\Program Files\Windows Defender\MsMpEng.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                      C:\WINDOWS\system32\nvsvc32.exe
                      C:\WINDOWS\system32\RUNDLL32.EXE
                      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
                      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
                      .
                      **************************************************************************
                      .
                      Voltooingstijd: 2008-03-30 21:09:51 - machine was rebooted [gebruiker]
                      ComboFix-quarantined-files.txt 2008-03-30 19:09:47
                      ComboFix2.txt 2008-03-28 16:50:11
                      ComboFix3.txt 2008-03-19 14:10:39
                      Pre-Run: 28,855,959,552 bytes beschikbaar
                      Post-Run: 28,842,573,824 bytes beschikbaar
                      .
                      2008-03-28 11:23:04 --- E O F ---

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 21:11:30, on 30/03/2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Windows Defender\MsMpEng.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                      C:\WINDOWS\system32\nvsvc32.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\RUNDLL32.EXE
                      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                      C:\WINDOWS\RTHDCPL.EXE
                      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                      C:\Program Files\Windows Defender\MSASCui.exe
                      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\Messenger\msmsgs.exe
                      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
                      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                      C:\Program Files\Mio Technology\MioSync\mioSync.exe
                      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
                      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
                      C:\WINDOWS\explorer.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\Documents and Settings\gebruiker\Bureaublad\HiJackThis.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                      O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
                      O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
                      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                      O4 - Global Startup: hp psc 1000 series.lnk = ?
                      O4 - Global Startup: hpoddt01.exe.lnk = ?
                      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                      O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
                      O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O20 - Winlogon Notify: WLCtrl32 - WLCtrl32.dll (file missing)
                      O21 - SSODL: CheckSrv - {e4537eee-35c6-49d8-8054-8befa62713a2} - (no file)
                      O21 - SSODL: zip - {b8975304-c0b1-4e60-bf83-f418f4564b9c} - (no file)
                      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

                      --
                      End of file - 7080 bytes


                      PC werkt terug sneller. Ondertussen ook alle oude herstelpunten verwijderd. Er worden nog steeds enkele trojans tegengehouden door AVG.
                      Een probleem dat ongeveer op hetzelfde tijdstip ondstond maar allicht een andere oorzaak kent : beeldscherm wordt niet geactiveerd of soms na zeer lange tijd. Er komt ook een "runtime error" bij elke opstart.

                      Bedankt voor de raadgevingen en het geduld.

                      Groeten
                      Piet

                      Comment


                      • #12
                        Zet aub de Windows Defender Real Time Protection uit omdat het de fix kan verstoren. Om het uit te zetten:
                        • Open Windows Defender
                          Klik Tool
                          Klik General Settings
                          Scroll naar Real Time Protection Options
                          Haal het vinkje weg bij Turn on Real Time Protection (recommended)
                          Klik Save
                          Sluit Windows Defender

                        Als je log schoon is kan je het weer aanzetten.

                        Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

                        O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
                        O20 - Winlogon Notify: WLCtrl32 - WLCtrl32.dll (file missing)
                        O21 - SSODL: CheckSrv - {e4537eee-35c6-49d8-8054-8befa62713a2} - (no file)
                        O21 - SSODL: zip - {b8975304-c0b1-4e60-bf83-f418f4564b9c} - (no file)

                        Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

                        * Clean de Cache and Cookies in IE:

                        * Sluit Internet Explorer.
                        * Ga naar Configuratiescherm > Internet Opties > tab Algemeen
                        * Klik de Cookies verwijderen knop
                        * Klik op de Bestanden verwijderen knop ernaast
                        * Vink aan: Ook alle off line items verwijderen, klik OK

                        * Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):

                        * Go to Extra > Opties.
                        * Klik Privacy in het menu.
                        * Klik op de knop wissen (Geschiedenis, Cookies, Cache).
                        * Klik OK om het venster opnieuw te sluiten.

                        * Clean andere Temporary files + Prullenbak

                        * Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
                        * Laat het je systeem scannen op bestanden die moeten verwijderd worden
                        * Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
                        * Klik daarna op OK.


                        Update vervolgens Avg, laat deze een volledige systeem scan doen en laat verwijderen wat gevonden worden.
                        Kijk of er nog steeds iets wordt geblokkeert, zoja, vermeldt de exacte locatie ervan even.

                        Nog problemen verder?
                        Groet,
                        Pimmerd

                        Comment


                        • #13
                          Laatste ingreep

                          Beste Pimmerd,

                          We naderen het einde. Vandaag uw laatste suggestie uitgevoerd.
                          Bij de laatste AVG scan waren drie detecties in het "system volume information", door AVG gedeleted. Nogmaals herstelpunten opgeruimd en nieuw aangemaakt.
                          Verdere vermelding:
                          C:/Windows/system32/kernel32.dll
                          C:/Windows/system32/ntoskrnl.exe
                          C:/Windows/system32/drivers/etc/hosts

                          Bij alle drie de vermelding status change /change

                          Zonder tegenbericht van jou sluit ik de thread af.
                          Nogmaals hartelijk dank en misschien tot later

                          Groeten

                          Piet

                          Comment


                          • #14
                            Als dat allemaal nog in systeemherstel wordt gevonden en je deze hebt verwijderd is weer schoon, ondervindt je zelf nog problemen?

                            Deinstalleer Combofix:
                            Ga naar start --> uitvoeren en typ daar: combofix /u
                            Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.
                            Groet,
                            Pimmerd

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X