carretje

Lid

Bekijk profiel Bekijk hun activiteit

Items
12
Registratiedatum
29 juni 2012
Laatst bezocht
1 juli 2012

carretje's prestaties

Groentje (2/14)

Recente badges

Reputatie

politievirus..

carretje reageerde op carretje's topic in Archief Bestrijding malware & virussen

Goedemorgen en dank je wel voor je tijd en geduld. Tot nu toe nog niets gemerkt, ik hou hem in de gaten en mocht er wat zijn, laat ik van me horen.
- 1 juli 2012
- 20 antwoorden
politievirus..

carretje reageerde op carretje's topic in Archief Bestrijding malware & virussen

nieuw logje ComboFix 12-06-28.03 - Carla 30-06-2012 23:18:39.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3919.2710 [GMT 2:00] Gestart vanuit: c:\users\Carla\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Carla\Desktop\CFScript.txt AV: Ziggo internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} FW: Ziggo internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Ziggo internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\thvfqcmurxyklqp c:\programdata\thvfqcmurxyklqp\btn-green.png c:\programdata\thvfqcmurxyklqp\corners-btn.png c:\programdata\thvfqcmurxyklqp\corners1.png c:\programdata\thvfqcmurxyklqp\corners2.png c:\programdata\thvfqcmurxyklqp\corners3.png c:\programdata\thvfqcmurxyklqp\corners4.png c:\programdata\thvfqcmurxyklqp\ie6-7.css c:\programdata\thvfqcmurxyklqp\main.html c:\programdata\thvfqcmurxyklqp\McAfee.png c:\programdata\thvfqcmurxyklqp\nl-flag.png c:\programdata\thvfqcmurxyklqp\nl-image.png c:\programdata\thvfqcmurxyklqp\pay7.png c:\programdata\thvfqcmurxyklqp\pay8.png c:\programdata\thvfqcmurxyklqp\pay9.png c:\programdata\thvfqcmurxyklqp\steps-en.png c:\programdata\thvfqcmurxyklqp\steps-nl.png c:\programdata\thvfqcmurxyklqp\style.css c:\programdata\thvfqcmurxyklqp\tabs.png . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))) . . 2012-06-30 21:23 . 2012-06-30 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-30 06:17 . 2012-06-30 06:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8628346B-1ACF-4896-A168-6131E667D5E4}\offreg.dll 2012-06-29 19:54 . 2012-06-29 19:54 -------- d-----w- c:\users\Carla\AppData\Local\ElevatedDiagnostics 2012-06-29 19:25 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8628346B-1ACF-4896-A168-6131E667D5E4}\mpengine.dll 2012-06-29 16:43 . 2012-06-29 16:43 -------- d-----w- c:\users\Carla\AppData\Roaming\Malwarebytes 2012-06-29 16:43 . 2012-06-29 16:43 -------- d-----w- c:\programdata\Malwarebytes 2012-06-29 16:43 . 2012-06-29 19:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-29 11:20 . 2012-06-29 11:20 -------- d-----w- c:\program files (x86)\Trend Micro 2012-06-26 06:33 . 2012-06-29 19:20 -------- d-----w- c:\users\Gast 2012-06-25 18:12 . 2012-06-25 18:12 -------- d-----w- c:\users\Carla\AppData\Roaming\Epson 2012-06-25 17:59 . 2012-06-25 17:59 -------- d-----w- c:\program files\Common Files\EPSON 2012-06-25 17:52 . 2012-06-25 17:52 -------- d-----w- c:\users\Carla\AppData\Local\ABBYY 2012-06-25 17:50 . 2012-06-25 17:52 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0 Sprint 2012-06-25 17:50 . 2012-06-25 17:50 -------- d-----w- c:\programdata\ABBYY 2012-06-25 17:50 . 2012-06-25 17:50 -------- d-----w- c:\program files (x86)\Common Files\ABBYY 2012-06-25 17:48 . 2012-06-25 17:48 -------- d-----w- c:\programdata\UDL 2012-06-25 17:47 . 2012-06-25 17:47 -------- d-----w- c:\program files\Epson Software 2012-06-25 17:45 . 2012-06-25 17:47 -------- d-----w- c:\program files (x86)\Epson Software 2012-06-25 17:44 . 2011-08-30 11:40 535040 ----a-w- c:\windows\system32\ensppui.dll 2012-06-25 17:44 . 2011-08-01 16:24 250880 ----a-w- c:\windows\system32\enspres.dll 2012-06-25 17:44 . 2012-06-25 17:44 -------- d-----w- c:\program files\EpsonNet 2012-06-25 17:44 . 2011-08-30 11:40 535040 ----a-w- c:\windows\system32\enppui.dll 2012-06-25 17:44 . 2011-08-30 11:38 558080 ----a-w- c:\windows\system32\ensppmon.dll 2012-06-25 17:44 . 2011-08-30 11:38 558080 ----a-w- c:\windows\system32\enppmon.dll 2012-06-25 17:44 . 2011-08-01 16:24 250880 ----a-w- c:\windows\system32\enpres.dll 2012-06-25 17:44 . 2012-06-25 17:44 -------- d-----w- c:\program files (x86)\Common Files\EPSON 2012-06-25 17:44 . 2007-04-10 01:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL 2012-06-25 17:43 . 2008-11-12 03:00 118784 ----a-w- c:\windows\system32\E_ILMHLE.DLL 2012-06-25 17:43 . 2009-10-01 03:01 88064 ----a-w- c:\windows\system32\E_IBCBHLE.DLL 2012-06-25 17:43 . 2012-06-25 18:00 -------- d-----w- c:\programdata\EPSON 2012-06-25 17:43 . 2012-06-25 17:45 -------- d-----w- c:\program files (x86)\epson 2012-06-25 17:43 . 2011-08-09 22:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll 2012-06-25 17:43 . 2009-10-15 22:00 13824 ----a-w- c:\windows\system32\esxcdev.dll 2012-06-25 17:43 . 2009-10-15 22:00 132560 ----a-w- c:\windows\system32\esdevapp.exe 2012-06-25 14:24 . 2010-12-01 07:31 451072 ------w- c:\windows\SysWow64\ISSRemoveSP.exe 2012-06-25 07:58 . 2012-06-25 07:58 -------- d-----w- c:\users\Carla\AppData\Local\Adobe 2012-06-24 17:38 . 2012-06-24 17:38 -------- d-----w- c:\programdata\Intel 2012-06-24 17:35 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-06-24 17:35 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-06-24 15:44 . 2012-06-24 15:44 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys 2012-06-24 15:38 . 2012-06-24 15:54 45624 ----a-w- c:\windows\system32\drivers\fses.sys 2012-06-24 15:31 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-24 15:31 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-24 15:31 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-24 15:31 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-24 15:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-24 15:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-24 15:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-24 15:31 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-24 15:31 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-24 08:21 . 2012-06-24 08:21 -------- d-----w- c:\users\Carla\AppData\Local\Diagnostics 2012-06-24 08:20 . 2012-06-29 19:20 -------- d-----w- c:\users\Carla\AppData\Local\VirtualStore 2012-06-22 15:55 . 2012-06-24 15:54 94280 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2012-06-22 15:55 . 2012-06-24 15:55 -------- d-----w- c:\program files (x86)\Internetbeveiliging 2012-06-22 15:54 . 2012-06-24 15:37 -------- d-----w- c:\programdata\fssg 2012-06-22 15:31 . 2012-06-24 15:34 -------- d-----w- c:\programdata\f-secure 2012-06-20 14:36 . 2012-06-20 14:36 -------- d-----w- c:\programdata\CanonBJ 2012-06-16 10:22 . 2012-06-16 10:22 -------- d-----w- C:\Games 2012-06-14 07:50 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 07:50 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-11 15:23 . 2012-06-30 10:52 -------- d-----w- c:\program files (x86)\Smart File Advisor 2012-06-11 15:23 . 2012-06-24 15:27 -------- d-----w- c:\program files (x86)\Smart Projects 2012-06-11 08:59 . 2012-06-24 15:27 -------- d-----w- c:\program files (x86)\Microsoft Works 2012-06-09 10:25 . 2012-06-24 15:25 -------- d-----w- c:\users\Carla\AppData\Roaming\SMIGames 2012-06-05 09:18 . 2012-06-05 09:18 -------- d-----w- c:\users\Carla\AppData\Roaming\Chayowo Games 2012-06-05 07:23 . 2012-06-05 07:23 -------- d-----w- c:\users\Carla\AppData\Roaming\SulusGames 2012-06-05 07:23 . 2012-06-05 07:23 -------- d-----w- c:\programdata\SulusGames 2012-06-04 10:06 . 2012-06-04 10:06 -------- d-----w- c:\programdata\Particles 2012-06-04 10:05 . 2012-06-04 10:05 -------- d-----w- c:\programdata\Far Mills 2012-06-04 08:16 . 2012-06-04 08:16 -------- d-----w- c:\users\Carla\AppData\Roaming\DailyMagic . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 12:26 . 2012-03-31 10:12 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-05 12:26 . 2011-06-07 18:25 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 12:26 . 2012-04-14 08:26 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2010-12-01 19:27 . 2011-01-02 20:28 2735200 ----a-w- c:\program files (x86)\tbZyng.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-06-29_19.46.17 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-25 21:25 . 2012-06-30 20:05 49976 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-30 20:05 35266 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-12-29 23:51 . 2012-06-30 20:05 19080 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4249457388-3559699745-3184078399-1000_UserData.bin + 2010-12-29 22:39 . 2012-06-30 20:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-29 22:39 . 2012-06-29 19:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-29 22:39 . 2012-06-29 19:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-12-29 22:39 . 2012-06-30 20:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-29 19:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-06-30 20:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-06-30 10:59 91600 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2012-02-10 13:47 . 2012-06-29 19:17 1604 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-02-10 13:47 . 2012-06-29 19:52 1604 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2012-06-29 19:45 . 2012-06-29 19:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-30 20:04 . 2012-06-30 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-30 20:04 . 2012-06-30 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-29 19:45 . 2012-06-29 19:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-06-29 19:45 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-06-30 20:03 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-12-14 23:12 . 2012-06-25 18:10 767672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4249457388-3559699745-3184078399-1000-12288.dat + 2011-12-14 23:12 . 2012-06-30 12:03 767672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4249457388-3559699745-3184078399-1000-12288.dat + 2009-07-14 04:45 . 2012-06-30 06:09 7149868 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-06-29 19:23 7149868 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2011-10-24 15:41 . 2012-06-30 20:03 2394972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4249457388-3559699745-3184078399-1000-8192.dat + 2011-04-16 06:44 . 2011-04-16 06:44 2770944 c:\windows\Installer\2f2ded.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-30 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000] "Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" [bU] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824] "F-Secure Manager"="c:\program files (x86)\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264] "F-Secure TNB"="c:\program files (x86)\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe [2012-06-24 61088] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RTL8192cu;ICIDU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-30 1255736] R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776] R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-06-24 55960] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 57920] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-06-24 45624] S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-06-24 94280] S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 14904] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2012-06-24 199848] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . Inhoud van de 'Gedeelde Taken' map . 2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 12:26] . 2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 00:59] . 2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 00:59] . 2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4249457388-3559699745-3184078399-1000Core.job - c:\users\Carla\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 09:40] . 2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4249457388-3559699745-3184078399-1000UA.job - c:\users\Carla\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 09:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-17 10134560] "Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Verzenden naar OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 LSP: c:\program files (x86)\Internetbeveiliging\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-06-30 23:24:24 ComboFix-quarantined-files.txt 2012-06-30 21:24 ComboFix2.txt 2012-06-30 20:01 ComboFix3.txt 2012-06-29 19:49 ComboFix4.txt 2012-06-29 19:11 . Pre-Run: 76.856.078.336 bytes beschikbaar Post-Run: 76.974.698.496 bytes beschikbaar . - - End Of File - - 37D3CAE81D86CD079CF276DB47AD3E00
- 30 juni 2012
- 20 antwoorden
politievirus..

carretje reageerde op carretje's topic in Archief Bestrijding malware & virussen

oke, ga ik het nog 1x proberen
- 30 juni 2012
- 20 antwoorden
politievirus..

carretje reageerde op carretje's topic in Archief Bestrijding malware & virussen

Gedaan en hier het nieuwe logje ComboFix 12-06-28.03 - Carla 30-06-2012 21:56:48.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3919.2867 [GMT 2:00] Gestart vanuit: c:\users\Carla\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Carla\Desktop\CFScript - Snelkoppeling.lnk AV: Ziggo internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} FW: Ziggo internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Ziggo internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))) . . 2012-06-30 20:00 . 2012-06-30 20:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-30 06:17 . 2012-06-30 06:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8628346B-1ACF-4896-A168-6131E667D5E4}\offreg.dll 2012-06-29 19:54 . 2012-06-29 19:54 -------- d-----w- c:\users\Carla\AppData\Local\ElevatedDiagnostics 2012-06-29 19:25 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8628346B-1ACF-4896-A168-6131E667D5E4}\mpengine.dll 2012-06-29 16:43 . 2012-06-29 16:43 -------- d-----w- c:\users\Carla\AppData\Roaming\Malwarebytes 2012-06-29 16:43 . 2012-06-29 16:43 -------- d-----w- c:\programdata\Malwarebytes 2012-06-29 16:43 . 2012-06-29 19:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-29 11:20 . 2012-06-29 11:20 -------- d-----w- c:\program files (x86)\Trend Micro 2012-06-26 06:33 . 2012-06-29 19:20 -------- d-----w- c:\users\Gast 2012-06-25 18:12 . 2012-06-25 18:12 -------- d-----w- c:\users\Carla\AppData\Roaming\Epson 2012-06-25 17:59 . 2012-06-25 17:59 -------- d-----w- c:\program files\Common Files\EPSON 2012-06-25 17:52 . 2012-06-25 17:52 -------- d-----w- c:\users\Carla\AppData\Local\ABBYY 2012-06-25 17:50 . 2012-06-25 17:52 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0 Sprint 2012-06-25 17:50 . 2012-06-25 17:50 -------- d-----w- c:\programdata\ABBYY 2012-06-25 17:50 . 2012-06-25 17:50 -------- d-----w- c:\program files (x86)\Common Files\ABBYY 2012-06-25 17:48 . 2012-06-25 17:48 -------- d-----w- c:\programdata\UDL 2012-06-25 17:47 . 2012-06-25 17:47 -------- d-----w- c:\program files\Epson Software 2012-06-25 17:45 . 2012-06-25 17:47 -------- d-----w- c:\program files (x86)\Epson Software 2012-06-25 17:44 . 2011-08-30 11:40 535040 ----a-w- c:\windows\system32\ensppui.dll 2012-06-25 17:44 . 2011-08-01 16:24 250880 ----a-w- c:\windows\system32\enspres.dll 2012-06-25 17:44 . 2012-06-25 17:44 -------- d-----w- c:\program files\EpsonNet 2012-06-25 17:44 . 2011-08-30 11:40 535040 ----a-w- c:\windows\system32\enppui.dll 2012-06-25 17:44 . 2011-08-30 11:38 558080 ----a-w- c:\windows\system32\ensppmon.dll 2012-06-25 17:44 . 2011-08-30 11:38 558080 ----a-w- c:\windows\system32\enppmon.dll 2012-06-25 17:44 . 2011-08-01 16:24 250880 ----a-w- c:\windows\system32\enpres.dll 2012-06-25 17:44 . 2012-06-25 17:44 -------- d-----w- c:\program files (x86)\Common Files\EPSON 2012-06-25 17:44 . 2007-04-10 01:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL 2012-06-25 17:43 . 2008-11-12 03:00 118784 ----a-w- c:\windows\system32\E_ILMHLE.DLL 2012-06-25 17:43 . 2009-10-01 03:01 88064 ----a-w- c:\windows\system32\E_IBCBHLE.DLL 2012-06-25 17:43 . 2012-06-25 18:00 -------- d-----w- c:\programdata\EPSON 2012-06-25 17:43 . 2012-06-25 17:45 -------- d-----w- c:\program files (x86)\epson 2012-06-25 17:43 . 2011-08-09 22:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll 2012-06-25 17:43 . 2009-10-15 22:00 13824 ----a-w- c:\windows\system32\esxcdev.dll 2012-06-25 17:43 . 2009-10-15 22:00 132560 ----a-w- c:\windows\system32\esdevapp.exe 2012-06-25 14:24 . 2010-12-01 07:31 451072 ------w- c:\windows\SysWow64\ISSRemoveSP.exe 2012-06-25 07:58 . 2012-06-25 07:58 -------- d-----w- c:\users\Carla\AppData\Local\Adobe 2012-06-24 17:38 . 2012-06-24 17:38 -------- d-----w- c:\programdata\Intel 2012-06-24 17:35 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-06-24 17:35 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-06-24 15:44 . 2012-06-24 15:44 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys 2012-06-24 15:38 . 2012-06-24 15:54 45624 ----a-w- c:\windows\system32\drivers\fses.sys 2012-06-24 15:31 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-24 15:31 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-24 15:31 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-24 15:31 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-24 15:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-24 15:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-24 15:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-24 15:31 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-24 15:31 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-24 08:21 . 2012-06-24 08:21 -------- d-----w- c:\users\Carla\AppData\Local\Diagnostics 2012-06-24 08:20 . 2012-06-29 19:20 -------- d-----w- c:\users\Carla\AppData\Local\VirtualStore 2012-06-22 15:55 . 2012-06-24 15:54 94280 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2012-06-22 15:55 . 2012-06-24 15:55 -------- d-----w- c:\program files (x86)\Internetbeveiliging 2012-06-22 15:54 . 2012-06-24 15:37 -------- d-----w- c:\programdata\fssg 2012-06-22 15:31 . 2012-06-24 15:34 -------- d-----w- c:\programdata\f-secure 2012-06-22 12:03 . 2012-06-22 14:16 -------- d-----w- c:\programdata\thvfqcmurxyklqp 2012-06-20 14:36 . 2012-06-20 14:36 -------- d-----w- c:\programdata\CanonBJ 2012-06-16 10:22 . 2012-06-16 10:22 -------- d-----w- C:\Games 2012-06-14 07:50 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 07:50 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-11 15:23 . 2012-06-30 10:52 -------- d-----w- c:\program files (x86)\Smart File Advisor 2012-06-11 15:23 . 2012-06-24 15:27 -------- d-----w- c:\program files (x86)\Smart Projects 2012-06-11 08:59 . 2012-06-24 15:27 -------- d-----w- c:\program files (x86)\Microsoft Works 2012-06-09 10:25 . 2012-06-24 15:25 -------- d-----w- c:\users\Carla\AppData\Roaming\SMIGames 2012-06-05 09:18 . 2012-06-05 09:18 -------- d-----w- c:\users\Carla\AppData\Roaming\Chayowo Games 2012-06-05 07:23 . 2012-06-05 07:23 -------- d-----w- c:\users\Carla\AppData\Roaming\SulusGames 2012-06-05 07:23 . 2012-06-05 07:23 -------- d-----w- c:\programdata\SulusGames 2012-06-04 10:06 . 2012-06-04 10:06 -------- d-----w- c:\programdata\Particles 2012-06-04 10:05 . 2012-06-04 10:05 -------- d-----w- c:\programdata\Far Mills 2012-06-04 08:16 . 2012-06-04 08:16 -------- d-----w- c:\users\Carla\AppData\Roaming\DailyMagic . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 12:26 . 2012-03-31 10:12 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-05 12:26 . 2011-06-07 18:25 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 12:26 . 2012-04-14 08:26 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2010-12-01 19:27 . 2011-01-02 20:28 2735200 ----a-w- c:\program files (x86)\tbZyng.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-06-29_19.46.17 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-25 21:25 . 2012-06-30 18:47 49928 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-30 18:47 35258 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-12-29 23:51 . 2012-06-30 18:47 19080 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4249457388-3559699745-3184078399-1000_UserData.bin + 2010-12-29 22:39 . 2012-06-30 06:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-29 22:39 . 2012-06-29 19:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-29 22:39 . 2012-06-29 19:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-12-29 22:39 . 2012-06-30 06:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-29 19:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-06-30 06:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-06-30 10:59 91600 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2012-02-10 13:47 . 2012-06-29 19:17 1604 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-02-10 13:47 . 2012-06-29 19:52 1604 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2012-06-29 19:45 . 2012-06-29 19:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-30 18:45 . 2012-06-30 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-30 18:45 . 2012-06-30 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-29 19:45 . 2012-06-29 19:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-06-29 19:45 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-06-30 12:03 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-12-14 23:12 . 2012-06-25 18:10 767672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4249457388-3559699745-3184078399-1000-12288.dat + 2011-12-14 23:12 . 2012-06-30 12:03 767672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4249457388-3559699745-3184078399-1000-12288.dat + 2009-07-14 04:45 . 2012-06-30 06:09 7149868 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-06-29 19:23 7149868 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2011-10-24 15:41 . 2012-06-30 12:03 2081244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4249457388-3559699745-3184078399-1000-8192.dat + 2011-04-16 06:44 . 2011-04-16 06:44 2770944 c:\windows\Installer\2f2ded.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\tbZyn0.dll" [2010-12-01 2735200] "{46735dee-f862-49d1-876d-6382794dc625}"= "c:\program files (x86)\PHPNukeDU\tbPHP0.dll" [2010-10-18 3908192] "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136] . [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}] . [HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}] . [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngin.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{46735dee-f862-49d1-876d-6382794dc625}] 2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\PHPNukeDU\tbPHP0.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}] 2010-12-01 19:27 2735200 ----a-w- c:\program files (x86)\Zynga\tbZyn0.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] 2010-09-12 14:02 3863136 ----a-w- c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\tbZyn0.dll" [2010-12-01 2735200] "{46735dee-f862-49d1-876d-6382794dc625}"= "c:\program files (x86)\PHPNukeDU\tbPHP0.dll" [2010-10-18 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngin.dll" [2010-10-18 3908192] "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136] . [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}] . [HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-30 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000] "Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" [bU] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824] "F-Secure Manager"="c:\program files (x86)\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264] "F-Secure TNB"="c:\program files (x86)\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe [2012-06-24 61088] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RTL8192cu;ICIDU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-30 1255736] R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776] R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-06-24 55960] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 57920] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-06-24 45624] S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-06-24 94280] S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 14904] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2012-06-24 199848] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . Inhoud van de 'Gedeelde Taken' map . 2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 12:26] . 2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 00:59] . 2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 00:59] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4249457388-3559699745-3184078399-1000Core.job - c:\users\Carla\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 09:40] . 2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4249457388-3559699745-3184078399-1000UA.job - c:\users\Carla\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 09:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-17 10134560] "Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Verzenden naar OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 LSP: c:\program files (x86)\Internetbeveiliging\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file) WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-06-30 22:01:58 ComboFix-quarantined-files.txt 2012-06-30 20:01 ComboFix2.txt 2012-06-29 19:49 ComboFix3.txt 2012-06-29 19:11 . Pre-Run: 77.367.349.248 bytes beschikbaar Post-Run: 77.086.298.112 bytes beschikbaar . - - End Of File - - 94C8D00FC5EFC4B9296D293E88ED063B
- 30 juni 2012
- 20 antwoorden
politievirus..

