Ga naar inhoud

Politievirus volledig weg?


Aanbevolen berichten

Eergisteren kreeg mijn vader het politievirus op zijn laptop.

Wat ik heb gedaan:

  • Opgestart in veilige modus met netwerkmogelijkheden zodat ik mbam kon updaten.
  • Mbam laten scannen en de gevonden problemen laten oplossen. Hierdoor is de laptop ook opnieuw opgestart in normale modus. Het scherm van het politievirus kwam er niet meer op.
  • CCleaner laten updaten en register laten controleren. Herhaaldelijk tot er geen fouten meer werden gevonden.

Mijn vraag nu is of het hele virus weg is of er toch nog restanten zijn.

RSIT-log met instelling op 3 maanden:

Logfile of random's system information tool 1.09 (written by random/random)

Run by patrick at 2013-09-02 14:31:35

Microsoft® Windows Vista™ Business Service Pack 1

System drive C: has 72 GB (51%) free of 142 GB

Total RAM: 2038 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:31:42, on 2-9-2013

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18639)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskmgr.exe

C:\Users\patrick.CERAMICSLIMBURG\Desktop\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\patrick.CERAMICSLIMBURG\Desktop\RSIT.exe

C:\Program Files\trend micro\patrick.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gepersonaliseerde startpagina

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell

O1 - Hosts: ::1 localhost

O1 - Hosts: 83.219.86.131 KERAMISCHE INDUSTRIE LIMBURG BV

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - http://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.17.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab

O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://zone.msn.com/bingame/burg/default/GoBitGamesPlayer_v6.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab102118.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\Software\..\Telephony: DomainName = ceramicslimburg.nl

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS8\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS9\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS10\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS11\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS12\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS13\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS14\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS15\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS16\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS17\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS18\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS19\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS20\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS21\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS22\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS23\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS24\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS25\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS26\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS27\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O17 - HKLM\System\CS28\Services\Tcpip\Parameters: Domain = ceramicslimburg.nl

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--

End of file - 11948 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\patrick.CERAMICSLIMBURG\AppData\Roaming\Mozilla\Firefox\Profiles\78iuqysz.default

prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.1, {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"belgiumeid@eid.belgium.be"=C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 10.1 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38]

"Description"=

"Path"=C:\Windows\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]

"Description"=Office Live Update v1.5

"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\

belgiumeid@eid.belgium.be

{972ce4c6-7e08-4474-a285-3208198ce6fd}

{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\

browser.xpt

browserdirprovider.dll

brwsrcmp.dll

components.list

FeedConverter.js

FeedProcessor.js

FeedWriter.js

fuelApplication.js

GPSDGeolocationProvider.js

jsconsole-clhandler.js

NetworkGeolocationProvider.js

nsAddonRepository.js

nsBadCertHandler.js

nsBlocklistService.js

nsBrowserContentHandler.js

nsBrowserGlue.js

nsContentDispatchChooser.js

nsContentPrefService.js

nsDefaultCLH.js

nsDownloadManagerUI.js

nsExtensionManager.js

nsFormAutoComplete.js

nsHandlerService.js

nsHelperAppDlg.js

nsINIProcessor.js

nsLivemarkService.js

nsLoginInfo.js

nsLoginManager.js

nsLoginManagerPrompter.js

nsMicrosummaryService.js

nsPlacesAutoComplete.js

nsPlacesDBFlush.js

nsPlacesTransactionsService.js

nsPrivateBrowsingService.js

nsProxyAutoConfig.js

nsSafebrowsingApplication.js

nsSearchService.js

nsSearchSuggestions.js

nsSessionStartup.js

nsSessionStore.js

nsSetDefaultBrowser.js

nsSidebar.js

nsTaggingService.js

nsTryToClose.js

nsUpdateService.js

nsUpdateServiceStub.js

nsUpdateTimerManager.js

nsUrlClassifierLib.js

nsUrlClassifierListManager.js

nsURLFormatter.js

nsWebHandlerApp.js

pluginGlue.js

storage-Legacy.js

storage-mozStorage.js

txEXSLTRegExFunctions.js

WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\

npnul32.dll

nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\

bolcom-nl.xml

google.xml

marktplaats-nl.xml

vandale-nl.xml

wikipedia-nl.xml

yahoo-nl.xml

C:\Users\patrick.CERAMICSLIMBURG\AppData\Roaming\Mozilla\Firefox\Profiles\78iuqysz.default\extensions\

{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]

PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-12-31 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-16 192592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [2013-01-16 1000984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]

CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-12-31 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-16 192592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-02-22 159744]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-22 4907008]

"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-07-03 3563520]

"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]

"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]

"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-03-20 1451304]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-12-18 40368]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-04-09 2029640]

"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-21 39408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoWelcomeScreen"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"msacm.siren"=sirenacm.dll

======List of files/folders created in the last 3 months======

2013-09-02 14:31:35 ----D---- C:\rsit

2013-09-02 14:31:35 ----D---- C:\Program Files\trend micro

2013-09-02 13:10:22 ----ASH---- C:\hiberfil.sys

2013-08-12 12:50:38 ----D---- C:\ProgramData\781ED15EFC1D3E320000781E594845D5

2013-08-09 15:12:31 ----D---- C:\Windows\Minidump

======List of files/folders modified in the last 3 months======

2013-09-02 14:31:42 ----D---- C:\Windows\Prefetch

2013-09-02 14:31:39 ----D---- C:\Windows\Temp

2013-09-02 14:31:35 ----RD---- C:\Program Files

2013-09-02 13:19:12 ----D---- C:\Windows

2013-09-02 13:10:31 ----AHD---- C:\ProgramData\TEMP

2013-09-02 13:10:15 ----D---- C:\Windows\twain_32

2013-09-02 13:10:15 ----D---- C:\Windows\system32\drivers

2013-09-02 03:51:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2013-09-02 03:51:10 ----A---- C:\Windows\ntbtlog.txt

2013-09-02 03:48:47 ----HD---- C:\ProgramData

2013-08-29 08:58:39 ----SHD---- C:\System Volume Information

2013-08-27 05:15:58 ----D---- C:\Windows\system32\catroot2

2013-08-16 10:27:22 ----SHD---- C:\Windows\Installer

2013-08-07 04:22:04 ----N---- C:\Windows\system32\MpSigStub.exe

2013-07-29 11:14:19 ----D---- C:\Windows\system32\FxsTmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2008-03-18 305176]

R0 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore.sys [2010-03-29 218592]

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-07-26 43872]

R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]

R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-04-09 113960]

R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-04-09 93312]

R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2008-07-03 18424]

R3 BCM43XX;Stuurprogramma voor de Dell draadloze WLAN-kaart; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-07-03 1207288]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-22 2054872]

R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2008-08-27 51288]

R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sd.sys [2008-08-27 43608]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-22 106496]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-03-20 208688]

S3 ACSSCR;ACR38 Smart Card Reader; C:\Windows\system32\DRIVERS\a38usb.sys [2009-12-15 37632]

S3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-02-22 155136]

S3 Dot4;Microsoft IEEE-1284.4-stuurprogramma; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]

S3 Dot4Print;Stuurprogramma voor printerklasse voor IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]

S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 e1express;Stuurprogramma voor Intel® PRO/1000 PCI Express-netwerkverbinding; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]

S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]

S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-21 15872]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSrv.exe [2008-02-22 77824]

R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-04-09 731840]

R2 hpqddsvc;HP CUE DeviceDiscovery-service; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 O2FLASH;O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [2008-08-27 71512]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]

R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-07-03 24064]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]

S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-07 161384]

S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-04-09 20680]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-21 194032]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]

S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224]

S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632]

S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

Link naar reactie
Delen op andere sites

Dag kolm,

welkom op PCH!

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Ga naar Java SE 7 en download daar de juiste Java versie naar uw bureaublad, 32 of 64 bit. Voor 32 bit download je Windows x86, voor 64 bit download je Windows x64.


  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
  • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE of JAVA) in de naam.
  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-7-windows-x64 / x86 op je Bureaublad om de nieuwste versie van Java te installeren.

Mag ik dat Malwarebytes logje eens zien ter controle wat er zoal verwijderd is?

aangepast door Jion
Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.