Weergegeven resultaten: 1 t/m 6 van 6

Discussie: bundespolizei

  1. #1
    Gevorderd   Nickel's schermafbeelding
    Geregistreerd
    11 May 2005
    Berichten
    135
    Bedankjes
    9
    Bedankt
    8 keer in 5 posts

    bundespolizei

    Tijdens het weekend heeft mijn zoon ergens dat fameuze virus opgeraapt en kon ie niet meer op intranet geraken.
    Ik heb toen zijn gebruikersaccount volledig verwijderd van de pc en een nieuwe aangemaakt.
    Mijn avira scanner vind niks meer maar kunnen jullie voor alle zekerheid eens de logjes checken aub? Bedankt op voorhand.

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org
    Databaseversie: v2012.03.19.05
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Dominiek :: BUREAU [administrator]
    19/03/2012 20:12:35
    mbam-log-2012-03-19 (20-12-35).txt
    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 280363
    Verstreken tijd: 4 minuut/minuten, 28 seconde
    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    (einde)


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:34:39, on 19/03/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing)
    O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing)
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/...nAxControl.CAB
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    --
    End of file - 8950 bytes

  2. #2
    Spyware Slayer   Rosty's schermafbeelding
    Geregistreerd
    19 May 2005
    Locatie
    Zandvliet/ Ledegem
    Berichten
    4.212
    Bedankjes
    1.205
    Bedankt
    2.705 keer in 1.758 posts
    Download ComboFix van één van deze locaties:
    Link 1
    Link 2

    * BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op
    • Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
      Klik hier
      Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
    • Dubbeklik op ComboFix.exe en volg de meldingen op het scherm.
    • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
      **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
    • Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.



    Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:



    Klik op Ja om verder te gaan met het scannen naar malware.

    Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht

  3. #3
    Gevorderd   Nickel's schermafbeelding
    Geregistreerd
    11 May 2005
    Berichten
    135
    Bedankjes
    9
    Bedankt
    8 keer in 5 posts
    Mijn combofixlog :
    ComboFix 12-03-20.01 - Dominiek 20/03/2012 20:45:26.1.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3063.1929 [GMT 1:00]
    Gestart vanuit: c:\users\Dominiek\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-02-20 to 2012-03-20 ))))))))))))))))))))))))))))))
    .
    .
    2012-03-19 19:24 . 2012-03-19 19:24 388096 ----a-r- c:\users\Dominiek\AppData\Roaming\Microsoft\Instal ler\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-03-19 19:24 . 2012-03-19 19:24 -------- d-----w- c:\program files\Trend Micro
    2012-03-19 19:11 . 2012-03-19 19:11 -------- d-----w- c:\users\Dominiek\AppData\Roaming\Malwarebytes
    2012-03-19 19:11 . 2012-03-19 19:11 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-19 19:11 . 2012-03-19 19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-19 19:11 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-17 12:33 . 2012-03-17 12:33 -------- d-----w- c:\windows\system32\siscardplugins
    2012-03-17 12:33 . 2012-03-17 12:33 -------- d-----w- c:\windows\system32\beidpp
    2012-03-17 12:33 . 2012-03-17 12:33 -------- d-----w- c:\program files\BeID Minidriver
    2012-03-17 12:33 . 2012-03-17 12:33 -------- d-----w- c:\program files\Belgium Identity Card
    2012-03-17 12:33 . 2012-03-17 12:33 -------- d-----w- C:\drivers
    2012-03-17 12:32 . 2012-03-17 12:32 -------- d-----w- c:\program files\ACR38_100_122 PCSC Driver
    2012-03-14 10:24 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-14 10:24 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-14 09:44 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 09:44 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 09:43 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 09:43 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 09:43 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 09:43 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 09:43 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-14 09:43 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-13 19:14 . 2012-03-13 19:14 -------- d-----w- c:\users\Baue2
    2012-03-08 15:29 . 2012-03-08 15:29 -------- d-----w- c:\windows\system32\wbem\en-US
    2012-03-02 16:17 . 2012-03-13 14:45 -------- d-----w- c:\users\Nancy\AppData\Local\Windows Live
    2012-03-02 16:17 . 2012-03-02 16:17 -------- d-----w- c:\users\Nancy\AppData\Local\Windows Live Writer
    2012-03-02 16:17 . 2012-03-02 16:17 -------- d-----w- c:\users\Nancy\AppData\Roaming\Windows Live Writer
    2012-02-29 17:36 . 2012-03-14 15:34 -------- d-----w- c:\users\Jade\AppData\Local\Windows Live
    2012-02-26 19:12 . 2012-02-26 19:12 -------- d-----w- c:\program files\MSXML 4.0
    2012-02-25 17:16 . 2007-01-04 11:02 663552 ----a-w- c:\windows\system32\mgxoschk.dll
    2012-02-25 17:14 . 2012-02-25 17:14 -------- d-----w- c:\users\Dominiek\AppData\Local\Xara
    2012-02-25 17:14 . 2012-02-25 17:14 -------- d-----w- c:\users\Dominiek\AppData\Local\MAGIX
    2012-02-25 17:12 . 2012-02-25 17:14 -------- d-----w- c:\program files\Common Files\MAGIX Shared
    2012-02-25 17:11 . 2012-02-25 17:14 -------- d-----w- c:\users\Dominiek\AppData\Roaming\MAGIX
    2012-02-25 17:10 . 2012-02-25 17:11 -------- d-----w- c:\program files\MAGIX
    2012-02-25 17:09 . 2012-02-25 17:11 -------- d-----w- c:\programdata\MAGIX
    2012-02-25 17:09 . 2012-02-25 17:09 -------- d-----w- c:\program files\Common Files\MAGIX Services
    2012-02-22 18:34 . 2012-03-07 15:02 -------- d-----w- c:\users\Dominiek\AppData\Local\Windows Live Writer
    2012-02-22 18:34 . 2012-02-23 05:57 -------- d-----w- c:\users\Dominiek\AppData\Roaming\Windows Live Writer
    2012-02-22 18:20 . 2012-02-22 18:20 -------- d-----w- c:\windows\nl
    2012-02-22 18:15 . 2012-02-22 18:15 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\31c056b1ccf18e17\DSETUP.dll
    2012-02-22 18:15 . 2012-02-22 18:15 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\31c056b1ccf18e17\DXSETUP.exe
    2012-02-22 18:15 . 2012-02-22 18:15 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\31c056b1ccf18e17\dsetup32.dll
    2012-02-22 18:15 . 2012-02-22 18:15 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\2305d301ccf18e16\DSETUP.dll
    2012-02-22 18:15 . 2012-02-22 18:15 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\2305d301ccf18e16\DXSETUP.exe
    2012-02-22 18:15 . 2012-02-22 18:15 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\2305d301ccf18e16\dsetup32.dll
    2012-02-22 18:15 . 2012-03-20 19:19 -------- d-----w- c:\users\Dominiek\AppData\Local\Windows Live
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2012-02-22 18:18 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
    2012-01-29 11:12 . 2012-01-29 11:12 0 ---ha-w- c:\users\Nancy\AppData\Local\BITA3ED.tmp
    2012-01-09 16:11 . 2012-01-09 16:11 0 ---ha-w- c:\users\Nancy\AppData\Local\BITFEDF.tmp
    2012-01-04 08:58 . 2012-02-16 18:19 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2011-12-30 05:27 . 2012-02-16 18:19 478720 ----a-w- c:\windows\system32\timedate.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-14 9288296]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
    "NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-28 281768]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link SharePort]
    2010-04-15 16:04 2797568 ----a-w- c:\program files\D-Link\SharePort\SharePort.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2011-05-13 15:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
    2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2010-12-09 10:45 74752 ----a-w- c:\program files\Winamp\winampa.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 136176]
    R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2009-12-15 37632]
    R3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\ Drivers\DlinkUDSTcpBus.sys [2010-04-07 64000]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-09 4640000]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-29 1343400]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
    S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atik mdag.sys [2010-05-27 5586432]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atik mpag.sys [2010-05-27 209920]
    S3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\Drivers\DlinkUDSMBus.sys [2010-04-07 60800]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 64904]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 146568]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-05-31 267880]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sy s [2010-09-14 577384]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftpla ylh.sys [2010-09-14 194408]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftr edirlh.sys [2010-09-14 21864]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh .sys [2010-09-14 19304]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 10:39]
    .
    2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 10:39]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.aldi.com
    uInternet Settings,ProxyOverride = *.local
    IE: &Verzenden naar OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
    IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4
    TCP: DhcpNameServer = 192.168.0.1
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    .
    .
    ------- Bestandsassociaties -------
    .
    .scr=AutoCADScriptFile
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    SafeBoot-BsScanner
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\A kamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.alb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="PhotoManager10Deluxe.8.alb"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2012-03-20 20:52:16
    ComboFix-quarantined-files.txt 2012-03-20 19:52
    .
    Pre-Run: 1.107.117.711.360 bytes beschikbaar
    Post-Run: 1.106.674.671.616 bytes beschikbaar
    .
    - - End Of File - - FBB1BBE7F0549D15EE5D678457AB2EE9

  4. #4
    Spyware Slayer   Rosty's schermafbeelding
    Geregistreerd
    19 May 2005
    Locatie
    Zandvliet/ Ledegem
    Berichten
    4.212
    Bedankjes
    1.205
    Bedankt
    2.705 keer in 1.758 posts
    Ziet er goed uit hoor! Nog problemen?

  5. #5
    Gevorderd   Nickel's schermafbeelding
    Geregistreerd
    11 May 2005
    Berichten
    135
    Bedankjes
    9
    Bedankt
    8 keer in 5 posts
    Niet onmiddellijk. Was vooral om te checken of er niks was blijven hangen van dat "politie"virus. Alvast bedankt om de logs na te kijken.
    Grts
    Nickel

  6. #6
    Spyware Slayer   Rosty's schermafbeelding
    Geregistreerd
    19 May 2005
    Locatie
    Zandvliet/ Ledegem
    Berichten
    4.212
    Bedankjes
    1.205
    Bedankt
    2.705 keer in 1.758 posts
    Graag gedaan hoor!

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Soortgelijke discussies

  1. bundespolizei
    Door theo2602 in forum HijackThis
    Reacties: 1
    Laatste bericht: 19 March 2012, 21:37

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •