Vraag & Antwoord
Trojan-vundo
15 antwoorden
- Dat eerste log file was van mij daar doet het internet het wel en die van mijn ma niet en dit is de log van mijn ma sorry voor de fout
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:27, on 6-5-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: (no name) - {BC5B46EA-1E25-406A-A1BA-BE02C23F7A24} - c:\windows\system32\uhqwtfd.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {56762dec-6b0d-4ab4-a8ad-989993b5d08b} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240038780765&h=2ad99dafb20d0d3e2748dc3628c7d07f/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: bcxznbcm - C:\WINDOWS\SYSTEM32\uhqwtfd.dll
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intelligente achtergrondsoverdrachtservice (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: FLEXnet Licensing Service (flexnet licensing service) - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Automatische updates (wuauserv) - Unknown owner - C:\WINDOWS\
–
End of file - 7638 bytes - ik heb een virus op m'n pc er is al een groot gedeelte af maar internet heeft de zogenoemde "dnserror" ik heb al een aantal programma laten draaien mbam,avast,spybot maar internet doet het nog niet.
HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:44:15, on 6-5-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: (no name) - {BC5B46EA-1E25-406A-A1BA-BE02C23F7A24} - c:\windows\system32\uhqwtfd.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {56762dec-6b0d-4ab4-a8ad-989993b5d08b} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240038780765&h=2ad99dafb20d0d3e2748dc3628c7d07f/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: bcxznbcm - C:\WINDOWS\SYSTEM32\uhqwtfd.dll
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intelligente achtergrondsoverdrachtservice (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: FLEXnet Licensing Service (flexnet licensing service) - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Automatische updates (wuauserv) - Unknown owner - C:\WINDOWS\
–
End of file - 7346 bytes
Dit heeft mbam gedaan
Malwarebytes' Anti-Malware 1.36
Database versie: 2079
Windows 5.1.2600 Service Pack 3
6-5-2009 14:32:41
mbam-log-2009-05-06 (14-32-41).txt
Scan type: Snelle Scan
Objecten gescand: 106653
Verstreken tijd: 9 minute(s), 49 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 3
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc5b46ea-1e25-406a-a1ba-be02c23f7a24} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bcxznbcm (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{bc5b46ea-1e25-406a-a1ba-be02c23f7a24} (Trojan.Vundo.H) -> Delete on reboot.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
c:\WINDOWS\system32\uhqwtfd.dll (Trojan.Vundo.H) -> Delete on reboot. - Update de mbam scanner en doe een uitgebreide scan en verwijder alles wat het vind en start opnieuw op.
Plaats een nieuw HJT Logje - Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:8159ed6c96]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {BC5B46EA-1E25-406A-A1BA-BE02C23F7A24} - c:\windows\system32\uhqwtfd.dll
O20 - Winlogon Notify: bcxznbcm - C:\WINDOWS\SYSTEM32\uhqwtfd.dll
[/b:8159ed6c96]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Download [b:8159ed6c96] naar je Bureaublad en gebruik het volgens deze handleiding.
[i:8159ed6c96] - ComboFix 09-05-06.08 - Rita 07-05-2009 13:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.678 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Hugo\Mijn documenten\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090506-0] *On-access scanning disabled* (Updated)
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-04-07 to 2009-05-07 ))))))))))))))))))))))))))))))
.
2009-05-06 12:43 . 2009-05-06 12:43 ——– d—–w c:\program files\Trend Micro
2009-05-06 09:14 . 2009-05-06 09:14 ——– d—–w c:\documents and settings\Anne\Application Data\SUPERAntiSpyware.com
2009-05-06 09:04 . 2009-05-06 09:04 ——– d—–w c:\documents and settings\Rita\Application Data\SUPERAntiSpyware.com
2009-05-06 08:57 . 2009-05-06 08:57 ——– d—–w c:\documents and settings\Naut\Application Data\SUPERAntiSpyware.com
2009-05-06 08:54 . 2009-05-06 08:54 ——– d—–w c:\documents and settings\Ilja\Application Data\SUPERAntiSpyware.com
2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\program files\SUPERAntiSpyware
2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\documents and settings\Hugo\Application Data\SUPERAntiSpyware.com
2009-05-06 08:39 . 2009-05-06 08:39 ——– d—–w c:\program files\Common Files\Wise Installation Wizard
2009-05-06 08:16 . 2009-05-06 08:16 ——– d—–w c:\documents and settings\Anne\Local Settings\Application Data\Chromium
2009-05-06 08:15 . 2009-05-06 08:15 ——– d—–w c:\documents and settings\Anne\Application Data\Malwarebytes
2009-05-06 08:14 . 2009-05-06 08:14 ——– d—–w c:\documents and settings\Naut\Application Data\Malwarebytes
2009-05-06 08:13 . 2009-05-06 08:13 23392 —-a-w c:\documents and settings\Naut\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-06 08:12 . 2009-05-06 08:12 ——– d—–w c:\documents and settings\Ilja\Application Data\Malwarebytes
2009-05-06 07:37 . 2009-05-07 11:41 ——– d–h–r c:\documents and settings\Rita\Onlangs geopend
2009-05-05 20:41 . 2009-05-07 11:35 ——– d–h–r c:\documents and settings\Hugo\Onlangs geopend
2009-05-05 20:22 . 2009-05-05 20:25 ——– d—–w c:\program files\EsetOnlineScanner
2009-05-05 20:17 . 2009-05-05 20:17 ——– d—–w c:\program files\Alwil Software
2009-05-05 20:11 . 2009-04-06 13:32 15504 —-a-w c:\windows\system32\drivers\mbam.sys
2009-05-05 20:11 . 2009-04-06 13:32 38496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-05 12:35 . 2009-05-05 19:52 ——– d—–w c:\program files\WhatsRunning
2009-05-04 17:01 . 2009-05-04 17:01 ——– d—–w c:\documents and settings\Rita\Application Data\Malwarebytes
2009-05-04 16:19 . 2009-05-04 16:19 8 —-a-w c:\windows\system32\nvModes.dat
2009-05-04 16:14 . 2009-05-04 16:14 ——– d—–w c:\documents and settings\All Users\Application Data\NVIDIA
2009-05-04 15:53 . 2009-05-05 20:11 ——– d—–w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 13:50 . 2002-04-24 10:07 19928 —-a-w c:\windows\system32\drivers\wbscr.sys
2009-05-03 13:39 . 2009-05-03 13:39 ——– d—–w c:\documents and settings\All Users\Application Data\ESET
2009-05-03 11:31 . 2009-05-03 11:31 ——– d—–w c:\documents and settings\Hugo\Application Data\itnxuwmt
2009-05-03 11:31 . 2009-05-03 11:31 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\itnxuwmt
2009-05-03 11:24 . 2009-05-03 11:24 ——– d—–w c:\documents and settings\NetworkService\Application Data\itnxuwmt
2009-05-03 11:24 . 2009-05-03 11:24 ——– d—–w c:\documents and settings\NetworkService\Local Settings\Application Data\itnxuwmt
2009-05-03 11:14 . 2009-05-03 11:14 ——– d—–w c:\documents and settings\Hugo\Application Data\Malwarebytes