carretje reageerde op carretje's topic in Archief Bestrijding malware & virussen

Ik denk dat het gelukt is... computer opnieuw opgestart, alles deed het nog. Hier me logje (ik hoop dat ik het goed gedaan heb). ComboFix 12-06-28.03 - Carla 29-06-2012 21:41:24.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3919.2584 [GMT 2:00] Gestart vanuit: c:\users\Carla\Downloads\ComboFix.exe AV: Ziggo internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} FW: Ziggo internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Ziggo internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\UNWISE.EXE C:\start.bat c:\users\Carla\AppData\Local\Temp\{A6242102-6BCE-4620-B15C-83914ED34620}\fpb.tmp c:\windows\fspscprereqmsiinst.log . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))) . . 2012-06-29 19:44 . 2012-06-29 19:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-29 16:43 . 2012-06-29 16:43 -------- d-----w- c:\users\Carla\AppData\Roaming\Malwarebytes 2012-06-29 16:43 . 2012-06-29 16:43 -------- d-----w- c:\programdata\Malwarebytes 2012-06-29 16:43 . 2012-06-29 19:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-29 11:20 . 2012-06-29 11:20 -------- d-----w- c:\program files (x86)\Trend Micro 2012-06-26 06:33 . 2012-06-29 19:20 -------- d-----w- c:\users\Gast 2012-06-25 18:12 . 2012-06-25 18:12 -------- d-----w- c:\users\Carla\AppData\Roaming\Epson 2012-06-25 17:59 . 2012-06-25 17:59 -------- d-----w- c:\program files\Common Files\EPSON 2012-06-25 17:52 . 2012-06-25 17:52 -------- d-----w- c:\users\Carla\AppData\Local\ABBYY 2012-06-25 17:50 . 2012-06-25 17:52 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0 Sprint 2012-06-25 17:50 . 2012-06-25 17:50 -------- d-----w- c:\programdata\ABBYY 2012-06-25 17:50 . 2012-06-25 17:50 -------- d-----w- c:\program files (x86)\Common Files\ABBYY 2012-06-25 17:48 . 2012-06-25 17:48 -------- d-----w- c:\programdata\UDL 2012-06-25 17:47 . 2012-06-25 17:47 -------- d-----w- c:\program files\Epson Software 2012-06-25 17:45 . 2012-06-25 17:47 -------- d-----w- c:\program files (x86)\Epson Software 2012-06-25 17:44 . 2011-08-30 11:40 535040 ----a-w- c:\windows\system32\ensppui.dll 2012-06-25 17:44 . 2011-08-01 16:24 250880 ----a-w- c:\windows\system32\enspres.dll 2012-06-25 17:44 . 2012-06-25 17:44 -------- d-----w- c:\program files\EpsonNet 2012-06-25 17:44 . 2011-08-30 11:40 535040 ----a-w- c:\windows\system32\enppui.dll 2012-06-25 17:44 . 2011-08-30 11:38 558080 ----a-w- c:\windows\system32\ensppmon.dll 2012-06-25 17:44 . 2011-08-30 11:38 558080 ----a-w- c:\windows\system32\enppmon.dll 2012-06-25 17:44 . 2011-08-01 16:24 250880 ----a-w- c:\windows\system32\enpres.dll 2012-06-25 17:44 . 2012-06-25 17:44 -------- d-----w- c:\program files (x86)\Common Files\EPSON 2012-06-25 17:44 . 2007-04-10 01:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL 2012-06-25 17:43 . 2008-11-12 03:00 118784 ----a-w- c:\windows\system32\E_ILMHLE.DLL 2012-06-25 17:43 . 2009-10-01 03:01 88064 ----a-w- c:\windows\system32\E_IBCBHLE.DLL 2012-06-25 17:43 . 2012-06-25 18:00 -------- d-----w- c:\programdata\EPSON 2012-06-25 17:43 . 2012-06-25 17:45 -------- d-----w- c:\program files (x86)\epson 2012-06-25 17:43 . 2011-08-09 22:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll 2012-06-25 17:43 . 2009-10-15 22:00 13824 ----a-w- c:\windows\system32\esxcdev.dll 2012-06-25 17:43 . 2009-10-15 22:00 132560 ----a-w- c:\windows\system32\esdevapp.exe 2012-06-25 14:24 . 2010-12-01 07:31 451072 ------w- c:\windows\SysWow64\ISSRemoveSP.exe 2012-06-25 07:58 . 2012-06-25 07:58 -------- d-----w- c:\users\Carla\AppData\Local\Adobe 2012-06-24 17:38 . 2012-06-24 17:38 -------- d-----w- c:\programdata\Intel 2012-06-24 17:35 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-06-24 17:35 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-06-24 15:44 . 2012-06-24 15:44 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys 2012-06-24 15:38 . 2012-06-24 15:54 45624 ----a-w- c:\windows\system32\drivers\fses.sys 2012-06-24 15:31 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-24 15:31 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-24 15:31 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-24 15:31 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-24 15:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-24 15:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-24 15:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-24 15:31 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-24 15:31 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-24 08:21 . 2012-06-24 08:21 -------- d-----w- c:\users\Carla\AppData\Local\Diagnostics 2012-06-24 08:20 . 2012-06-29 19:20 -------- d-----w- c:\users\Carla\AppData\Local\VirtualStore 2012-06-22 15:55 . 2012-06-24 15:54 94280 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2012-06-22 15:55 . 2012-06-24 15:55 -------- d-----w- c:\program files (x86)\Internetbeveiliging 2012-06-22 15:54 . 2012-06-24 15:37 -------- d-----w- c:\programdata\fssg 2012-06-22 15:31 . 2012-06-24 15:34 -------- d-----w- c:\programdata\f-secure 2012-06-22 12:03 . 2012-06-22 14:16 -------- d-----w- c:\programdata\thvfqcmurxyklqp 2012-06-20 14:36 . 2012-06-20 14:36 -------- d-----w- c:\programdata\CanonBJ 2012-06-16 10:22 . 2012-06-16 10:22 -------- d-----w- C:\Games 2012-06-14 07:50 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 07:50 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-11 15:23 . 2012-06-24 15:27 -------- d-----w- c:\program files (x86)\Smart File Advisor 2012-06-11 15:23 . 2012-06-24 15:27 -------- d-----w- c:\program files (x86)\Smart Projects 2012-06-11 08:59 . 2012-06-24 15:27 -------- d-----w- c:\program files (x86)\Microsoft Works 2012-06-09 10:25 . 2012-06-24 15:25 -------- d-----w- c:\users\Carla\AppData\Roaming\SMIGames 2012-06-05 09:18 . 2012-06-05 09:18 -------- d-----w- c:\users\Carla\AppData\Roaming\Chayowo Games 2012-06-05 07:23 . 2012-06-05 07:23 -------- d-----w- c:\users\Carla\AppData\Roaming\SulusGames 2012-06-05 07:23 . 2012-06-05 07:23 -------- d-----w- c:\programdata\SulusGames 2012-06-04 10:06 . 2012-06-04 10:06 -------- d-----w- c:\programdata\Particles 2012-06-04 10:05 . 2012-06-04 10:05 -------- d-----w- c:\programdata\Far Mills 2012-06-04 08:16 . 2012-06-04 08:16 -------- d-----w- c:\users\Carla\AppData\Roaming\DailyMagic . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 12:26 . 2012-03-31 10:12 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-05 12:26 . 2011-06-07 18:25 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 12:26 . 2012-04-14 08:26 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2010-12-01 19:27 . 2011-01-02 20:28 2735200 ----a-w- c:\program files (x86)\tbZyng.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\tbZyn0.dll" [2010-12-01 2735200] "{46735dee-f862-49d1-876d-6382794dc625}"= "c:\program files (x86)\PHPNukeDU\tbPHP0.dll" [2010-10-18 3908192] "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136] . [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}] . [HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}] . [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngin.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{46735dee-f862-49d1-876d-6382794dc625}] 2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\PHPNukeDU\tbPHP0.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}] 2010-12-01 19:27 2735200 ----a-w- c:\program files (x86)\Zynga\tbZyn0.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] 2010-09-12 14:02 3863136 ----a-w- c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\tbZyn0.dll" [2010-12-01 2735200] "{46735dee-f862-49d1-876d-6382794dc625}"= "c:\program files (x86)\PHPNukeDU\tbPHP0.dll" [2010-10-18 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngin.dll" [2010-10-18 3908192] "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136] . [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}] . [HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-30 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000] "Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" [bU] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824] "F-Secure Manager"="c:\program files (x86)\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264] "F-Secure TNB"="c:\program files (x86)\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RTL8192cu;ICIDU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-30 1255736] R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776] R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-06-24 55960] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 57920] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-06-24 45624] S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-06-24 94280] S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 14904] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2012-06-24 199848] S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe [2012-06-24 61088] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 12:26] . 2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 00:59] . 2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 00:59] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4249457388-3559699745-3184078399-1000Core.job - c:\users\Carla\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 09:40] . 2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4249457388-3559699745-3184078399-1000UA.job - c:\users\Carla\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 09:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-17 10134560] "Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Verzenden naar OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 LSP: c:\program files (x86)\Internetbeveiliging\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{a44990b3-9dda-4653-bd75-bc3cee5c2934} - (no file) WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file) WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file) WebBrowser-{A44990B3-9DDA-4653-BD75-BC3CEE5C2934} - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe c:\program files (x86)\Internetbeveiliging\Common\FSMA32.EXE c:\program files (x86)\Internetbeveiliging\Anti-Virus\FSGK32.EXE c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Internetbeveiliging\Common\FSHDLL32.EXE c:\windows\SysWOW64\PSIService.exe c:\program files (x86)\Internetbeveiliging\Anti-Virus\fssm32.exe c:\program files (x86)\Internetbeveiliging\Anti-Virus\fsav32.exe . ************************************************************************** . Voltooingstijd: 2012-06-29 21:49:41 - machine werd herstart ComboFix-quarantined-files.txt 2012-06-29 19:49 ComboFix2.txt 2012-06-29 19:11 . Pre-Run: 77.042.253.824 bytes beschikbaar Post-Run: 77.286.490.112 bytes beschikbaar . - - End Of File - - EBCFD8097F349912B273A666B95D5470 ---------- Post toegevoegd om 22:17 ---------- Vorige post was om 22:04 ---------- Mag ik jouw overigens nog even zeer bedanken voor al je hulp tot nu toe, helemaal geweldig. Het enige wat ik nu kreeg is een security melding bij al mijn favouriten pagina's van internet. Het ding doet echt raar.
- 29 juni 2012
- 20 antwoorden
politievirus..

carretje reageerde op carretje's topic in Archief Bestrijding malware & virussen

Ik heb het programma gewoon laten draaien, hij startte ook opnieuw op. En toen had ik het. Nogmaals het komt me niet onbekend voor, dit heb ik dus al eerder gehad nadat mijn computer besmet was door dit virus. Ik ga doen wat je zegt.
- 29 juni 2012
- 20 antwoorden
politievirus..

carretje reageerde op carretje's topic in Archief Bestrijding malware & virussen

Oke, ik heb de combofix laten draaien, logje was gemaakt maar daarna kon ik mijn virusscanner niet meer aanzetten, bestand bestond niet, alle linken op het bureaublad deden het niet meer, dus ik kon ook niet meer op het internet komen... 1 puinhoop. Dit heb ik dus al eerder gehad en wel de dag na het virus, toen ik 's morgens vroeg me computer aanzetten. Ik heb nu systeemherstel gedaan naar de 26ste en nu kan ik in ieder geval het internet weer op om dit neer te zetten. Me logje ben ik dus kwijt en om hem nu weer opnieuw te draaien... ik wacht wel ff. Ik hoop dat jullie weer kunnen helpen.
- 29 juni 2012
- 20 antwoorden
politievirus..

carretje reageerde op carretje's topic in Archief Bestrijding malware & virussen

MBAM logje Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Databaseversie: v2012.06.29.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Carla :: CARLA-PC [administrator] 29-6-2012 18:45:47 mbam-log-2012-06-29 (18-45-47).txt Scantype: Volledige scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 373250 Verstreken tijd: 36 minuut/minuten, 33 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) hijack logje : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:25:28, on 29-6-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/nl/index.php?rvs=google R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPSON SX235 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /FU "C:\Users\Carla\AppData\Local\Temp\E_S893C.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Google Update] "C:\Users\Carla\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\windows\SysWOW64\PSIService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10480 bytes
- 29 juni 2012
- 20 antwoorden
politievirus..

carretje reageerde op carretje's topic in Archief Bestrijding malware & virussen

wow... ik hoop dat jullie ook geduld hebben met mij in dit geval...
- 29 juni 2012
- 20 antwoorden
politievirus..

carretje reageerde op carretje's topic in Archief Bestrijding malware & virussen

Jullie zijn geweldig, dank je wel.
- 29 juni 2012
- 20 antwoorden
politievirus..

carretje reageerde op carretje's topic in Archief Bestrijding malware & virussen

Dank je wel voor je antwoord, hier mijn hiJack logje Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:26:21, on 29-6-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Analysis of program downloads scanned for viruses and spyware. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll R3 - URLSearchHook: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHP0.dll R3 - URLSearchHook: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll R3 - URLSearchHook: (no name) - {a44990b3-9dda-4653-bd75-bc3cee5c2934} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin.dll O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHP0.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHP0.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin.dll O3 - Toolbar: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPSON SX235 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /FU "C:\Users\Carla\AppData\Local\Temp\E_S893C.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Google Update] "C:\Users\Carla\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\windows\SysWOW64\PSIService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12865 bytes
- 29 juni 2012
- 20 antwoorden
politievirus..

carretje plaatste een topic in Archief Bestrijding malware & virussen

Hallo allemaal. Ook ik ben slachtoffer van het zogeheten politievirus. Mijn computer is ondertussen weer werkend en als het goed is, zou het virus totaal verwijderd moeten zijn van mijn computer maar ik heb nog steeds teveel problemen met internet / google chrome, me flash player die geregeld helemaal vast zit waardoor ik dus ook niks meer kan (behalve met computer opnieuw opstarten). Bestanden die niet meer open willen of beschadigd zijn. Ik sta dus op het punt om me harddrive te formatteren maar hoop dat jullie mij kunnen helpen. Iets gaat er nog fout maar ik weet niet waar. Ik weet alleen dat het virus voor heel ellende gezorgd heeft (linken die niet meer werkte, bestanden die beschadigd waren/zijn. Wat ik zelf ondertussen gedaan heb is me een nieuwe virusscanner geinstalleerd, die vond niets, kaspersky laten draaien, die vond nog een besmetting in een link van google chrome, windows defender gedraaid, die vond niets, maar alsnog was er iets niet goed, ik kreeg elke keer de melding: cannot open: c:\program files\(x86) asus\epu-4 engine\resource\gear.png, en deze kreeg ik niet weg. Mijn computer naar de winkel gebracht, daar vonden ze nog een besmetting in dit bestand. En nu weet ik het dus niet meer, alleen er klopt iets niet. Zouden jullie mij willen helpen.
- 29 juni 2012
- 20 antwoorden

Inloggen

carretje

Items

Registratiedatum

Laatst bezocht

carretje's prestaties

Groentje (2/14)

Recente badges

Reputatie

politievirus..

politievirus..

politievirus..

politievirus..

politievirus..

politievirus..

politievirus..

politievirus..

politievirus..

politievirus..

politievirus..

politievirus..

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie