Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Trojan-vundo

None
15 antwoorden
  • ik heb een virus op m'n pc er is al een groot gedeelte af maar internet heeft de zogenoemde "dnserror" ik heb al een aantal programma laten draaien mbam,avast,spybot maar internet doet het nog niet.

    HijackThis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:44:15, on 6-5-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl&source=iglk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: (no name) - {BC5B46EA-1E25-406A-A1BA-BE02C23F7A24} - c:\windows\system32\uhqwtfd.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    O16 - DPF: {56762dec-6b0d-4ab4-a8ad-989993b5d08b} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240038780765&h=2ad99dafb20d0d3e2748dc3628c7d07f/&filename=jinstall-6u13-windows-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: bcxznbcm - C:\WINDOWS\SYSTEM32\uhqwtfd.dll
    O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Intelligente achtergrondsoverdrachtservice (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: FLEXnet Licensing Service (flexnet licensing service) - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Automatische updates (wuauserv) - Unknown owner - C:\WINDOWS\


    End of file - 7346 bytes




    Dit heeft mbam gedaan

    Malwarebytes' Anti-Malware 1.36
    Database versie: 2079
    Windows 5.1.2600 Service Pack 3

    6-5-2009 14:32:41
    mbam-log-2009-05-06 (14-32-41).txt

    Scan type: Snelle Scan
    Objecten gescand: 106653
    Verstreken tijd: 9 minute(s), 49 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 3
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 1

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc5b46ea-1e25-406a-a1ba-be02c23f7a24} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bcxznbcm (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{bc5b46ea-1e25-406a-a1ba-be02c23f7a24} (Trojan.Vundo.H) -> Delete on reboot.

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    c:\WINDOWS\system32\uhqwtfd.dll (Trojan.Vundo.H) -> Delete on reboot.

  • Update de mbam scanner en doe een uitgebreide scan en verwijder alles wat het vind en start opnieuw op.

    Plaats een nieuw HJT Logje
  • Dat eerste log file was van mij daar doet het internet het wel en die van mijn ma niet en dit is de log van mijn ma sorry voor de fout


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:38:27, on 6-5-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: (no name) - {BC5B46EA-1E25-406A-A1BA-BE02C23F7A24} - c:\windows\system32\uhqwtfd.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    O16 - DPF: {56762dec-6b0d-4ab4-a8ad-989993b5d08b} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240038780765&h=2ad99dafb20d0d3e2748dc3628c7d07f/&filename=jinstall-6u13-windows-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: bcxznbcm - C:\WINDOWS\SYSTEM32\uhqwtfd.dll
    O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Intelligente achtergrondsoverdrachtservice (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: FLEXnet Licensing Service (flexnet licensing service) - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Automatische updates (wuauserv) - Unknown owner - C:\WINDOWS\


    End of file - 7638 bytes

  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:8159ed6c96]
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    O2 - BHO: (no name) - {BC5B46EA-1E25-406A-A1BA-BE02C23F7A24} - c:\windows\system32\uhqwtfd.dll
    O20 - Winlogon Notify: bcxznbcm - C:\WINDOWS\SYSTEM32\uhqwtfd.dll
    [/b:8159ed6c96]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Download [b:8159ed6c96] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:8159ed6c96]
  • ComboFix 09-05-06.08 - Rita 07-05-2009 13:43.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.678 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Hugo\Mijn documenten\Downloads\ComboFix.exe
    AV: avast! antivirus 4.8.1335 [VPS 090506-0] *On-access scanning disabled* (Updated)
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-04-07 to 2009-05-07 ))))))))))))))))))))))))))))))
    .

    2009-05-06 12:43 . 2009-05-06 12:43 ——– d—–w c:\program files\Trend Micro
    2009-05-06 09:14 . 2009-05-06 09:14 ——– d—–w c:\documents and settings\Anne\Application Data\SUPERAntiSpyware.com
    2009-05-06 09:04 . 2009-05-06 09:04 ——– d—–w c:\documents and settings\Rita\Application Data\SUPERAntiSpyware.com
    2009-05-06 08:57 . 2009-05-06 08:57 ——– d—–w c:\documents and settings\Naut\Application Data\SUPERAntiSpyware.com
    2009-05-06 08:54 . 2009-05-06 08:54 ——– d—–w c:\documents and settings\Ilja\Application Data\SUPERAntiSpyware.com
    2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\program files\SUPERAntiSpyware
    2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\documents and settings\Hugo\Application Data\SUPERAntiSpyware.com
    2009-05-06 08:39 . 2009-05-06 08:39 ——– d—–w c:\program files\Common Files\Wise Installation Wizard
    2009-05-06 08:16 . 2009-05-06 08:16 ——– d—–w c:\documents and settings\Anne\Local Settings\Application Data\Chromium
    2009-05-06 08:15 . 2009-05-06 08:15 ——– d—–w c:\documents and settings\Anne\Application Data\Malwarebytes
    2009-05-06 08:14 . 2009-05-06 08:14 ——– d—–w c:\documents and settings\Naut\Application Data\Malwarebytes
    2009-05-06 08:13 . 2009-05-06 08:13 23392 —-a-w c:\documents and settings\Naut\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-06 08:12 . 2009-05-06 08:12 ——– d—–w c:\documents and settings\Ilja\Application Data\Malwarebytes
    2009-05-06 07:37 . 2009-05-07 11:41 ——– d–h–r c:\documents and settings\Rita\Onlangs geopend
    2009-05-05 20:41 . 2009-05-07 11:35 ——– d–h–r c:\documents and settings\Hugo\Onlangs geopend
    2009-05-05 20:22 . 2009-05-05 20:25 ——– d—–w c:\program files\EsetOnlineScanner
    2009-05-05 20:17 . 2009-05-05 20:17 ——– d—–w c:\program files\Alwil Software
    2009-05-05 20:11 . 2009-04-06 13:32 15504 —-a-w c:\windows\system32\drivers\mbam.sys
    2009-05-05 20:11 . 2009-04-06 13:32 38496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-05 12:35 . 2009-05-05 19:52 ——– d—–w c:\program files\WhatsRunning
    2009-05-04 17:01 . 2009-05-04 17:01 ——– d—–w c:\documents and settings\Rita\Application Data\Malwarebytes
    2009-05-04 16:19 . 2009-05-04 16:19 8 —-a-w c:\windows\system32
    vModes.dat
    2009-05-04 16:14 . 2009-05-04 16:14 ——– d—–w c:\documents and settings\All Users\Application Data\NVIDIA
    2009-05-04 15:53 . 2009-05-05 20:11 ——– d—–w c:\program files\Malwarebytes' Anti-Malware
    2009-05-03 13:50 . 2002-04-24 10:07 19928 —-a-w c:\windows\system32\drivers\wbscr.sys
    2009-05-03 13:39 . 2009-05-03 13:39 ——– d—–w c:\documents and settings\All Users\Application Data\ESET
    2009-05-03 11:31 . 2009-05-03 11:31 ——– d—–w c:\documents and settings\Hugo\Application Data\itnxuwmt
    2009-05-03 11:31 . 2009-05-03 11:31 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\itnxuwmt
    2009-05-03 11:24 . 2009-05-03 11:24 ——– d—–w c:\documents and settings\NetworkService\Application Data\itnxuwmt
    2009-05-03 11:24 . 2009-05-03 11:24 ——– d—–w c:\documents and settings\NetworkService\Local Settings\Application Data\itnxuwmt
    2009-05-03 11:14 . 2009-05-03 11:14 ——– d—–w c:\documents and settings\Hugo\Application Data\Malwarebytes
    2009-05-03 11:14 . 2009-05-03 11:14 ——– d—–w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-03 11:03 . 2009-05-05 20:42 ——– d—–w c:\documents and settings\Hugo\.housecall6.6
    2009-05-03 10:16 . 2009-04-02 20:20 ——– d–h–w c:\documents and settings\Administrator\Netwerkprinteromgeving
    2009-05-03 10:16 . 2009-04-02 20:20 ——– d–h–w c:\documents and settings\Administrator\Onlangs geopend
    2009-05-03 10:16 . 2009-04-02 18:46 ——– d–h–w c:\documents and settings\Administrator\Sjablonen
    2009-05-03 10:16 . 2009-05-05 19:55 ——– d—–w c:\documents and settings\Administrator
    2009-05-01 17:56 . 2008-04-14 17:02 221184 —-a-w c:\windows\system32\wmpns.dll
    2009-05-01 16:25 . 2009-05-01 16:25 ——– d—–w c:\documents and settings\Hugo\Application Data\TeamViewer
    2009-05-01 16:25 . 2009-05-01 16:25 ——– d—–w c:\documents and settings\Hugo\temp
    2009-05-01 09:04 . 2009-05-01 09:04 ——– d—–w c:\documents and settings\Rita\Application Data\itnxuwmt
    2009-05-01 09:04 . 2009-05-01 09:04 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\itnxuwmt
    2009-04-29 18:28 . 2009-04-29 18:28 ——– d—–w c:\documents and settings\All Users\Application Data\FLEXnet
    2009-04-29 18:03 . 2009-04-29 18:03 ——– d—–w c:\program files\Common Files\Macrovision Shared
    2009-04-28 18:51 . 2009-04-28 18:51 ——– d—–w c:\documents and settings\Hugo\Application Data\Download Manager
    2009-04-27 11:23 . 2009-04-29 18:06 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\Adobe
    2009-04-26 19:21 . 2009-04-26 19:21 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Chromium
    2009-04-26 11:52 . 2009-04-26 11:52 ——– d—–w c:\documents and settings\Hugo\Application Data\ZipGenius
    2009-04-26 11:51 . 2009-04-26 11:51 ——– d—–w c:\program files\ZipGenius 6
    2009-04-26 11:28 . 2009-04-26 11:28 ——– d—–w c:\documents and settings\Naut\Local Settings\Application Data\Chromium
    2009-04-25 07:50 . 2009-05-04 08:48 23392 —-a-w c:\documents and settings\Rita\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-23 18:46 . 2009-04-23 18:46 ——– d—–w c:\program files\PC Inspector File Recovery
    2009-04-23 18:34 . 2009-04-23 18:34 ——– d—–w c:\program files\Recuva
    2009-04-21 19:52 . 2009-04-21 19:52 ——– d—–w c:\documents and settings\Hugo\Application Data\Convivea
    2009-04-21 19:52 . 2009-04-21 19:53 ——– d—–w c:\program files\Bit Che
    2009-04-21 19:50 . 2009-04-28 13:49 ——– d—–w c:\program files\BitLord
    2009-04-21 19:20 . 2009-04-21 19:20 ——– d—–w c:\documents and settings\Anne\Local Settings\Application Data\Google
    2009-04-19 18:56 . 2009-04-19 18:56 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Chromium
    2009-04-19 11:19 . 2009-04-19 11:19 ——– d—–w c:\documents and settings\Rita\Application Data\OpenOffice.org
    2009-04-19 10:56 . 2009-04-19 18:54 ——– d—–w c:\documents and settings\Rita\Tracing
    2009-04-18 17:01 . 2009-04-22 15:43 ——– d—–w c:\windows\system32\Adobe
    2009-04-18 16:13 . 2009-04-23 18:35 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\Google
    2009-04-18 07:13 . 2009-04-18 07:13 ——– d—–w c:\windows\Sun
    2009-04-18 07:13 . 2009-04-18 07:13 410984 —-a-w c:\windows\system32\deploytk.dll
    2009-04-18 07:13 . 2009-04-18 07:13 ——– d—–w c:\program files\Java
    2009-04-18 06:43 . 2009-04-18 06:43 ——– d—–w c:\documents and settings\Naut\Local Settings\Application Data\Google
    2009-04-17 15:18 . 2009-05-07 09:00 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Adobe
    2009-04-17 15:08 . 2009-04-17 15:08 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Google
    2009-04-17 11:15 . 2009-04-25 07:45 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Google
    2009-04-17 11:09 . 2009-04-29 18:11 ——– d—–w c:\program files\Common Files\Adobe
    2009-04-17 11:06 . 2009-04-17 11:22 ——– d—–w c:\program files\Google
    2009-04-17 11:06 . 2009-04-17 11:22 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Adobe
    2009-04-17 11:05 . 2009-04-17 11:43 ——– d—–w c:\documents and settings\All Users\Application Data\NOS
    2009-04-17 11:05 . 2009-04-17 11:43 ——– d—–w c:\program files\NOS
    2009-04-17 10:25 . 2009-02-06 10:10 227840 -c—-w c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-17 10:25 . 2009-03-06 14:23 285696 -c—-w c:\windows\system32\dllcache\pdh.dll
    2009-04-17 10:25 . 2009-02-09 11:27 111104 -c—-w c:\windows\system32\dllcache\services.exe
    2009-04-17 10:25 . 2009-02-09 10:56 401408 -c—-w c:\windows\system32\dllcache\rpcss.dll
    2009-04-17 10:25 . 2009-02-09 10:56 473600 -c—-w c:\windows\system32\dllcache\fastprox.dll
    2009-04-17 10:25 . 2009-02-09 10:56 684544 -c—-w c:\windows\system32\dllcache\advapi32.dll
    2009-04-17 10:25 . 2009-02-09 10:56 734208 -c—-w c:\windows\system32\dllcache\lsasrv.dll
    2009-04-17 10:25 . 2009-02-09 10:56 453120 -c—-w c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-17 10:25 . 2009-02-09 10:56 735744 -c—-w c:\windows\system32\dllcache
    tdll.dll
    2009-04-17 10:24 . 2008-04-21 21:16 218624 -c—-w c:\windows\system32\dllcache\wordpad.exe
    2009-04-17 10:23 . 2008-10-16 12:06 208744 —-a-w c:\windows\system32\muweb.dll
    2009-04-17 10:23 . 2008-10-16 12:06 268648 —-a-w c:\windows\system32\mucltui.dll
    2009-04-16 19:35 . 2009-05-06 08:12 ——– d—–w c:\documents and settings\Ilja\Tracing
    2009-04-16 15:43 . 2009-05-07 11:20 ——– d—–w c:\documents and settings\Hugo\Tracing
    2009-04-16 15:43 . 2009-04-16 15:43 ——– d—–w c:\program files\Microsoft
    2009-04-16 15:43 . 2009-04-16 15:43 ——– d—–w c:\program files\Windows Live SkyDrive
    2009-04-16 15:42 . 2009-04-16 15:43 ——– d—–w c:\program files\Windows Live
    2009-04-16 15:37 . 2009-04-16 15:37 ——– d—–w c:\program files\Common Files\Windows Live
    2009-04-11 07:07 . 2009-04-11 07:07 ——– d—–w c:\program files\Codemasters
    2009-04-08 14:56 . 2009-04-08 14:56 ——– d—–w c:\documents and settings\Ilja\Application Data\HP
    2009-04-08 14:08 . 2009-04-08 14:08 ——– d—–w C:\ts_tmp
    2009-04-08 13:08 . 2009-04-08 13:08 ——– d—–w c:\documents and settings\Naut\Application Data\HP
    2009-04-08 12:40 . 2009-04-08 12:40 ——– d—–w c:\documents and settings\Anne\Application Data\HP
    2009-04-08 09:48 . 2009-04-08 09:48 ——– d—–w c:\program files\MSXML 4.0
    2009-04-08 06:40 . 2009-04-08 06:40 ——– d—–w c:\documents and settings\Rita\Application Data\HP
    2009-04-07 19:25 . 2009-05-03 14:23 ——– d—–w c:\documents and settings\Hugo\Application Data\HP
    2009-04-07 19:19 . 2009-04-07 19:19 ——– d—–w c:\documents and settings\LocalService\Application Data\HP
    2009-04-07 19:19 . 2009-04-07 19:19 ——– d—–w c:\documents and settings\All Users\Application Data\HP
    2009-04-07 19:18 . 2009-04-07 19:19 ——– d—–w c:\program files\Common Files\HP
    2009-04-07 19:17 . 2009-04-07 19:17 ——– d—–w c:\program files\Hewlett-Packard
    2009-04-07 19:16 . 2009-04-07 19:16 ——– d—–w c:\program files\Common Files\Hewlett-Packard
    2009-04-07 19:16 . 2008-04-13 18:45 15104 -c–a-w c:\windows\system32\dllcache\usbscan.sys
    2009-04-07 19:16 . 2008-04-13 18:45 15104 —-a-w c:\windows\system32\drivers\usbscan.sys
    2009-04-07 19:15 . 2006-03-03 19:02 94208 —-a-w c:\windows\system32\HPZipt12.dll
    2009-04-07 19:15 . 2006-03-03 19:02 57344 —-a-w c:\windows\system32\HPZisn12.dll
    2009-04-07 19:15 . 2006-03-03 19:02 204800 —-a-w c:\windows\system32\HPZipr12.dll
    2009-04-07 19:15 . 2006-03-03 19:03 65536 —-a-w c:\windows\system32\HPZinw12.exe
    2009-04-07 19:15 . 2006-03-03 19:03 69632 —-a-w c:\windows\system32\HPZipm12.exe
    2009-04-07 19:15 . 2006-03-03 19:03 282680 —-a-w c:\windows\system32\HPZidr12.dll
    2009-04-07 19:15 . 1998-10-29 14:45 306688 —-a-w c:\windows\IsUninst.exe
    2009-04-07 19:14 . 2009-04-07 19:19 ——– d—–w c:\program files\HP
    2009-04-07 19:14 . 2006-04-13 01:04 16496 —-a-r c:\windows\system32\drivers\HPZipr12.sys
    2009-04-07 19:14 . 2006-04-13 01:04 49664 —-a-r c:\windows\system32\drivers\HPZid412.sys
    2009-04-07 19:13 . 2009-04-07 19:20 123206 —-a-w c:\windows\hpoins11.dat
    2009-04-07 19:13 . 2006-01-04 08:12 77824 —-a-r c:\windows\system32\HPZIDS01.dll
    2009-04-07 19:13 . 2006-04-10 12:03 38400 —-a-w c:\windows\system32\hpz3l054.dll
    2009-04-07 19:13 . 2006-04-13 01:04 282624 —-a-r c:\windows\system32\HPZc3212.dll
    2009-04-07 19:13 . 2006-04-13 01:04 21568 —-a-r c:\windows\system32\drivers\HPZius12.sys
    2009-04-07 16:25 . 2008-04-13 18:47 25856 -c–a-w c:\windows\system32\dllcache\usbprint.sys
    2009-04-07 16:25 . 2008-04-13 18:47 25856 —-a-w c:\windows\system32\drivers\usbprint.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-03 13:50 . 2009-04-06 18:32 ——– d–h–w c:\program files\InstallShield Installation Information
    2009-04-30 08:29 . 2009-04-06 18:36 17408 —-a-w c:\windows\system32\drivers\USBCRFT.SYS
    2009-04-28 17:45 . 2006-03-02 12:00 77628 —-a-w c:\windows\system32\perfc013.dat
    2009-04-28 17:45 . 2006-03-02 12:00 458570 —-a-w c:\windows\system32\perfh013.dat
    2009-04-06 19:50 . 2009-04-02 18:49 76487 —-a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-04-06 18:57 . 2009-04-06 18:57 ——– d—–w c:\program files\USB Wireless Keyboard Driver
    2009-04-06 18:37 . 2009-04-06 18:37 ——– d—–w c:\program files\Intel
    2009-04-06 18:36 . 2009-04-06 18:32 ——– d—–w c:\program files\Common Files\InstallShield
    2009-04-06 18:32 . 2009-04-06 18:32 19915 —-a-w c:\windows\system32\drivers\AegisP.sys
    2009-04-06 18:32 . 2009-04-06 18:32 ——– d—–w c:\program files\RALINK
    2009-04-02 19:03 . 2009-04-02 19:03 ——– d—–w c:\program files\DIFX
    2009-04-02 18:50 . 2009-04-02 18:50 ——– d—–w c:\program files\microsoft frontpage
    2009-04-02 18:49 . 2006-03-02 12:00 67 –sha-w c:\windows\Fonts\desktop.ini
    2009-04-02 18:47 . 2009-04-02 18:47 21748 —-a-w c:\windows\system32\emptyregdb.dat
    2009-03-06 14:23 . 2006-03-02 12:00 285696 —-a-w c:\windows\system32\pdh.dll
    2009-03-03 00:16 . 2006-03-02 12:00 826368 —-a-w c:\windows\system32\wininet.dll
    2009-02-20 17:18 . 2006-03-02 12:00 78336 —-a-w c:\windows\system32\ieencode.dll
    2009-02-09 14:08 . 2006-03-02 12:00 1846912 —-a-w c:\windows\system32\win32k.sys
    2009-02-09 11:27 . 2004-08-04 00:58 2028544 —-a-w c:\windows\system32
    tkrnlpa.exe
    2009-02-09 11:27 . 2006-03-02 12:00 2149888 —-a-w c:\windows\system32
    toskrnl.exe
    2009-02-09 11:27 . 2006-03-02 12:00 111104 —-a-w c:\windows\system32\services.exe
    2009-02-09 10:56 . 2006-03-02 12:00 734208 —-a-w c:\windows\system32\lsasrv.dll
    2009-02-09 10:56 . 2006-03-02 12:00 684544 —-a-w c:\windows\system32\advapi32.dll
    2009-02-09 10:56 . 2006-03-02 12:00 401408 —-a-w c:\windows\system32\rpcss.dll
    2009-02-09 10:56 . 2006-03-02 12:00 735744 —-a-w c:\windows\system32
    tdll.dll
    2009-02-06 16:52 . 2009-02-06 16:52 49504 —-a-w c:\windows\system32\sirenacm.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC5B46EA-1E25-406A-A1BA-BE02C23F7A24}]
    2006-03-02 12:00 104448 —-a-w c:\windows\system32\uhqwtfd.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-17 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    Ralink Wireless Utility.lnk - c:\program files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2009-4-6 638976]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!saswinlogon]
    2008-12-22 10:05 356352 —-a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\bcxznbcm]
    2006-03-02 12:00 104448 —-a-w c:\windows\system32\uhqwtfd.dll

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    "wave3"= serwvdrv.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\dxdiag.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\BitLord\\BitLord.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\WINDOWS\\system32\\wscntfy.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R0 ydiclngv;ydiclngv;c:\windows\system32\drivers\ydiclngv.sys [2-3-2006 14:00 23424]
    R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5-5-2009 22:18 114768]
    R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28-4-2009 11:33 9968]
    R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28-4-2009 11:33 72944]
    R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5-5-2009 22:18 20560]
    R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [6-4-2009 21:07 945152]
    R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28-4-2009 11:33 7408]
    R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [3-5-2009 15:50 19928]
    S0 a58529384ac9181cc1c65f199253dd2d;a58529384ac9181cc1c65f199253dd2d;c:\windows\system32\a58529384ac9181cc1c65f199253dd2d.sys –> c:\windows\system32\a58529384ac9181cc1c65f199253dd2d.sys [?]
    S0 rseb;rseb; [x]
    S1 3ddc35a4;3ddc35a4;c:\windows\system32\drivers\3ddc35a4.sys –> c:\windows\system32\drivers\3ddc35a4.sys [?]
    S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [6-4-2009 20:36 17408]
    S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [12-5-2005 14:39 1287296]
    S3 RTL8187B;Wireless Network USB Adapter 54g WL-168v1.004;c:\windows\system32\drivers\RTL8187B.sys [2-4-2009 21:03 264576]
    S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [6-4-2009 20:57 11672]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    mctlrhke
    Gyxru
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-07 13:45
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(712)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll

    - - - - - - - > 'explorer.exe'(2244)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Voltooingstijd: 2009-05-07 13:46
    ComboFix-quarantined-files.txt 2009-05-07 11:46

    Pre-Run: 226.643.566.592 bytes beschikbaar
    Post-Run: 228.061.667.328 bytes beschikbaar

    267 — E O F — 2009-04-29 08:57






  • Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
    [b:8a05597273]
  • ComboFix 09-05-07.08 - Rita 08-05-2009 12:12.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.569 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Rita\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Rita\Bureaublad\cfscript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090507-0] *On-access scanning disabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    c:\windows\system32\uhqwtfd.dll
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\uhqwtfd.dll . . . . konden niet verwijderd worden

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Service_rseb


    (((((((((((((((((((( Bestanden Gemaakt van 2009-04-08 to 2009-05-08 ))))))))))))))))))))))))))))))
    .

    2009-05-06 12:43 . 2009-05-06 12:43 ——– d—–w c:\program files\Trend Micro
    2009-05-06 09:14 . 2009-05-06 09:14 ——– d—–w c:\documents and settings\Anne\Application Data\SUPERAntiSpyware.com
    2009-05-06 09:04 . 2009-05-06 09:04 ——– d—–w c:\documents and settings\Rita\Application Data\SUPERAntiSpyware.com
    2009-05-06 08:57 . 2009-05-06 08:57 ——– d—–w c:\documents and settings\Naut\Application Data\SUPERAntiSpyware.com
    2009-05-06 08:54 . 2009-05-06 08:54 ——– d—–w c:\documents and settings\Ilja\Application Data\SUPERAntiSpyware.com
    2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\program files\SUPERAntiSpyware
    2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\documents and settings\Hugo\Application Data\SUPERAntiSpyware.com
    2009-05-06 08:39 . 2009-05-06 08:39 ——– d—–w c:\program files\Common Files\Wise Installation Wizard
    2009-05-06 08:16 . 2009-05-06 08:16 ——– d—–w c:\documents and settings\Anne\Local Settings\Application Data\Chromium
    2009-05-06 08:15 . 2009-05-06 08:15 ——– d—–w c:\documents and settings\Anne\Application Data\Malwarebytes
    2009-05-06 08:14 . 2009-05-06 08:14 ——– d—–w c:\documents and settings\Naut\Application Data\Malwarebytes
    2009-05-06 08:13 . 2009-05-06 08:13 23392 —-a-w c:\documents and settings\Naut\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-06 08:12 . 2009-05-06 08:12 ——– d—–w c:\documents and settings\Ilja\Application Data\Malwarebytes
    2009-05-06 07:37 . 2009-05-08 10:07 ——– d–h–r c:\documents and settings\Rita\Onlangs geopend
    2009-05-05 20:41 . 2009-05-07 15:10 ——– d–h–r c:\documents and settings\Hugo\Onlangs geopend
    2009-05-05 20:22 . 2009-05-05 20:25 ——– d—–w c:\program files\EsetOnlineScanner
    2009-05-05 20:17 . 2009-05-05 20:17 ——– d—–w c:\program files\Alwil Software
    2009-05-05 20:11 . 2009-04-06 13:32 15504 —-a-w c:\windows\system32\drivers\mbam.sys
    2009-05-05 20:11 . 2009-04-06 13:32 38496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-05 12:35 . 2009-05-05 19:52 ——– d—–w c:\program files\WhatsRunning
    2009-05-04 17:01 . 2009-05-04 17:01 ——– d—–w c:\documents and settings\Rita\Application Data\Malwarebytes
    2009-05-04 16:19 . 2009-05-04 16:19 8 —-a-w c:\windows\system32
    vModes.dat
    2009-05-04 16:14 . 2009-05-04 16:14 ——– d—–w c:\documents and settings\All Users\Application Data\NVIDIA
    2009-05-04 15:53 . 2009-05-05 20:11 ——– d—–w c:\program files\Malwarebytes' Anti-Malware
    2009-05-03 13:50 . 2002-04-24 10:07 19928 —-a-w c:\windows\system32\drivers\wbscr.sys
    2009-05-03 13:39 . 2009-05-03 13:39 ——– d—–w c:\documents and settings\All Users\Application Data\ESET
    2009-05-03 11:31 . 2009-05-03 11:31 ——– d—–w c:\documents and settings\Hugo\Application Data\itnxuwmt
    2009-05-03 11:31 . 2009-05-03 11:31 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\itnxuwmt
    2009-05-03 11:24 . 2009-05-03 11:24 ——– d—–w c:\documents and settings\NetworkService\Application Data\itnxuwmt
    2009-05-03 11:24 . 2009-05-03 11:24 ——– d—–w c:\documents and settings\NetworkService\Local Settings\Application Data\itnxuwmt
    2009-05-03 11:14 . 2009-05-03 11:14 ——– d—–w c:\documents and settings\Hugo\Application Data\Malwarebytes
    2009-05-03 11:14 . 2009-05-03 11:14 ——– d—–w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-03 11:03 . 2009-05-05 20:42 ——– d—–w c:\documents and settings\Hugo\.housecall6.6
    2009-05-03 10:16 . 2009-04-02 20:20 ——– d–h–w c:\documents and settings\Administrator\Netwerkprinteromgeving
    2009-05-03 10:16 . 2009-04-02 20:20 ——– d–h–w c:\documents and settings\Administrator\Onlangs geopend
    2009-05-03 10:16 . 2009-04-02 18:46 ——– d–h–w c:\documents and settings\Administrator\Sjablonen
    2009-05-03 10:16 . 2009-05-05 19:55 ——– d—–w c:\documents and settings\Administrator
    2009-05-01 17:56 . 2008-04-14 17:02 221184 —-a-w c:\windows\system32\wmpns.dll
    2009-05-01 16:25 . 2009-05-01 16:25 ——– d—–w c:\documents and settings\Hugo\Application Data\TeamViewer
    2009-05-01 16:25 . 2009-05-01 16:25 ——– d—–w c:\documents and settings\Hugo\temp
    2009-05-01 09:04 . 2009-05-01 09:04 ——– d—–w c:\documents and settings\Rita\Application Data\itnxuwmt
    2009-05-01 09:04 . 2009-05-01 09:04 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\itnxuwmt
    2009-04-29 18:28 . 2009-04-29 18:28 ——– d—–w c:\documents and settings\All Users\Application Data\FLEXnet
    2009-04-29 18:03 . 2009-04-29 18:03 ——– d—–w c:\program files\Common Files\Macrovision Shared
    2009-04-28 18:51 . 2009-04-28 18:51 ——– d—–w c:\documents and settings\Hugo\Application Data\Download Manager
    2009-04-27 11:23 . 2009-04-29 18:06 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\Adobe
    2009-04-26 19:21 . 2009-04-26 19:21 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Chromium
    2009-04-26 11:52 . 2009-04-26 11:52 ——– d—–w c:\documents and settings\Hugo\Application Data\ZipGenius
    2009-04-26 11:51 . 2009-04-26 11:51 ——– d—–w c:\program files\ZipGenius 6
    2009-04-26 11:28 . 2009-04-26 11:28 ——– d—–w c:\documents and settings\Naut\Local Settings\Application Data\Chromium
    2009-04-25 07:50 . 2009-05-04 08:48 23392 —-a-w c:\documents and settings\Rita\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-23 18:46 . 2009-04-23 18:46 ——– d—–w c:\program files\PC Inspector File Recovery
    2009-04-23 18:34 . 2009-04-23 18:34 ——– d—–w c:\program files\Recuva
    2009-04-21 19:52 . 2009-04-21 19:52 ——– d—–w c:\documents and settings\Hugo\Application Data\Convivea
    2009-04-21 19:52 . 2009-04-21 19:53 ——– d—–w c:\program files\Bit Che
    2009-04-21 19:50 . 2009-04-28 13:49 ——– d—–w c:\program files\BitLord
    2009-04-21 19:20 . 2009-04-21 19:20 ——– d—–w c:\documents and settings\Anne\Local Settings\Application Data\Google
    2009-04-19 18:56 . 2009-04-19 18:56 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Chromium
    2009-04-19 11:19 . 2009-04-19 11:19 ——– d—–w c:\documents and settings\Rita\Application Data\OpenOffice.org
    2009-04-19 10:56 . 2009-04-19 18:54 ——– d—–w c:\documents and settings\Rita\Tracing
    2009-04-18 17:01 . 2009-04-22 15:43 ——– d—–w c:\windows\system32\Adobe
    2009-04-18 16:13 . 2009-04-23 18:35 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\Google
    2009-04-18 07:13 . 2009-04-18 07:13 ——– d—–w c:\windows\Sun
    2009-04-18 07:13 . 2009-04-18 07:13 410984 —-a-w c:\windows\system32\deploytk.dll
    2009-04-18 07:13 . 2009-04-18 07:13 ——– d—–w c:\program files\Java
    2009-04-18 06:43 . 2009-04-18 06:43 ——– d—–w c:\documents and settings\Naut\Local Settings\Application Data\Google
    2009-04-17 15:18 . 2009-05-07 09:00 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Adobe
    2009-04-17 15:08 . 2009-04-17 15:08 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Google
    2009-04-17 11:15 . 2009-04-25 07:45 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Google
    2009-04-17 11:09 . 2009-04-29 18:11 ——– d—–w c:\program files\Common Files\Adobe
    2009-04-17 11:06 . 2009-04-17 11:22 ——– d—–w c:\program files\Google
    2009-04-17 11:06 . 2009-04-17 11:22 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Adobe
    2009-04-17 11:05 . 2009-04-17 11:43 ——– d—–w c:\documents and settings\All Users\Application Data\NOS
    2009-04-17 11:05 . 2009-04-17 11:43 ——– d—–w c:\program files\NOS
    2009-04-17 10:25 . 2009-02-06 10:10 227840 -c—-w c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-17 10:25 . 2009-03-06 14:23 285696 -c—-w c:\windows\system32\dllcache\pdh.dll
    2009-04-17 10:25 . 2009-02-09 11:27 111104 -c—-w c:\windows\system32\dllcache\services.exe
    2009-04-17 10:25 . 2009-02-09 10:56 401408 -c—-w c:\windows\system32\dllcache\rpcss.dll
    2009-04-17 10:25 . 2009-02-09 10:56 473600 -c—-w c:\windows\system32\dllcache\fastprox.dll
    2009-04-17 10:25 . 2009-02-09 10:56 684544 -c—-w c:\windows\system32\dllcache\advapi32.dll
    2009-04-17 10:25 . 2009-02-09 10:56 734208 -c—-w c:\windows\system32\dllcache\lsasrv.dll
    2009-04-17 10:25 . 2009-02-09 10:56 453120 -c—-w c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-17 10:25 . 2009-02-09 10:56 735744 -c—-w c:\windows\system32\dllcache
    tdll.dll
    2009-04-17 10:24 . 2008-04-21 21:16 218624 -c—-w c:\windows\system32\dllcache\wordpad.exe
    2009-04-17 10:23 . 2008-10-16 12:06 208744 —-a-w c:\windows\system32\muweb.dll
    2009-04-17 10:23 . 2008-10-16 12:06 268648 —-a-w c:\windows\system32\mucltui.dll
    2009-04-16 19:35 . 2009-05-06 08:12 ——– d—–w c:\documents and settings\Ilja\Tracing
    2009-04-16 15:43 . 2009-05-08 09:18 ——– d—–w c:\documents and settings\Hugo\Tracing
    2009-04-16 15:43 . 2009-04-16 15:43 ——– d—–w c:\program files\Microsoft
    2009-04-16 15:43 . 2009-04-16 15:43 ——– d—–w c:\program files\Windows Live SkyDrive
    2009-04-16 15:42 . 2009-04-16 15:43 ——– d—–w c:\program files\Windows Live
    2009-04-16 15:37 . 2009-04-16 15:37 ——– d—–w c:\program files\Common Files\Windows Live
    2009-04-11 07:07 . 2009-04-11 07:07 ——– d—–w c:\program files\Codemasters
    2009-04-08 14:56 . 2009-04-08 14:56 ——– d—–w c:\documents and settings\Ilja\Application Data\HP
    2009-04-08 14:08 . 2009-04-08 14:08 ——– d—–w C:\ts_tmp
    2009-04-08 13:08 . 2009-04-08 13:08 ——– d—–w c:\documents and settings\Naut\Application Data\HP
    2009-04-08 12:40 . 2009-04-08 12:40 ——– d—–w c:\documents and settings\Anne\Application Data\HP

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-06 14:04 . 2009-04-07 14:17 ——– d—–w c:\program files\SRWare Iron
    2009-05-04 18:59 . 2009-04-07 14:43 23392 —-a-w c:\documents and settings\Ilja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-03 13:50 . 2009-04-06 18:32 ——– d–h–w c:\program files\InstallShield Installation Information
    2009-05-03 10:39 . 2009-04-07 14:35 ——– d—–w c:\program files\Spybot - Search & Destroy
    2009-04-30 08:29 . 2009-04-06 18:36 17408 —-a-w c:\windows\system32\drivers\USBCRFT.SYS
    2009-04-29 18:28 . 2009-04-07 14:24 23392 —-a-w c:\documents and settings\Hugo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-28 17:45 . 2006-03-02 12:00 77628 —-a-w c:\windows\system32\perfc013.dat
    2009-04-28 17:45 . 2006-03-02 12:00 458570 —-a-w c:\windows\system32\perfh013.dat
    2009-04-08 09:48 . 2009-04-08 09:48 ——– d—–w c:\program files\MSXML 4.0
    2009-04-07 19:20 . 2009-04-07 19:13 123206 —-a-w c:\windows\hpoins11.dat
    2009-04-07 19:19 . 2009-04-07 19:18 ——– d—–w c:\program files\Common Files\HP
    2009-04-07 19:19 . 2009-04-07 19:14 ——– d—–w c:\program files\HP
    2009-04-07 19:17 . 2009-04-07 19:17 ——– d—–w c:\program files\Hewlett-Packard
    2009-04-07 19:16 . 2009-04-07 19:16 ——– d—–w c:\program files\Common Files\Hewlett-Packard
    2009-04-07 14:35 . 2009-04-07 14:35 ——– d—–w c:\program files\CCleaner
    2009-04-07 14:09 . 2009-04-07 14:09 ——– d—–w c:\program files\Windows Media Connect 2
    2009-04-06 19:50 . 2009-04-02 18:49 76487 —-a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-04-06 18:57 . 2009-04-06 18:57 ——– d—–w c:\program files\USB Wireless Keyboard Driver
    2009-04-06 18:37 . 2009-04-06 18:37 ——– d—–w c:\program files\Intel
    2009-04-06 18:36 . 2009-04-06 18:32 ——– d—–w c:\program files\Common Files\InstallShield
    2009-04-06 18:32 . 2009-04-06 18:32 19915 —-a-w c:\windows\system32\drivers\AegisP.sys
    2009-04-06 18:32 . 2009-04-06 18:32 ——– d—–w c:\program files\RALINK
    2009-04-02 19:03 . 2009-04-02 19:03 ——– d—–w c:\program files\DIFX
    2009-04-02 18:50 . 2009-04-02 18:50 ——– d—–w c:\program files\microsoft frontpage
    2009-04-02 18:49 . 2006-03-02 12:00 67 –sha-w c:\windows\Fonts\desktop.ini
    2009-04-02 18:47 . 2009-04-02 18:47 21748 —-a-w c:\windows\system32\emptyregdb.dat
    2009-03-06 14:23 . 2006-03-02 12:00 285696 —-a-w c:\windows\system32\pdh.dll
    2009-03-03 00:16 . 2006-03-02 12:00 826368 —-a-w c:\windows\system32\wininet.dll
    2009-02-20 17:18 . 2006-03-02 12:00 78336 —-a-w c:\windows\system32\ieencode.dll
    2009-02-09 14:08 . 2006-03-02 12:00 1846912 —-a-w c:\windows\system32\win32k.sys
    2009-02-09 11:27 . 2004-08-04 00:58 2028544 —-a-w c:\windows\system32
    tkrnlpa.exe
    2009-02-09 11:27 . 2006-03-02 12:00 2149888 —-a-w c:\windows\system32
    toskrnl.exe
    2009-02-09 11:27 . 2006-03-02 12:00 111104 —-a-w c:\windows\system32\services.exe
    2009-02-09 10:56 . 2006-03-02 12:00 734208 —-a-w c:\windows\system32\lsasrv.dll
    2009-02-09 10:56 . 2006-03-02 12:00 684544 —-a-w c:\windows\system32\advapi32.dll
    2009-02-09 10:56 . 2006-03-02 12:00 401408 —-a-w c:\windows\system32\rpcss.dll
    2009-02-09 10:56 . 2006-03-02 12:00 735744 —-a-w c:\windows\system32
    tdll.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-05-07_11.45.23 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-05-08 10:15 . 2009-05-08 10:15 16384 c:\windows\Temp\Perflib_Perfdata_5ac.dat
    + 2009-05-08 10:15 . 2009-05-08 10:15 16384 c:\windows\Temp\Perflib_Perfdata_254.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC5B46EA-1E25-406A-A1BA-BE02C23F7A24}]
    2006-03-02 12:00 104448 —-a-w c:\windows\system32\uhqwtfd.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-17 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    Ralink Wireless Utility.lnk - c:\program files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2009-4-6 638976]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!saswinlogon]
    2008-12-22 10:05 356352 —-a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\bcxznbcm]
    2006-03-02 12:00 104448 —-a-w c:\windows\system32\uhqwtfd.dll

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    "wave3"= serwvdrv.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\dxdiag.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\BitLord\\BitLord.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\WINDOWS\\system32\\wscntfy.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R0 ydiclngv;ydiclngv;c:\windows\system32\drivers\ydiclngv.sys [2-3-2006 14:00 23424]
    R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5-5-2009 22:18 114768]
    R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28-4-2009 11:33 9968]
    R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28-4-2009 11:33 72944]
    R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5-5-2009 22:18 20560]
    R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [6-4-2009 21:07 945152]
    R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [3-5-2009 15:50 19928]
    S0 a58529384ac9181cc1c65f199253dd2d;a58529384ac9181cc1c65f199253dd2d;c:\windows\system32\a58529384ac9181cc1c65f199253dd2d.sys –> c:\windows\system32\a58529384ac9181cc1c65f199253dd2d.sys [?]
    S1 3ddc35a4;3ddc35a4;c:\windows\system32\drivers\3ddc35a4.sys –> c:\windows\system32\drivers\3ddc35a4.sys [?]
    S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [6-4-2009 20:36 17408]
    S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [12-5-2005 14:39 1287296]
    S3 RTL8187B;Wireless Network USB Adapter 54g WL-168v1.004;c:\windows\system32\drivers\RTL8187B.sys [2-4-2009 21:03 264576]
    S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28-4-2009 11:33 7408]
    S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [6-4-2009 20:57 11672]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    mctlrhke
    Gyxru
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-08 12:29
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(716)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll

    - - - - - - - > 'explorer.exe'(2136)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\system32\scardsvr.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32
    vsvc32.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\HP\Digital Imaging\bin\hpqste08.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-05-08 12:31 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-05-08 10:31
    ComboFix2.txt 2009-05-07 11:46

    Pre-Run: 228.311.134.208 bytes beschikbaar
    Post-Run: 228.264.185.856 bytes beschikbaar

    279 — E O F — 2009-04-29 08:57







  • Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
    [b:e552e149fa]
  • ComboFix 09-05-07.A01 - Rita 08-05-2009 17:04.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.688 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Rita\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Rita\Bureaublad\cfscript.txt.txt
    AV: avast! antivirus 4.8.1335 [VPS 090507-0] *On-access scanning disabled* (Updated)
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\uhqwtfd.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-04-08 to 2009-05-08 ))))))))))))))))))))))))))))))
    .

    2009-05-06 12:43 . 2009-05-06 12:43 ——– d—–w c:\program files\Trend Micro
    2009-05-06 09:14 . 2009-05-06 09:14 ——– d—–w c:\documents and settings\Anne\Application Data\SUPERAntiSpyware.com
    2009-05-06 09:04 . 2009-05-06 09:04 ——– d—–w c:\documents and settings\Rita\Application Data\SUPERAntiSpyware.com
    2009-05-06 08:57 . 2009-05-06 08:57 ——– d—–w c:\documents and settings\Naut\Application Data\SUPERAntiSpyware.com
    2009-05-06 08:54 . 2009-05-06 08:54 ——– d—–w c:\documents and settings\Ilja\Application Data\SUPERAntiSpyware.com
    2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\program files\SUPERAntiSpyware
    2009-05-06 08:40 . 2009-05-06 08:40 ——– d—–w c:\documents and settings\Hugo\Application Data\SUPERAntiSpyware.com
    2009-05-06 08:39 . 2009-05-06 08:39 ——– d—–w c:\program files\Common Files\Wise Installation Wizard
    2009-05-06 08:16 . 2009-05-06 08:16 ——– d—–w c:\documents and settings\Anne\Local Settings\Application Data\Chromium
    2009-05-06 08:15 . 2009-05-06 08:15 ——– d—–w c:\documents and settings\Anne\Application Data\Malwarebytes
    2009-05-06 08:14 . 2009-05-06 08:14 ——– d—–w c:\documents and settings\Naut\Application Data\Malwarebytes
    2009-05-06 08:13 . 2009-05-06 08:13 23392 —-a-w c:\documents and settings\Naut\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-06 08:12 . 2009-05-06 08:12 ——– d—–w c:\documents and settings\Ilja\Application Data\Malwarebytes
    2009-05-06 07:37 . 2009-05-08 10:32 ——– d–h–r c:\documents and settings\Rita\Onlangs geopend
    2009-05-05 20:41 . 2009-05-08 14:45 ——– d–h–r c:\documents and settings\Hugo\Onlangs geopend
    2009-05-05 20:22 . 2009-05-05 20:25 ——– d—–w c:\program files\EsetOnlineScanner
    2009-05-05 20:17 . 2009-05-05 20:17 ——– d—–w c:\program files\Alwil Software
    2009-05-05 20:11 . 2009-04-06 13:32 15504 —-a-w c:\windows\system32\drivers\mbam.sys
    2009-05-05 20:11 . 2009-04-06 13:32 38496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-05 12:35 . 2009-05-05 19:52 ——– d—–w c:\program files\WhatsRunning
    2009-05-04 17:01 . 2009-05-04 17:01 ——– d—–w c:\documents and settings\Rita\Application Data\Malwarebytes
    2009-05-04 16:19 . 2009-05-04 16:19 8 —-a-w c:\windows\system32
    vModes.dat
    2009-05-04 16:14 . 2009-05-04 16:14 ——– d—–w c:\documents and settings\All Users\Application Data\NVIDIA
    2009-05-04 15:53 . 2009-05-05 20:11 ——– d—–w c:\program files\Malwarebytes' Anti-Malware
    2009-05-03 13:50 . 2002-04-24 10:07 19928 —-a-w c:\windows\system32\drivers\wbscr.sys
    2009-05-03 13:39 . 2009-05-03 13:39 ——– d—–w c:\documents and settings\All Users\Application Data\ESET
    2009-05-03 11:31 . 2009-05-03 11:31 ——– d—–w c:\documents and settings\Hugo\Application Data\itnxuwmt
    2009-05-03 11:31 . 2009-05-03 11:31 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\itnxuwmt
    2009-05-03 11:24 . 2009-05-03 11:24 ——– d—–w c:\documents and settings\NetworkService\Application Data\itnxuwmt
    2009-05-03 11:24 . 2009-05-03 11:24 ——– d—–w c:\documents and settings\NetworkService\Local Settings\Application Data\itnxuwmt
    2009-05-03 11:14 . 2009-05-03 11:14 ——– d—–w c:\documents and settings\Hugo\Application Data\Malwarebytes
    2009-05-03 11:14 . 2009-05-03 11:14 ——– d—–w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-03 11:03 . 2009-05-05 20:42 ——– d—–w c:\documents and settings\Hugo\.housecall6.6
    2009-05-03 10:16 . 2009-04-02 20:20 ——– d–h–w c:\documents and settings\Administrator\Netwerkprinteromgeving
    2009-05-03 10:16 . 2009-04-02 20:20 ——– d–h–w c:\documents and settings\Administrator\Onlangs geopend
    2009-05-03 10:16 . 2009-04-02 18:46 ——– d–h–w c:\documents and settings\Administrator\Sjablonen
    2009-05-03 10:16 . 2009-05-05 19:55 ——– d—–w c:\documents and settings\Administrator
    2009-05-01 17:56 . 2008-04-14 17:02 221184 —-a-w c:\windows\system32\wmpns.dll
    2009-05-01 16:25 . 2009-05-01 16:25 ——– d—–w c:\documents and settings\Hugo\Application Data\TeamViewer
    2009-05-01 16:25 . 2009-05-01 16:25 ——– d—–w c:\documents and settings\Hugo\temp
    2009-05-01 09:04 . 2009-05-01 09:04 ——– d—–w c:\documents and settings\Rita\Application Data\itnxuwmt
    2009-05-01 09:04 . 2009-05-01 09:04 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\itnxuwmt
    2009-04-29 18:28 . 2009-04-29 18:28 ——– d—–w c:\documents and settings\All Users\Application Data\FLEXnet
    2009-04-29 18:03 . 2009-04-29 18:03 ——– d—–w c:\program files\Common Files\Macrovision Shared
    2009-04-28 18:51 . 2009-04-28 18:51 ——– d—–w c:\documents and settings\Hugo\Application Data\Download Manager
    2009-04-27 11:23 . 2009-04-29 18:06 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\Adobe
    2009-04-26 19:21 . 2009-04-26 19:21 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Chromium
    2009-04-26 11:52 . 2009-04-26 11:52 ——– d—–w c:\documents and settings\Hugo\Application Data\ZipGenius
    2009-04-26 11:51 . 2009-04-26 11:51 ——– d—–w c:\program files\ZipGenius 6
    2009-04-26 11:28 . 2009-04-26 11:28 ——– d—–w c:\documents and settings\Naut\Local Settings\Application Data\Chromium
    2009-04-25 07:50 . 2009-05-04 08:48 23392 —-a-w c:\documents and settings\Rita\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-23 18:46 . 2009-04-23 18:46 ——– d—–w c:\program files\PC Inspector File Recovery
    2009-04-23 18:34 . 2009-04-23 18:34 ——– d—–w c:\program files\Recuva
    2009-04-21 19:52 . 2009-04-21 19:52 ——– d—–w c:\documents and settings\Hugo\Application Data\Convivea
    2009-04-21 19:52 . 2009-04-21 19:53 ——– d—–w c:\program files\Bit Che
    2009-04-21 19:50 . 2009-04-28 13:49 ——– d—–w c:\program files\BitLord
    2009-04-21 19:20 . 2009-04-21 19:20 ——– d—–w c:\documents and settings\Anne\Local Settings\Application Data\Google
    2009-04-19 18:56 . 2009-04-19 18:56 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Chromium
    2009-04-19 11:19 . 2009-04-19 11:19 ——– d—–w c:\documents and settings\Rita\Application Data\OpenOffice.org
    2009-04-19 10:56 . 2009-04-19 18:54 ——– d—–w c:\documents and settings\Rita\Tracing
    2009-04-18 17:01 . 2009-04-22 15:43 ——– d—–w c:\windows\system32\Adobe
    2009-04-18 16:13 . 2009-04-23 18:35 ——– d—–w c:\documents and settings\Hugo\Local Settings\Application Data\Google
    2009-04-18 07:13 . 2009-04-18 07:13 ——– d—–w c:\windows\Sun
    2009-04-18 07:13 . 2009-04-18 07:13 410984 —-a-w c:\windows\system32\deploytk.dll
    2009-04-18 07:13 . 2009-04-18 07:13 ——– d—–w c:\program files\Java
    2009-04-18 06:43 . 2009-04-18 06:43 ——– d—–w c:\documents and settings\Naut\Local Settings\Application Data\Google
    2009-04-17 15:18 . 2009-05-07 09:00 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Adobe
    2009-04-17 15:08 . 2009-04-17 15:08 ——– d—–w c:\documents and settings\Ilja\Local Settings\Application Data\Google
    2009-04-17 11:15 . 2009-04-25 07:45 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Google
    2009-04-17 11:09 . 2009-04-29 18:11 ——– d—–w c:\program files\Common Files\Adobe
    2009-04-17 11:06 . 2009-04-17 11:22 ——– d—–w c:\program files\Google
    2009-04-17 11:06 . 2009-04-17 11:22 ——– d—–w c:\documents and settings\Rita\Local Settings\Application Data\Adobe
    2009-04-17 11:05 . 2009-04-17 11:43 ——– d—–w c:\documents and settings\All Users\Application Data\NOS
    2009-04-17 11:05 . 2009-04-17 11:43 ——– d—–w c:\program files\NOS
    2009-04-17 10:25 . 2009-02-06 10:10 227840 -c—-w c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-17 10:25 . 2009-03-06 14:23 285696 -c—-w c:\windows\system32\dllcache\pdh.dll
    2009-04-17 10:25 . 2009-02-09 11:27 111104 -c—-w c:\windows\system32\dllcache\services.exe
    2009-04-17 10:25 . 2009-02-09 10:56 401408 -c—-w c:\windows\system32\dllcache\rpcss.dll
    2009-04-17 10:25 . 2009-02-09 10:56 473600 -c—-w c:\windows\system32\dllcache\fastprox.dll
    2009-04-17 10:25 . 2009-02-09 10:56 684544 -c—-w c:\windows\system32\dllcache\advapi32.dll
    2009-04-17 10:25 . 2009-02-09 10:56 734208 -c—-w c:\windows\system32\dllcache\lsasrv.dll
    2009-04-17 10:25 . 2009-02-09 10:56 453120 -c—-w c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-17 10:25 . 2009-02-09 10:56 735744 -c—-w c:\windows\system32\dllcache
    tdll.dll
    2009-04-17 10:24 . 2008-04-21 21:16 218624 -c—-w c:\windows\system32\dllcache\wordpad.exe
    2009-04-17 10:23 . 2008-10-16 12:06 208744 —-a-w c:\windows\system32\muweb.dll
    2009-04-17 10:23 . 2008-10-16 12:06 268648 —-a-w c:\windows\system32\mucltui.dll
    2009-04-16 19:35 . 2009-05-06 08:12 ——– d—–w c:\documents and settings\Ilja\Tracing
    2009-04-16 15:43 . 2009-05-08 14:40 ——– d—–w c:\documents and settings\Hugo\Tracing
    2009-04-16 15:43 . 2009-04-16 15:43 ——– d—–w c:\program files\Microsoft
    2009-04-16 15:43 . 2009-04-16 15:43 ——– d—–w c:\program files\Windows Live SkyDrive
    2009-04-16 15:42 . 2009-04-16 15:43 ——– d—–w c:\program files\Windows Live
    2009-04-16 15:37 . 2009-04-16 15:37 ——– d—–w c:\program files\Common Files\Windows Live
    2009-04-11 07:07 . 2009-04-11 07:07 ——– d—–w c:\program files\Codemasters

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-06 14:04 . 2009-04-07 14:17 ——– d—–w c:\program files\SRWare Iron
    2009-05-04 18:59 . 2009-04-07 14:43 23392 —-a-w c:\documents and settings\Ilja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-03 13:50 . 2009-04-06 18:32 ——– d–h–w c:\program files\InstallShield Installation Information
    2009-05-03 10:39 . 2009-04-07 14:35 ——– d—–w c:\program files\Spybot - Search & Destroy
    2009-04-30 08:29 . 2009-04-06 18:36 17408 —-a-w c:\windows\system32\drivers\USBCRFT.SYS
    2009-04-29 18:28 . 2009-04-07 14:24 23392 —-a-w c:\documents and settings\Hugo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-28 17:45 . 2006-03-02 12:00 77628 —-a-w c:\windows\system32\perfc013.dat
    2009-04-28 17:45 . 2006-03-02 12:00 458570 —-a-w c:\windows\system32\perfh013.dat
    2009-04-08 09:48 . 2009-04-08 09:48 ——– d—–w c:\program files\MSXML 4.0
    2009-04-07 19:20 . 2009-04-07 19:13 123206 —-a-w c:\windows\hpoins11.dat
    2009-04-07 19:19 . 2009-04-07 19:18 ——– d—–w c:\program files\Common Files\HP
    2009-04-07 19:19 . 2009-04-07 19:14 ——– d—–w c:\program files\HP
    2009-04-07 19:17 . 2009-04-07 19:17 ——– d—–w c:\program files\Hewlett-Packard
    2009-04-07 19:16 . 2009-04-07 19:16 ——– d—–w c:\program files\Common Files\Hewlett-Packard
    2009-04-07 14:35 . 2009-04-07 14:35 ——– d—–w c:\program files\CCleaner
    2009-04-07 14:09 . 2009-04-07 14:09 ——– d—–w c:\program files\Windows Media Connect 2
    2009-04-06 19:50 . 2009-04-02 18:49 76487 —-a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-04-06 18:57 . 2009-04-06 18:57 ——– d—–w c:\program files\USB Wireless Keyboard Driver
    2009-04-06 18:37 . 2009-04-06 18:37 ——– d—–w c:\program files\Intel
    2009-04-06 18:36 . 2009-04-06 18:32 ——– d—–w c:\program files\Common Files\InstallShield
    2009-04-06 18:32 . 2009-04-06 18:32 19915 —-a-w c:\windows\system32\drivers\AegisP.sys
    2009-04-06 18:32 . 2009-04-06 18:32 ——– d—–w c:\program files\RALINK
    2009-04-02 19:03 . 2009-04-02 19:03 ——– d—–w c:\program files\DIFX
    2009-04-02 18:50 . 2009-04-02 18:50 ——– d—–w c:\program files\microsoft frontpage
    2009-04-02 18:49 . 2006-03-02 12:00 67 –sha-w c:\windows\Fonts\desktop.ini
    2009-04-02 18:47 . 2009-04-02 18:47 21748 —-a-w c:\windows\system32\emptyregdb.dat
    2009-03-06 14:23 . 2006-03-02 12:00 285696 —-a-w c:\windows\system32\pdh.dll
    2009-03-03 00:16 . 2006-03-02 12:00 826368 —-a-w c:\windows\system32\wininet.dll
    2009-02-20 17:18 . 2006-03-02 12:00 78336 —-a-w c:\windows\system32\ieencode.dll
    2009-02-09 14:08 . 2006-03-02 12:00 1846912 —-a-w c:\windows\system32\win32k.sys
    2009-02-09 11:27 . 2004-08-04 00:58 2028544 —-a-w c:\windows\system32
    tkrnlpa.exe
    2009-02-09 11:27 . 2006-03-02 12:00 2149888 —-a-w c:\windows\system32
    toskrnl.exe
    2009-02-09 11:27 . 2006-03-02 12:00 111104 —-a-w c:\windows\system32\services.exe
    2009-02-09 10:56 . 2006-03-02 12:00 734208 —-a-w c:\windows\system32\lsasrv.dll
    2009-02-09 10:56 . 2006-03-02 12:00 684544 —-a-w c:\windows\system32\advapi32.dll
    2009-02-09 10:56 . 2006-03-02 12:00 401408 —-a-w c:\windows\system32\rpcss.dll
    2009-02-09 10:56 . 2006-03-02 12:00 735744 —-a-w c:\windows\system32
    tdll.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-05-07_11.45.23 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-05-08 15:06 . 2009-05-08 15:06 16384 c:\windows\Temp\Perflib_Perfdata_5a8.dat
    + 2009-05-08 15:07 . 2009-05-08 15:07 16384 c:\windows\Temp\Perflib_Perfdata_404.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC5B46EA-1E25-406A-A1BA-BE02C23F7A24}]
    2006-03-02 12:00 104448 —-a-w c:\windows\system32\uhqwtfd.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-17 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    Ralink Wireless Utility.lnk - c:\program files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2009-4-6 638976]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!saswinlogon]
    2008-12-22 10:05 356352 —-a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\bcxznbcm]
    2006-03-02 12:00 104448 —-a-w c:\windows\system32\uhqwtfd.dll

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    "wave3"= serwvdrv.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\dxdiag.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\BitLord\\BitLord.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\WINDOWS\\system32\\wscntfy.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R0 ydiclngv;ydiclngv;c:\windows\system32\drivers\ydiclngv.sys [2-3-2006 14:00 23424]
    R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5-5-2009 22:18 114768]
    R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28-4-2009 11:33 9968]
    R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28-4-2009 11:33 72944]
    R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5-5-2009 22:18 20560]
    R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [6-4-2009 21:07 945152]
    R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [3-5-2009 15:50 19928]
    S0 a58529384ac9181cc1c65f199253dd2d;a58529384ac9181cc1c65f199253dd2d;c:\windows\system32\a58529384ac9181cc1c65f199253dd2d.sys –> c:\windows\system32\a58529384ac9181cc1c65f199253dd2d.sys [?]
    S1 3ddc35a4;3ddc35a4;c:\windows\system32\drivers\3ddc35a4.sys –> c:\windows\system32\drivers\3ddc35a4.sys [?]
    S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [6-4-2009 20:36 17408]
    S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [12-5-2005 14:39 1287296]
    S3 RTL8187B;Wireless Network USB Adapter 54g WL-168v1.004;c:\windows\system32\drivers\RTL8187B.sys [2-4-2009 21:03 264576]
    S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28-4-2009 11:33 7408]
    S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [6-4-2009 20:57 11672]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    mctlrhke
    Gyxru
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-08 17:07
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(716)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll

    - - - - - - - > 'explorer.exe'(2660)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\system32\scardsvr.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32
    vsvc32.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\HP\Digital Imaging\bin\hpqste08.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-05-08 17:10 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-05-08 15:09
    ComboFix2.txt 2009-05-08 10:31
    ComboFix3.txt 2009-05-07 11:46

    Pre-Run: 228.236.623.872 bytes beschikbaar
    Post-Run: 228.249.985.024 bytes beschikbaar

    270 — E O F — 2009-04-29 08:57







  • Mag ik een HJT logje ter controle.
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:35:47, on 11-5-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: (no name) - {BC5B46EA-1E25-406A-A1BA-BE02C23F7A24} - c:\windows\system32\uhqwtfd.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-21-1004336348-682003330-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Hugo')
    O4 - HKUS\S-1-5-21-1004336348-682003330-839522115-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Hugo')
    O4 - HKUS\S-1-5-21-1004336348-682003330-839522115-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Hugo')
    O4 - HKUS\S-1-5-21-1004336348-682003330-839522115-1005\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'Hugo')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    O16 - DPF: {56762dec-6b0d-4ab4-a8ad-989993b5d08b} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240038780765&h=2ad99dafb20d0d3e2748dc3628c7d07f/&filename=jinstall-6u13-windows-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: bcxznbcm - C:\WINDOWS\SYSTEM32\uhqwtfd.dll
    O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: FLEXnet Licensing Service (flexnet licensing service) - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


    End of file - 7604 bytes

  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:c17bf49f05]
    O2 - BHO: (no name) - {BC5B46EA-1E25-406A-A1BA-BE02C23F7A24} - c:\windows\system32\uhqwtfd.dll
    O20 - Winlogon Notify: bcxznbcm - C:\WINDOWS\SYSTEM32\uhqwtfd.dll
    [/b:c17bf49f05]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Download [b:c17bf49f05] en sla het op je bureaublad op.
    Dubbelklik op [b:c17bf49f05]mbam-setup.exe[/b:c17bf49f05] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:c17bf49f05]
    [*:c17bf49f05]Update MalwareBytes' Anti-Malware
    [*:c17bf49f05]Start MalwareBytes' Anti-Malware
    [/list:u:c17bf49f05]Klik daarna op "[b:c17bf49f05]Voltooien[/b:c17bf49f05]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:c17bf49f05]
    [*:c17bf49f05]Zodra het programma gestart is, ga dan naar het tabblad "[b:c17bf49f05]Instellingen[/b:c17bf49f05]".
    [*:c17bf49f05]Vink hier aan: "[b:c17bf49f05]Sluit Internet Explorer tijdens verwijdering van malware[/b:c17bf49f05]".
    [*:c17bf49f05]Ga daarna naar het tabblad "[b:c17bf49f05]Scanner[/b:c17bf49f05]", kies hier voor "[b:c17bf49f05]Snelle Scan[/b:c17bf49f05]".
    [*:c17bf49f05]Druk vervolgens op "[b:c17bf49f05]Scannen[/b:c17bf49f05]" om de scan te starten.
    [*:c17bf49f05]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:c17bf49f05]Wanneer de scan voltooid is, klik op [b:c17bf49f05]OK[/b:c17bf49f05], daarna "[b:c17bf49f05]Bekijk Resultaten[/b:c17bf49f05]" om de resultaten te zien.
    [*:c17bf49f05]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:c17bf49f05]Verwijder geselecteerde[/b:c17bf49f05]".
    [*:c17bf49f05]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:c17bf49f05]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:c17bf49f05]Logs[/b:c17bf49f05]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis.
  • hij doet het weer helemaal moet ik alsnog een logje plaatsen?
  • aub
  • dankjewel voor je hulp (Y)

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.