2009-05-03 11:14 . 2009-05-03 11:14 ——– d—–w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-03 11:03 . 2009-05-05 20:42 ——– d—–w c:\documents and settings\Hugo\.housecall6.6
2009-05-03 10:16 . 2009-04-02 20:20 ——– d–h–w c:\documents and settings\Administrator\Netwerkprinteromgeving
2009-05-03 10:16 . 2009-04-02 20:20 ——– d–h–w c:\documents and settings\Administrator\Onlangs geopend
2009-05-03 10:16 . 2009-04-02 18:46 ——– d–h–w c:\documents and settings\Administrator\Sjablonen
2009-05-03 10:16 . 2009-05-05 19:55 ——– d—–w c:\documents and settings\Administrator
2009-05-01 17:56 . 2008-04-14 17:02 221184 —-a-w c:\windows\system32\wmpns.dll
2009-05-01 16:25 . 2009-05-01 16:25 ——– d—–w c:\documents and settings\Hugo\Application Data\TeamViewer
2009-05-01 16:25 . 2009-05-01 16:25 ——– d—–w c:\documents and settings\Hugo\temp
2009-05-01 09:04 . 2009-05-01 09:04 ——– d—–w c:\documents and settings\Rita\Application Data\itnxuwmt
2009-05-01 09:04 . 2009-05-01 09:04 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\itnxuwmt
2009-04-29 18:28 . 2009-04-29 18:28 ——– d—–w c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-29 18:03 . 2009-04-29 18:03 ——– d—–w c:\program files\Common Files\Macrovision Shared
2009-04-28 18:51 . 2009-04-28 18:51 ——– d—–w c:\documents and settings\Hugo\Application Data\Download Manager
2009-04-27 11:23 . 2009-04-29 18:06 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\Adobe
2009-04-26 19:21 . 2009-04-26 19:21 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Chromium
2009-04-26 11:52 . 2009-04-26 11:52 ——– d—–w c:\documents and settings\Hugo\Application Data\ZipGenius
2009-04-26 11:51 . 2009-04-26 11:51 ——– d—–w c:\program files\ZipGenius 6
2009-04-26 11:28 . 2009-04-26 11:28 ——– d—–w c:\documents and settings\Naut\Local Settings\Application Data\Chromium
2009-04-25 07:50 . 2009-05-04 08:48 23392 —-a-w c:\documents and settings\Rita\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-23 18:46 . 2009-04-23 18:46 ——– d—–w c:\program files\PC Inspector File Recovery
2009-04-23 18:34 . 2009-04-23 18:34 ——– d—–w c:\program files\Recuva
2009-04-21 19:52 . 2009-04-21 19:52 ——– d—–w c:\documents and settings\Hugo\Application Data\Convivea
2009-04-21 19:52 . 2009-04-21 19:53 ——– d—–w c:\program files\Bit Che
2009-04-21 19:50 . 2009-04-28 13:49 ——– d—–w c:\program files\BitLord
2009-04-21 19:20 . 2009-04-21 19:20 ——– d—–w c:\documents and settings\Anne\Local Settings\Application Data\Google
2009-04-19 18:56 . 2009-04-19 18:56 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Chromium
2009-04-19 11:19 . 2009-04-19 11:19 ——– d—–w c:\documents and settings\Rita\Application Data\OpenOffice.org
2009-04-19 10:56 . 2009-04-19 18:54 ——– d—–w c:\documents and settings\Rita\Tracing
2009-04-18 17:01 . 2009-04-22 15:43 ——– d—–w c:\windows\system32\Adobe
2009-04-18 16:13 . 2009-04-23 18:35 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\Google
2009-04-18 07:13 . 2009-04-18 07:13 ——– d—–w c:\windows\Sun
2009-04-18 07:13 . 2009-04-18 07:13 410984 —-a-w c:\windows\system32\deploytk.dll
2009-04-18 07:13 . 2009-04-18 07:13 ——– d—–w c:\program files\Java
2009-04-18 06:43 . 2009-04-18 06:43 ——– d—–w c:\documents and settings\Naut\Local Settings\Application Data\Google
2009-04-17 15:18 . 2009-05-07 09:00 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Adobe
2009-04-17 15:08 . 2009-04-17 15:08 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Google
2009-04-17 11:15 . 2009-04-25 07:45 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Google
2009-04-17 11:09 . 2009-04-29 18:11 ——– d—–w c:\program files\Common Files\Adobe
2009-04-17 11:06 . 2009-04-17 11:22 ——– d—–w c:\program files\Google
2009-04-17 11:06 . 2009-04-17 11:22 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Adobe
2009-04-17 11:05 . 2009-04-17 11:43 ——– d—–w c:\documents and settings\All Users\Application Data\NOS
2009-04-17 11:05 . 2009-04-17 11:43 ——– d—–w c:\program files\NOS
2009-04-17 10:25 . 2009-02-06 10:10 227840 -c—-w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 10:25 . 2009-03-06 14:23 285696 -c—-w c:\windows\system32\dllcache\pdh.dll
2009-04-17 10:25 . 2009-02-09 11:27 111104 -c—-w c:\windows\system32\dllcache\services.exe
2009-04-17 10:25 . 2009-02-09 10:56 401408 -c—-w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 10:25 . 2009-02-09 10:56 473600 -c—-w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 10:25 . 2009-02-09 10:56 684544 -c—-w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 10:25 . 2009-02-09 10:56 734208 -c—-w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 10:25 . 2009-02-09 10:56 453120 -c—-w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 10:25 . 2009-02-09 10:56 735744 -c—-w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 10:24 . 2008-04-21 21:16 218624 -c—-w c:\windows\system32\dllcache\wordpad.exe
2009-04-17 10:23 . 2008-10-16 12:06 208744 —-a-w c:\windows\system32\muweb.dll
2009-04-17 10:23 . 2008-10-16 12:06 268648 —-a-w c:\windows\system32\mucltui.dll
2009-04-16 19:35 . 2009-05-06 08:12 ——– d—–w c:\documents and settings\Ilja\Tracing
2009-04-16 15:43 . 2009-05-07 11:20 ——– d—–w c:\documents and settings\Hugo\Tracing
2009-04-16 15:43 . 2009-04-16 15:43 ——– d—–w c:\program files\Microsoft
2009-04-16 15:43 . 2009-04-16 15:43 ——– d—–w c:\program files\Windows Live SkyDrive
2009-04-16 15:42 . 2009-04-16 15:43 ——– d—–w c:\program files\Windows Live
2009-04-16 15:37 . 2009-04-16 15:37 ——– d—–w c:\program files\Common Files\Windows Live
2009-04-11 07:07 . 2009-04-11 07:07 ——– d—–w c:\program files\Codemasters
2009-04-08 14:56 . 2009-04-08 14:56 ——– d—–w c:\documents and settings\Ilja\Application Data\HP
2009-04-08 14:08 . 2009-04-08 14:08 ——– d—–w C:\ts_tmp
2009-04-08 13:08 . 2009-04-08 13:08 ——– d—–w c:\documents and settings\Naut\Application Data\HP
2009-04-08 12:40 . 2009-04-08 12:40 ——– d—–w c:\documents and settings\Anne\Application Data\HP
2009-04-08 09:48 . 2009-04-08 09:48 ——– d—–w c:\program files\MSXML 4.0
2009-04-08 06:40 . 2009-04-08 06:40 ——– d—–w c:\documents and settings\Rita\Application Data\HP
2009-04-07 19:25 . 2009-05-03 14:23 ——– d—–w c:\documents and settings\Hugo\Application Data\HP
2009-04-07 19:19 . 2009-04-07 19:19 ——– d—–w c:\documents and settings\LocalService\Application Data\HP
2009-04-07 19:19 . 2009-04-07 19:19 ——– d—–w c:\documents and settings\All Users\Application Data\HP
2009-04-07 19:18 . 2009-04-07 19:19 ——– d—–w c:\program files\Common Files\HP
2009-04-07 19:17 . 2009-04-07 19:17 ——– d—–w c:\program files\Hewlett-Packard
2009-04-07 19:16 . 2009-04-07 19:16 ——– d—–w c:\program files\Common Files\Hewlett-Packard
2009-04-07 19:16 . 2008-04-13 18:45 15104 -c–a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-07 19:16 . 2008-04-13 18:45 15104 —-a-w c:\windows\system32\drivers\usbscan.sys
2009-04-07 19:15 . 2006-03-03 19:02 94208 —-a-w c:\windows\system32\HPZipt12.dll
2009-04-07 19:15 . 2006-03-03 19:02 57344 —-a-w c:\windows\system32\HPZisn12.dll
2009-04-07 19:15 . 2006-03-03 19:02 204800 —-a-w c:\windows\system32\HPZipr12.dll
2009-04-07 19:15 . 2006-03-03 19:03 65536 —-a-w c:\windows\system32\HPZinw12.exe
2009-04-07 19:15 . 2006-03-03 19:03 69632 —-a-w c:\windows\system32\HPZipm12.exe
2009-04-07 19:15 . 2006-03-03 19:03 282680 —-a-w c:\windows\system32\HPZidr12.dll
2009-04-07 19:15 . 1998-10-29 14:45 306688 —-a-w c:\windows\IsUninst.exe
2009-04-07 19:14 . 2009-04-07 19:19 ——– d—–w c:\program files\HP
2009-04-07 19:14 . 2006-04-13 01:04 16496 —-a-r c:\windows\system32\drivers\HPZipr12.sys
2009-04-07 19:14 . 2006-04-13 01:04 49664 —-a-r c:\windows\system32\drivers\HPZid412.sys
2009-04-07 19:13 . 2009-04-07 19:20 123206 —-a-w c:\windows\hpoins11.dat
2009-04-07 19:13 . 2006-01-04 08:12 77824 —-a-r c:\windows\system32\HPZIDS01.dll
2009-04-07 19:13 . 2006-04-10 12:03 38400 —-a-w c:\windows\system32\hpz3l054.dll
2009-04-07 19:13 . 2006-04-13 01:04 282624 —-a-r c:\windows\system32\HPZc3212.dll
2009-04-07 19:13 . 2006-04-13 01:04 21568 —-a-r c:\windows\system32\drivers\HPZius12.sys
2009-04-07 16:25 . 2008-04-13 18:47 25856 -c–a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-07 16:25 . 2008-04-13 18:47 25856 —-a-w c:\windows\system32\drivers\usbprint.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 13:50 . 2009-04-06 18:32 ——– d–h–w c:\program files\InstallShield Installation Information
2009-04-30 08:29 . 2009-04-06 18:36 17408 —-a-w c:\windows\system32\drivers\USBCRFT.SYS
2009-04-28 17:45 . 2006-03-02 12:00 77628 —-a-w c:\windows\system32\perfc013.dat
2009-04-28 17:45 . 2006-03-02 12:00 458570 —-a-w c:\windows\system32\perfh013.dat
2009-04-06 19:50 . 2009-04-02 18:49 76487 —-a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-06 18:57 . 2009-04-06 18:57 ——– d—–w c:\program files\USB Wireless Keyboard Driver
2009-04-06 18:37 . 2009-04-06 18:37 ——– d—–w c:\program files\Intel
2009-04-06 18:36 . 2009-04-06 18:32 ——– d—–w c:\program files\Common Files\InstallShield
2009-04-06 18:32 . 2009-04-06 18:32 19915 —-a-w c:\windows\system32\drivers\AegisP.sys
2009-04-06 18:32 . 2009-04-06 18:32 ——– d—–w c:\program files\RALINK
2009-04-02 19:03 . 2009-04-02 19:03 ——– d—–w c:\program files\DIFX
2009-04-02 18:50 . 2009-04-02 18:50 ——– d—–w c:\program files\microsoft frontpage
2009-04-02 18:49 . 2006-03-02 12:00 67 –sha-w c:\windows\Fonts\desktop.ini
2009-04-02 18:47 . 2009-04-02 18:47 21748 —-a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:23 . 2006-03-02 12:00 285696 —-a-w c:\windows\system32\pdh.dll
2009-03-03 00:16 . 2006-03-02 12:00 826368 —-a-w c:\windows\system32\wininet.dll
2009-02-20 17:18 . 2006-03-02 12:00 78336 —-a-w c:\windows\system32\ieencode.dll
2009-02-09 14:08 . 2006-03-02 12:00 1846912 —-a-w c:\windows\system32\win32k.sys
2009-02-09 11:27 . 2004-08-04 00:58 2028544 —-a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:27 . 2006-03-02 12:00 2149888 —-a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:27 . 2006-03-02 12:00 111104 —-a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2006-03-02 12:00 734208 —-a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2006-03-02 12:00 684544 —-a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2006-03-02 12:00 401408 —-a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2006-03-02 12:00 735744 —-a-w c:\windows\system32\ntdll.dll
2009-02-06 16:52 . 2009-02-06 16:52 49504 —-a-w c:\windows\system32\sirenacm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC5B46EA-1E25-406A-A1BA-BE02C23F7A24}]
2006-03-02 12:00 104448 —-a-w c:\windows\system32\uhqwtfd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-17 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Ralink Wireless Utility.lnk - c:\program files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2009-4-6 638976]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 10:05 356352 —-a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bcxznbcm]
2006-03-02 12:00 104448 —-a-w c:\windows\system32\uhqwtfd.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave3"= serwvdrv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 ydiclngv;ydiclngv;c:\windows\system32\drivers\ydiclngv.sys [2-3-2006 14:00 23424]
R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5-5-2009 22:18 114768]
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28-4-2009 11:33 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28-4-2009 11:33 72944]
R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5-5-2009 22:18 20560]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [6-4-2009 21:07 945152]
R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28-4-2009 11:33 7408]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [3-5-2009 15:50 19928]
S0 a58529384ac9181cc1c65f199253dd2d;a58529384ac9181cc1c65f199253dd2d;c:\windows\system32\a58529384ac9181cc1c65f199253dd2d.sys –> c:\windows\system32\a58529384ac9181cc1c65f199253dd2d.sys [?]
S0 rseb;rseb; [x]
S1 3ddc35a4;3ddc35a4;c:\windows\system32\drivers\3ddc35a4.sys –> c:\windows\system32\drivers\3ddc35a4.sys [?]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [6-4-2009 20:36 17408]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [12-5-2005 14:39 1287296]
S3 RTL8187B;Wireless Network USB Adapter 54g WL-168v1.004;c:\windows\system32\drivers\RTL8187B.sys [2-4-2009 21:03 264576]
S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [6-4-2009 20:57 11672]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mctlrhke
Gyxru
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 13:45
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(2244)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2009-05-07 13:46
ComboFix-quarantined-files.txt 2009-05-07 11:46
Pre-Run: 226.643.566.592 bytes beschikbaar
Post-Run: 228.061.667.328 bytes beschikbaar
267 — E O F — 2009-04-29 08:57 - Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
[b:8a05597273] - ComboFix 09-05-07.08 - Rita 08-05-2009 12:12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.569 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Rita\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Rita\Bureaublad\cfscript.txt
AV: avast! antivirus 4.8.1335 [VPS 090507-0] *On-access scanning disabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
FILE ::
c:\windows\system32\uhqwtfd.dll
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\uhqwtfd.dll . . . . konden niet verwijderd worden
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\Service_rseb
(((((((((((((((((((( Bestanden Gemaakt van 2009-04-08 to 2009-05-08 ))))))))))))))))))))))))))))))
.
2009-05-06 12:43 . 2009-05-06 12:43 ——– d—–w c:\program files\Trend Micro
2009-05-06 09:14 . 2009-05-06 09:14 ——– d—–w c:\documents and settings\Anne\Application Data\SUPERAntiSpyware.com
2009-05-06 09:04 . 2009-05-06 09:04 ——– d—–w c:\documents and settings\Rita\Application Data\SUPERAntiSpyware.com
2009-05-06 08:57 . 2009-05-06 08:57 ——– d—–w c:\documents and settings\Naut\Application Data\SUPERAntiSpyware.com
2009-05-06 08:54 . 2009-05-06 08:54 ——– d—–w c:\documents and settings\Ilja\Application Data\SUPERAntiSpyware.com
2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\program files\SUPERAntiSpyware
2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\documents and settings\Hugo\Application Data\SUPERAntiSpyware.com
2009-05-06 08:39 . 2009-05-06 08:39 ——– d—–w c:\program files\Common Files\Wise Installation Wizard
2009-05-06 08:16 . 2009-05-06 08:16 ——– d—–w c:\documents and settings\Anne\Local Settings\Application Data\Chromium
2009-05-06 08:15 . 2009-05-06 08:15 ——– d—–w c:\documents and settings\Anne\Application Data\Malwarebytes
2009-05-06 08:14 . 2009-05-06 08:14 ——– d—–w c:\documents and settings\Naut\Application Data\Malwarebytes
2009-05-06 08:13 . 2009-05-06 08:13 23392 —-a-w c:\documents and settings\Naut\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-06 08:12 . 2009-05-06 08:12 ——– d—–w c:\documents and settings\Ilja\Application Data\Malwarebytes
2009-05-06 07:37 . 2009-05-08 10:07 ——– d–h–r c:\documents and settings\Rita\Onlangs geopend
2009-05-05 20:41 . 2009-05-07 15:10 ——– d–h–r c:\documents and settings\Hugo\Onlangs geopend
2009-05-05 20:22 . 2009-05-05 20:25 ——– d—–w c:\program files\EsetOnlineScanner
2009-05-05 20:17 . 2009-05-05 20:17 ——– d—–w c:\program files\Alwil Software
2009-05-05 20:11 . 2009-04-06 13:32 15504 —-a-w c:\windows\system32\drivers\mbam.sys
2009-05-05 20:11 . 2009-04-06 13:32 38496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-05 12:35 . 2009-05-05 19:52 ——– d—–w c:\program files\WhatsRunning
2009-05-04 17:01 . 2009-05-04 17:01 ——– d—–w c:\documents and settings\Rita\Application Data\Malwarebytes
2009-05-04 16:19 . 2009-05-04 16:19 8 —-a-w c:\windows\system32\nvModes.dat
2009-05-04 16:14 . 2009-05-04 16:14 ——– d—–w c:\documents and settings\All Users\Application Data\NVIDIA
2009-05-04 15:53 . 2009-05-05 20:11 ——– d—–w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 13:50 . 2002-04-24 10:07 19928 —-a-w c:\windows\system32\drivers\wbscr.sys
2009-05-03 13:39 . 2009-05-03 13:39 ——– d—–w c:\documents and settings\All Users\Application Data\ESET
2009-05-03 11:31 . 2009-05-03 11:31 ——– d—–w c:\documents and settings\Hugo\Application Data\itnxuwmt
2009-05-03 11:31 . 2009-05-03 11:31 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\itnxuwmt
2009-05-03 11:24 . 2009-05-03 11:24 ——– d—–w c:\documents and settings\NetworkService\Application Data\itnxuwmt
2009-05-03 11:24 . 2009-05-03 11:24 ——– d—–w c:\documents and settings\NetworkService\Local Settings\Application Data\itnxuwmt
2009-05-03 11:14 . 2009-05-03 11:14 ——– d—–w c:\documents and settings\Hugo\Application Data\Malwarebytes
2009-05-03 11:14 . 2009-05-03 11:14 ——– d—–w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-03 11:03 . 2009-05-05 20:42 ——– d—–w c:\documents and settings\Hugo\.housecall6.6
2009-05-03 10:16 . 2009-04-02 20:20 ——– d–h–w c:\documents and settings\Administrator\Netwerkprinteromgeving
2009-05-03 10:16 . 2009-04-02 20:20 ——– d–h–w c:\documents and settings\Administrator\Onlangs geopend
2009-05-03 10:16 . 2009-04-02 18:46 ——– d–h–w c:\documents and settings\Administrator\Sjablonen
2009-05-03 10:16 . 2009-05-05 19:55 ——– d—–w c:\documents and settings\Administrator
2009-05-01 17:56 . 2008-04-14 17:02 221184 —-a-w c:\windows\system32\wmpns.dll
2009-05-01 16:25 . 2009-05-01 16:25 ——– d—–w c:\documents and settings\Hugo\Application Data\TeamViewer
2009-05-01 16:25 . 2009-05-01 16:25 ——– d—–w c:\documents and settings\Hugo\temp
2009-05-01 09:04 . 2009-05-01 09:04 ——– d—–w c:\documents and settings\Rita\Application Data\itnxuwmt
2009-05-01 09:04 . 2009-05-01 09:04 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\itnxuwmt
2009-04-29 18:28 . 2009-04-29 18:28 ——– d—–w c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-29 18:03 . 2009-04-29 18:03 ——– d—–w c:\program files\Common Files\Macrovision Shared
2009-04-28 18:51 . 2009-04-28 18:51 ——– d—–w c:\documents and settings\Hugo\Application Data\Download Manager
2009-04-27 11:23 . 2009-04-29 18:06 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\Adobe
2009-04-26 19:21 . 2009-04-26 19:21 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Chromium
2009-04-26 11:52 . 2009-04-26 11:52 ——– d—–w c:\documents and settings\Hugo\Application Data\ZipGenius
2009-04-26 11:51 . 2009-04-26 11:51 ——– d—–w c:\program files\ZipGenius 6
2009-04-26 11:28 . 2009-04-26 11:28 ——– d—–w c:\documents and settings\Naut\Local Settings\Application Data\Chromium
2009-04-25 07:50 . 2009-05-04 08:48 23392 —-a-w c:\documents and settings\Rita\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-23 18:46 . 2009-04-23 18:46 ——– d—–w c:\program files\PC Inspector File Recovery
2009-04-23 18:34 . 2009-04-23 18:34 ——– d—–w c:\program files\Recuva
2009-04-21 19:52 . 2009-04-21 19:52 ——– d—–w c:\documents and settings\Hugo\Application Data\Convivea
2009-04-21 19:52 . 2009-04-21 19:53 ——– d—–w c:\program files\Bit Che
2009-04-21 19:50 . 2009-04-28 13:49 ——– d—–w c:\program files\BitLord
2009-04-21 19:20 . 2009-04-21 19:20 ——– d—–w c:\documents and settings\Anne\Local Settings\Application Data\Google
2009-04-19 18:56 . 2009-04-19 18:56 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Chromium
2009-04-19 11:19 . 2009-04-19 11:19 ——– d—–w c:\documents and settings\Rita\Application Data\OpenOffice.org
2009-04-19 10:56 . 2009-04-19 18:54 ——– d—–w c:\documents and settings\Rita\Tracing
2009-04-18 17:01 . 2009-04-22 15:43 ——– d—–w c:\windows\system32\Adobe
2009-04-18 16:13 . 2009-04-23 18:35 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\Google
2009-04-18 07:13 . 2009-04-18 07:13 ——– d—–w c:\windows\Sun
2009-04-18 07:13 . 2009-04-18 07:13 410984 —-a-w c:\windows\system32\deploytk.dll
2009-04-18 07:13 . 2009-04-18 07:13 ——– d—–w c:\program files\Java
2009-04-18 06:43 . 2009-04-18 06:43 ——– d—–w c:\documents and settings\Naut\Local Settings\Application Data\Google
2009-04-17 15:18 . 2009-05-07 09:00 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Adobe
2009-04-17 15:08 . 2009-04-17 15:08 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Google
2009-04-17 11:15 . 2009-04-25 07:45 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Google
2009-04-17 11:09 . 2009-04-29 18:11 ——– d—–w c:\program files\Common Files\Adobe
2009-04-17 11:06 . 2009-04-17 11:22 ——– d—–w c:\program files\Google
2009-04-17 11:06 . 2009-04-17 11:22 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Adobe
2009-04-17 11:05 . 2009-04-17 11:43 ——– d—–w c:\documents and settings\All Users\Application Data\NOS
2009-04-17 11:05 . 2009-04-17 11:43 ——– d—–w c:\program files\NOS
2009-04-17 10:25 . 2009-02-06 10:10 227840 -c—-w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 10:25 . 2009-03-06 14:23 285696 -c—-w c:\windows\system32\dllcache\pdh.dll
2009-04-17 10:25 . 2009-02-09 11:27 111104 -c—-w c:\windows\system32\dllcache\services.exe
2009-04-17 10:25 . 2009-02-09 10:56 401408 -c—-w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 10:25 . 2009-02-09 10:56 473600 -c—-w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 10:25 . 2009-02-09 10:56 684544 -c—-w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 10:25 . 2009-02-09 10:56 734208 -c—-w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 10:25 . 2009-02-09 10:56 453120 -c—-w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 10:25 . 2009-02-09 10:56 735744 -c—-w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 10:24 . 2008-04-21 21:16 218624 -c—-w c:\windows\system32\dllcache\wordpad.exe
2009-04-17 10:23 . 2008-10-16 12:06 208744 —-a-w c:\windows\system32\muweb.dll
2009-04-17 10:23 . 2008-10-16 12:06 268648 —-a-w c:\windows\system32\mucltui.dll
2009-04-16 19:35 . 2009-05-06 08:12 ——– d—–w c:\documents and settings\Ilja\Tracing
2009-04-16 15:43 . 2009-05-08 09:18 ——– d—–w c:\documents and settings\Hugo\Tracing
2009-04-16 15:43 . 2009-04-16 15:43 ——– d—–w c:\program files\Microsoft
2009-04-16 15:43 . 2009-04-16 15:43 ——– d—–w c:\program files\Windows Live SkyDrive
2009-04-16 15:42 . 2009-04-16 15:43 ——– d—–w c:\program files\Windows Live
2009-04-16 15:37 . 2009-04-16 15:37 ——– d—–w c:\program files\Common Files\Windows Live
2009-04-11 07:07 . 2009-04-11 07:07 ——– d—–w c:\program files\Codemasters
2009-04-08 14:56 . 2009-04-08 14:56 ——– d—–w c:\documents and settings\Ilja\Application Data\HP
2009-04-08 14:08 . 2009-04-08 14:08 ——– d—–w C:\ts_tmp
2009-04-08 13:08 . 2009-04-08 13:08 ——– d—–w c:\documents and settings\Naut\Application Data\HP
2009-04-08 12:40 . 2009-04-08 12:40 ——– d—–w c:\documents and settings\Anne\Application Data\HP
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 14:04 . 2009-04-07 14:17 ——– d—–w c:\program files\SRWare Iron
2009-05-04 18:59 . 2009-04-07 14:43 23392 —-a-w c:\documents and settings\Ilja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-03 13:50 . 2009-04-06 18:32 ——– d–h–w c:\program files\InstallShield Installation Information
2009-05-03 10:39 . 2009-04-07 14:35 ——– d—–w c:\program files\Spybot - Search & Destroy
2009-04-30 08:29 . 2009-04-06 18:36 17408 —-a-w c:\windows\system32\drivers\USBCRFT.SYS
2009-04-29 18:28 . 2009-04-07 14:24 23392 —-a-w c:\documents and settings\Hugo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 17:45 . 2006-03-02 12:00 77628 —-a-w c:\windows\system32\perfc013.dat
2009-04-28 17:45 . 2006-03-02 12:00 458570 —-a-w c:\windows\system32\perfh013.dat
2009-04-08 09:48 . 2009-04-08 09:48 ——– d—–w c:\program files\MSXML 4.0
2009-04-07 19:20 . 2009-04-07 19:13 123206 —-a-w c:\windows\hpoins11.dat
2009-04-07 19:19 . 2009-04-07 19:18 ——– d—–w c:\program files\Common Files\HP
2009-04-07 19:19 . 2009-04-07 19:14 ——– d—–w c:\program files\HP
2009-04-07 19:17 . 2009-04-07 19:17 ——– d—–w c:\program files\Hewlett-Packard
2009-04-07 19:16 . 2009-04-07 19:16 ——– d—–w c:\program files\Common Files\Hewlett-Packard
2009-04-07 14:35 . 2009-04-07 14:35 ——– d—–w c:\program files\CCleaner
2009-04-07 14:09 . 2009-04-07 14:09 ——– d—–w c:\program files\Windows Media Connect 2
2009-04-06 19:50 . 2009-04-02 18:49 76487 —-a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-06 18:57 . 2009-04-06 18:57 ——– d—–w c:\program files\USB Wireless Keyboard Driver
2009-04-06 18:37 . 2009-04-06 18:37 ——– d—–w c:\program files\Intel
2009-04-06 18:36 . 2009-04-06 18:32 ——– d—–w c:\program files\Common Files\InstallShield
2009-04-06 18:32 . 2009-04-06 18:32 19915 —-a-w c:\windows\system32\drivers\AegisP.sys
2009-04-06 18:32 . 2009-04-06 18:32 ——– d—–w c:\program files\RALINK
2009-04-02 19:03 . 2009-04-02 19:03 ——– d—–w c:\program files\DIFX
2009-04-02 18:50 . 2009-04-02 18:50 ——– d—–w c:\program files\microsoft frontpage
2009-04-02 18:49 . 2006-03-02 12:00 67 –sha-w c:\windows\Fonts\desktop.ini
2009-04-02 18:47 . 2009-04-02 18:47 21748 —-a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:23 . 2006-03-02 12:00 285696 —-a-w c:\windows\system32\pdh.dll
2009-03-03 00:16 . 2006-03-02 12:00 826368 —-a-w c:\windows\system32\wininet.dll
2009-02-20 17:18 . 2006-03-02 12:00 78336 —-a-w c:\windows\system32\ieencode.dll
2009-02-09 14:08 . 2006-03-02 12:00 1846912 —-a-w c:\windows\system32\win32k.sys
2009-02-09 11:27 . 2004-08-04 00:58 2028544 —-a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:27 . 2006-03-02 12:00 2149888 —-a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:27 . 2006-03-02 12:00 111104 —-a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2006-03-02 12:00 734208 —-a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2006-03-02 12:00 684544 —-a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2006-03-02 12:00 401408 —-a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2006-03-02 12:00 735744 —-a-w c:\windows\system32\ntdll.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-07_11.45.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-08 10:15 . 2009-05-08 10:15 16384 c:\windows\Temp\Perflib_Perfdata_5ac.dat
+ 2009-05-08 10:15 . 2009-05-08 10:15 16384 c:\windows\Temp\Perflib_Perfdata_254.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC5B46EA-1E25-406A-A1BA-BE02C23F7A24}]
2006-03-02 12:00 104448 —-a-w c:\windows\system32\uhqwtfd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-17 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Ralink Wireless Utility.lnk - c:\program files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2009-4-6 638976]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 10:05 356352 —-a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bcxznbcm]
2006-03-02 12:00 104448 —-a-w c:\windows\system32\uhqwtfd.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave3"= serwvdrv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 ydiclngv;ydiclngv;c:\windows\system32\drivers\ydiclngv.sys [2-3-2006 14:00 23424]
R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5-5-2009 22:18 114768]
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28-4-2009 11:33 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28-4-2009 11:33 72944]
R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5-5-2009 22:18 20560]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [6-4-2009 21:07 945152]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [3-5-2009 15:50 19928]
S0 a58529384ac9181cc1c65f199253dd2d;a58529384ac9181cc1c65f199253dd2d;c:\windows\system32\a58529384ac9181cc1c65f199253dd2d.sys –> c:\windows\system32\a58529384ac9181cc1c65f199253dd2d.sys [?]
S1 3ddc35a4;3ddc35a4;c:\windows\system32\drivers\3ddc35a4.sys –> c:\windows\system32\drivers\3ddc35a4.sys [?]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [6-4-2009 20:36 17408]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [12-5-2005 14:39 1287296]
S3 RTL8187B;Wireless Network USB Adapter 54g WL-168v1.004;c:\windows\system32\drivers\RTL8187B.sys [2-4-2009 21:03 264576]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28-4-2009 11:33 7408]
S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [6-4-2009 20:57 11672]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mctlrhke
Gyxru
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 12:29
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(2136)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
———————— Andere Aktieve Processen ————————
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\scardsvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Voltooingstijd: 2009-05-08 12:31 - machine werd herstart
ComboFix-quarantined-files.txt 2009-05-08 10:31
ComboFix2.txt 2009-05-07 11:46
Pre-Run: 228.311.134.208 bytes beschikbaar
Post-Run: 228.264.185.856 bytes beschikbaar
279 — E O F — 2009-04-29 08:57 - Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
[b:e552e149fa] - ComboFix 09-05-07.A01 - Rita 08-05-2009 17:04.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.688 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Rita\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Rita\Bureaublad\cfscript.txt.txt
AV: avast! antivirus 4.8.1335 [VPS 090507-0] *On-access scanning disabled* (Updated)
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\uhqwtfd.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-04-08 to 2009-05-08 ))))))))))))))))))))))))))))))
.
2009-05-06 12:43 . 2009-05-06 12:43 ——– d—–w c:\program files\Trend Micro
2009-05-06 09:14 . 2009-05-06 09:14 ——– d—–w c:\documents and settings\Anne\Application Data\SUPERAntiSpyware.com
2009-05-06 09:04 . 2009-05-06 09:04 ——– d—–w c:\documents and settings\Rita\Application Data\SUPERAntiSpyware.com
2009-05-06 08:57 . 2009-05-06 08:57 ——– d—–w c:\documents and settings\Naut\Application Data\SUPERAntiSpyware.com
2009-05-06 08:54 . 2009-05-06 08:54 ——– d—–w c:\documents and settings\Ilja\Application Data\SUPERAntiSpyware.com
2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\program files\SUPERAntiSpyware
2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\documents and settings\Hugo\Application Data\SUPERAntiSpyware.com
2009-05-06 08:39 . 2009-05-06 08:39 ——– d—–w c:\program files\Common Files\Wise Installation Wizard
2009-05-06 08:16 . 2009-05-06 08:16 ——– d—–w c:\documents and settings\Anne\Local Settings\Application Data\Chromium
2009-05-06 08:15 . 2009-05-06 08:15 ——– d—–w c:\documents and settings\Anne\Application Data\Malwarebytes
2009-05-06 08:14 . 2009-05-06 08:14 ——– d—–w c:\documents and settings\Naut\Application Data\Malwarebytes
2009-05-06 08:13 . 2009-05-06 08:13 23392 —-a-w c:\documents and settings\Naut\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-06 08:12 . 2009-05-06 08:12 ——– d—–w c:\documents and settings\Ilja\Application Data\Malwarebytes
2009-05-06 07:37 . 2009-05-08 10:32 ——– d–h–r c:\documents and settings\Rita\Onlangs geopend
2009-05-05 20:41 . 2009-05-08 14:45 ——– d–h–r c:\documents and settings\Hugo\Onlangs geopend
2009-05-05 20:22 . 2009-05-05 20:25 ——– d—–w c:\program files\EsetOnlineScanner
2009-05-05 20:17 . 2009-05-05 20:17 ——– d—–w c:\program files\Alwil Software
2009-05-05 20:11 . 2009-04-06 13:32 15504 —-a-w c:\windows\system32\drivers\mbam.sys
2009-05-05 20:11 . 2009-04-06 13:32 38496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-05 12:35 . 2009-05-05 19:52 ——– d—–w c:\program files\WhatsRunning
2009-05-04 17:01 . 2009-05-04 17:01 ——– d—–w c:\documents and settings\Rita\Application Data\Malwarebytes
2009-05-04 16:19 . 2009-05-04 16:19 8 —-a-w c:\windows\system32\nvModes.dat
2009-05-04 16:14 . 2009-05-04 16:14 ——– d—–w c:\documents and settings\All Users\Application Data\NVIDIA
2009-05-04 15:53 . 2009-05-05 20:11 ——– d—–w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 13:50 . 2002-04-24 10:07 19928 —-a-w c:\windows\system32\drivers\wbscr.sys
2009-05-03 13:39 . 2009-05-03 13:39 ——– d—–w c:\documents and settings\All Users\Application Data\ESET
2009-05-03 11:31 . 2009-05-03 11:31 ——– d—–w c:\documents and settings\Hugo\Application Data\itnxuwmt
2009-05-03 11:31 . 2009-05-03 11:31 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\itnxuwmt
2009-05-03 11:24 . 2009-05-03 11:24 ——– d—–w c:\documents and settings\NetworkService\Application Data\itnxuwmt
2009-05-03 11:24 . 2009-05-03 11:24 ——– d—–w c:\documents and settings\NetworkService\Local Settings\Application Data\itnxuwmt
2009-05-03 11:14 . 2009-05-03 11:14 ——– d—–w c:\documents and settings\Hugo\Application Data\Malwarebytes
2009-05-03 11:14 . 2009-05-03 11:14 ——– d—–w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-03 11:03 . 2009-05-05 20:42 ——– d—–w c:\documents and settings\Hugo\.housecall6.6
2009-05-03 10:16 . 2009-04-02 20:20 ——– d–h–w c:\documents and settings\Administrator\Netwerkprinteromgeving
2009-05-03 10:16 . 2009-04-02 20:20 ——– d–h–w c:\documents and settings\Administrator\Onlangs geopend
2009-05-03 10:16 . 2009-04-02 18:46 ——– d–h–w c:\documents and settings\Administrator\Sjablonen
2009-05-03 10:16 . 2009-05-05 19:55 ——– d—–w c:\documents and settings\Administrator
2009-05-01 17:56 . 2008-04-14 17:02 221184 —-a-w c:\windows\system32\wmpns.dll
2009-05-01 16:25 . 2009-05-01 16:25 ——– d—–w c:\documents and settings\Hugo\Application Data\TeamViewer
2009-05-01 16:25 . 2009-05-01 16:25 ——– d—–w c:\documents and settings\Hugo\temp
2009-05-01 09:04 . 2009-05-01 09:04 ——– d—–w c:\documents and settings\Rita\Application Data\itnxuwmt
2009-05-01 09:04 . 2009-05-01 09:04 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\itnxuwmt
2009-04-29 18:28 . 2009-04-29 18:28 ——– d—–w c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-29 18:03 . 2009-04-29 18:03 ——– d—–w c:\program files\Common Files\Macrovision Shared
2009-04-28 18:51 . 2009-04-28 18:51 ——– d—–w c:\documents and settings\Hugo\Application Data\Download Manager
2009-04-27 11:23 . 2009-04-29 18:06 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\Adobe
2009-04-26 19:21 . 2009-04-26 19:21 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Chromium
2009-04-26 11:52 . 2009-04-26 11:52 ——– d—–w c:\documents and settings\Hugo\Application Data\ZipGenius
2009-04-26 11:51 . 2009-04-26 11:51 ——– d—–w c:\program files\ZipGenius 6
2009-04-26 11:28 . 2009-04-26 11:28 ——– d—–w c:\documents and settings\Naut\Local Settings\Application Data\Chromium
2009-04-25 07:50 . 2009-05-04 08:48 23392 —-a-w c:\documents and settings\Rita\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-23 18:46 . 2009-04-23 18:46 ——– d—–w c:\program files\PC Inspector File Recovery
2009-04-23 18:34 . 2009-04-23 18:34 ——– d—–w c:\program files\Recuva
2009-04-21 19:52 . 2009-04-21 19:52 ——– d—–w c:\documents and settings\Hugo\Application Data\Convivea
2009-04-21 19:52 . 2009-04-21 19:53 ——– d—–w c:\program files\Bit Che
2009-04-21 19:50 . 2009-04-28 13:49 ——– d—–w c:\program files\BitLord
2009-04-21 19:20 . 2009-04-21 19:20 ——– d—–w c:\documents and settings\Anne\Local Settings\Application Data\Google
2009-04-19 18:56 . 2009-04-19 18:56 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Chromium
2009-04-19 11:19 . 2009-04-19 11:19 ——– d—–w c:\documents and settings\Rita\Application Data\OpenOffice.org
2009-04-19 10:56 . 2009-04-19 18:54 ——– d—–w c:\documents and settings\Rita\Tracing
2009-04-18 17:01 . 2009-04-22 15:43 ——– d—–w c:\windows\system32\Adobe
2009-04-18 16:13 . 2009-04-23 18:35 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\Google
2009-04-18 07:13 . 2009-04-18 07:13 ——– d—–w c:\windows\Sun
2009-04-18 07:13 . 2009-04-18 07:13 410984 —-a-w c:\windows\system32\deploytk.dll
2009-04-18 07:13 . 2009-04-18 07:13 ——– d—–w c:\program files\Java
2009-04-18 06:43 . 2009-04-18 06:43 ——– d—–w c:\documents and settings\Naut\Local Settings\Application Data\Google
2009-04-17 15:18 . 2009-05-07 09:00 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Adobe
2009-04-17 15:08 . 2009-04-17 15:08 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Google
2009-04-17 11:15 . 2009-04-25 07:45 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Google
2009-04-17 11:09 . 2009-04-29 18:11 ——– d—–w c:\program files\Common Files\Adobe
2009-04-17 11:06 . 2009-04-17 11:22 ——– d—–w c:\program files\Google
2009-04-17 11:06 . 2009-04-17 11:22 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Adobe
2009-04-17 11:05 . 2009-04-17 11:43 ——– d—–w c:\documents and settings\All Users\Application Data\NOS
2009-04-17 11:05 . 2009-04-17 11:43 ——– d—–w c:\program files\NOS
2009-04-17 10:25 . 2009-02-06 10:10 227840 -c—-w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 10:25 . 2009-03-06 14:23 285696 -c—-w c:\windows\system32\dllcache\pdh.dll
2009-04-17 10:25 . 2009-02-09 11:27 111104 -c—-w c:\windows\system32\dllcache\services.exe
2009-04-17 10:25 . 2009-02-09 10:56 401408 -c—-w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 10:25 . 2009-02-09 10:56 473600 -c—-w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 10:25 . 2009-02-09 10:56 684544 -c—-w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 10:25 . 2009-02-09 10:56 734208 -c—-w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 10:25 . 2009-02-09 10:56 453120 -c—-w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 10:25 . 2009-02-09 10:56 735744 -c—-w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 10:24 . 2008-04-21 21:16 218624 -c—-w c:\windows\system32\dllcache\wordpad.exe
2009-04-17 10:23 . 2008-10-16 12:06 208744 —-a-w c:\windows\system32\muweb.dll
2009-04-17 10:23 . 2008-10-16 12:06 268648 —-a-w c:\windows\system32\mucltui.dll
2009-04-16 19:35 . 2009-05-06 08:12 ——– d—–w c:\documents and settings\Ilja\Tracing
2009-04-16 15:43 . 2009-05-08 14:40 ——– d—–w c:\documents and settings\Hugo\Tracing
2009-04-16 15:43 . 2009-04-16 15:43 ——– d—–w c:\program files\Microsoft
2009-04-16 15:43 . 2009-04-16 15:43 ——– d—–w c:\program files\Windows Live SkyDrive
2009-04-16 15:42 . 2009-04-16 15:43 ——– d—–w c:\program files\Windows Live
2009-04-16 15:37 . 2009-04-16 15:37 ——– d—–w c:\program files\Common Files\Windows Live
2009-04-11 07:07 . 2009-04-11 07:07 ——– d—–w c:\program files\Codemasters
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 14:04 . 2009-04-07 14:17 ——– d—–w c:\program files\SRWare Iron
2009-05-04 18:59 . 2009-04-07 14:43 23392 —-a-w c:\documents and settings\Ilja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-03 13:50 . 2009-04-06 18:32 ——– d–h–w c:\program files\InstallShield Installation Information
2009-05-03 10:39 . 2009-04-07 14:35 ——– d—–w c:\program files\Spybot - Search & Destroy
2009-04-30 08:29 . 2009-04-06 18:36 17408 —-a-w c:\windows\system32\drivers\USBCRFT.SYS
2009-04-29 18:28 . 2009-04-07 14:24 23392 —-a-w c:\documents and settings\Hugo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 17:45 . 2006-03-02 12:00 77628 —-a-w c:\windows\system32\perfc013.dat
2009-04-28 17:45 . 2006-03-02 12:00 458570 —-a-w c:\windows\system32\perfh013.dat
2009-04-08 09:48 . 2009-04-08 09:48 ——– d—–w c:\program files\MSXML 4.0
2009-04-07 19:20 . 2009-04-07 19:13 123206 —-a-w c:\windows\hpoins11.dat
2009-04-07 19:19 . 2009-04-07 19:18 ——– d—–w c:\program files\Common Files\HP
2009-04-07 19:19 . 2009-04-07 19:14 ——– d—–w c:\program files\HP
2009-04-07 19:17 . 2009-04-07 19:17 ——– d—–w c:\program files\Hewlett-Packard
2009-04-07 19:16 . 2009-04-07 19:16 ——– d—–w c:\program files\Common Files\Hewlett-Packard
2009-04-07 14:35 . 2009-04-07 14:35 ——– d—–w c:\program files\CCleaner
2009-04-07 14:09 . 2009-04-07 14:09 ——– d—–w c:\program files\Windows Media Connect 2
2009-04-06 19:50 . 2009-04-02 18:49 76487 —-a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-06 18:57 . 2009-04-06 18:57 ——– d—–w c:\program files\USB Wireless Keyboard Driver
2009-04-06 18:37 . 2009-04-06 18:37 ——– d—–w c:\program files\Intel
2009-04-06 18:36 . 2009-04-06 18:32 ——– d—–w c:\program files\Common Files\InstallShield
2009-04-06 18:32 . 2009-04-06 18:32 19915 —-a-w c:\windows\system32\drivers\AegisP.sys
2009-04-06 18:32 . 2009-04-06 18:32 ——– d—–w c:\program files\RALINK
2009-04-02 19:03 . 2009-04-02 19:03 ——– d—–w c:\program files\DIFX
2009-04-02 18:50 . 2009-04-02 18:50 ——– d—–w c:\program files\microsoft frontpage
2009-04-02 18:49 . 2006-03-02 12:00 67 –sha-w c:\windows\Fonts\desktop.ini
2009-04-02 18:47 . 2009-04-02 18:47 21748 —-a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:23 . 2006-03-02 12:00 285696 —-a-w c:\windows\system32\pdh.dll
2009-03-03 00:16 . 2006-03-02 12:00 826368 —-a-w c:\windows\system32\wininet.dll
2009-02-20 17:18 . 2006-03-02 12:00 78336 —-a-w c:\windows\system32\ieencode.dll
2009-02-09 14:08 . 2006-03-02 12:00 1846912 —-a-w c:\windows\system32\win32k.sys
2009-02-09 11:27 . 2004-08-04 00:58 2028544 —-a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:27 . 2006-03-02 12:00 2149888 —-a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:27 . 2006-03-02 12:00 111104 —-a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2006-03-02 12:00 734208 —-a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2006-03-02 12:00 684544 —-a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2006-03-02 12:00 401408 —-a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2006-03-02 12:00 735744 —-a-w c:\windows\system32\ntdll.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-07_11.45.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-08 15:06 . 2009-05-08 15:06 16384 c:\windows\Temp\Perflib_Perfdata_5a8.dat
+ 2009-05-08 15:07 . 2009-05-08 15:07 16384 c:\windows\Temp\Perflib_Perfdata_404.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC5B46EA-1E25-406A-A1BA-BE02C23F7A24}]
2006-03-02 12:00 104448 —-a-w c:\windows\system32\uhqwtfd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-17 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Ralink Wireless Utility.lnk - c:\program files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2009-4-6 638976]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 10:05 356352 —-a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bcxznbcm]
2006-03-02 12:00 104448 —-a-w c:\windows\system32\uhqwtfd.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave3"= serwvdrv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 ydiclngv;ydiclngv;c:\windows\system32\drivers\ydiclngv.sys [2-3-2006 14:00 23424]
R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5-5-2009 22:18 114768]
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28-4-2009 11:33 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28-4-2009 11:33 72944]
R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5-5-2009 22:18 20560]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [6-4-2009 21:07 945152]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [3-5-2009 15:50 19928]
S0 a58529384ac9181cc1c65f199253dd2d;a58529384ac9181cc1c65f199253dd2d;c:\windows\system32\a58529384ac9181cc1c65f199253dd2d.sys –> c:\windows\system32\a58529384ac9181cc1c65f199253dd2d.sys [?]
S1 3ddc35a4;3ddc35a4;c:\windows\system32\drivers\3ddc35a4.sys –> c:\windows\system32\drivers\3ddc35a4.sys [?]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [6-4-2009 20:36 17408]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [12-5-2005 14:39 1287296]
S3 RTL8187B;Wireless Network USB Adapter 54g WL-168v1.004;c:\windows\system32\drivers\RTL8187B.sys [2-4-2009 21:03 264576]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28-4-2009 11:33 7408]
S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [6-4-2009 20:57 11672]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mctlrhke
Gyxru
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 17:07
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(2660)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
———————— Andere Aktieve Processen ————————
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\scardsvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Voltooingstijd: 2009-05-08 17:10 - machine werd herstart
ComboFix-quarantined-files.txt 2009-05-08 15:09
ComboFix2.txt 2009-05-08 10:31
ComboFix3.txt 2009-05-07 11:46
Pre-Run: 228.236.623.872 bytes beschikbaar
Post-Run: 228.249.985.024 bytes beschikbaar
270 — E O F — 2009-04-29 08:57 - Mag ik een HJT logje ter controle.
- Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:47, on 11-5-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: (no name) - {BC5B46EA-1E25-406A-A1BA-BE02C23F7A24} - c:\windows\system32\uhqwtfd.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1004336348-682003330-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Hugo')
O4 - HKUS\S-1-5-21-1004336348-682003330-839522115-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Hugo')
O4 - HKUS\S-1-5-21-1004336348-682003330-839522115-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Hugo')
O4 - HKUS\S-1-5-21-1004336348-682003330-839522115-1005\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'Hugo')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {56762dec-6b0d-4ab4-a8ad-989993b5d08b} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240038780765&h=2ad99dafb20d0d3e2748dc3628c7d07f/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: bcxznbcm - C:\WINDOWS\SYSTEM32\uhqwtfd.dll
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service (flexnet licensing service) - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
–
End of file - 7604 bytes - Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:c17bf49f05]
O2 - BHO: (no name) - {BC5B46EA-1E25-406A-A1BA-BE02C23F7A24} - c:\windows\system32\uhqwtfd.dll
O20 - Winlogon Notify: bcxznbcm - C:\WINDOWS\SYSTEM32\uhqwtfd.dll
[/b:c17bf49f05]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Download [b:c17bf49f05] en sla het op je bureaublad op.
Dubbelklik op [b:c17bf49f05]mbam-setup.exe[/b:c17bf49f05] om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:[list:c17bf49f05]
[*:c17bf49f05]Update MalwareBytes' Anti-Malware
[*:c17bf49f05]Start MalwareBytes' Anti-Malware
[/list:u:c17bf49f05]Klik daarna op "[b:c17bf49f05]Voltooien[/b:c17bf49f05]".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:c17bf49f05]
[*:c17bf49f05]Zodra het programma gestart is, ga dan naar het tabblad "[b:c17bf49f05]Instellingen[/b:c17bf49f05]".
[*:c17bf49f05]Vink hier aan: "[b:c17bf49f05]Sluit Internet Explorer tijdens verwijdering van malware[/b:c17bf49f05]".
[*:c17bf49f05]Ga daarna naar het tabblad "[b:c17bf49f05]Scanner[/b:c17bf49f05]", kies hier voor "[b:c17bf49f05]Snelle Scan[/b:c17bf49f05]".
[*:c17bf49f05]Druk vervolgens op "[b:c17bf49f05]Scannen[/b:c17bf49f05]" om de scan te starten.
[*:c17bf49f05]Het scannen kan een tijdje duren, dus wees geduldig.
[*:c17bf49f05]Wanneer de scan voltooid is, klik op [b:c17bf49f05]OK[/b:c17bf49f05], daarna "[b:c17bf49f05]Bekijk Resultaten[/b:c17bf49f05]" om de resultaten te zien.
[*:c17bf49f05]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:c17bf49f05]Verwijder geselecteerde[/b:c17bf49f05]".
[*:c17bf49f05]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
[/list:u:c17bf49f05]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:c17bf49f05]Logs[/b:c17bf49f05]" tab te klikken in het programma.
Plaats dit logje samen met een nieuw logje van HijackThis. - hij doet het weer helemaal moet ik alsnog een logje plaatsen?
- aub
- dankjewel voor je hulp (Y)
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
Gerelateerde vragen
- URL zonder extensie wil niet helemaal lukken
- https verbinding met ssl in owncloud
- afspelen met audacity werkt niet goed
- Computer!Totaal-forum maakt plaats voor v&a-module
- computer start soms niet op
- Pro show gold 4 overgangen tussen tekstdia's
- wie kan mij meer vertellen over een Gigabyte GA-B85M-HD3
- Windows Tijdelijke bestanden