Weergegeven resultaten: 1 t/m 6 van 6
  1. 27 January 2013, 16:18 #1
    Nickel
    Nickel is offline
    Gevorderd   Nickel's schermafbeelding
    Geregistreerd
    11 May 2005
    Berichten
    135
    Bedankjes
    9
    Bedankt
    8 keer in 5 posts

    controle pc na politie virus

    Vrijdag bij het surfen op een website van een camping in Frankrijk het politie virus opgelopen.
    Ik denk dat ik het er af gekregen heb via opstarten in veilige modus via andere account en dan Malwarebytes te laten lopen. Nadien via de eigen account nogmaals Malwarebytes laten lopen die nog dingen vond. Ik plaats ook een Hijacklog van na de verwijdering. Graag nazicht want mijn avg scanner (heb nu avg geïnstalleerd en avira verwijderd want deze had niet gereageerd) sloeg daar juist alarm op een bestand in C:\Users\Dominiek\Appdata\Local\Temp\88YH4.exe en klasseerde dit als BAckdoor.generic16.BBVN.
    Ik vrees dus dat ik er nog niet volledig vanaf ben.
    mvrgr
    Nickel
    alwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Databaseversie: v2013.01.26.05
    Windows 7 Service Pack 1 x86 NTFS (Veilige modus)
    Internet Explorer 9.0.8112.16421
    Dominiek :: BUREAU [administrator]
    27/01/2013 12:58:37
    mbam-log-2013-01-27 (12-58-37).txt
    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 334794
    Verstreken tijd: 5 minuut/minuten, 42 seconde
    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Registerwaarden gedetecteerd: 1
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Users\Dominiek\AppData\Roaming\sky pe.dat -> Succesvol in quarantaine geplaatst en verwijderd.
    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Bestanden gedetecteerd: 3
    C:\Users\Dominiek\AppData\Roaming\skype.dat (Malware.Packer.SGX1) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Dominiek\AppData\Local\Temp\E5CC.tmp (Malware.Packer.SGX1) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Dominiek\AppData\Local\Temp\~!#CF60.tmp (Malware.Packer.SGX1) -> Succesvol in quarantaine geplaatst en verwijderd.
    (einde)



    alwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Databaseversie: v2013.01.26.05
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Dominiek :: BUREAU [administrator]
    27/01/2013 14:55:54
    mbam-log-2013-01-27 (14-55-54).txt
    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 327773
    Verstreken tijd: 8 minuut/minuten, 18 seconde
    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    (einde)



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 14:47:35, on 27/01/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN29K1C73X05SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing)
    O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing)
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/...nAxControl.CAB
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    --
    End of file - 8701 bytes
  2. 27 January 2013, 16:45 #2
    Rosty
    Rosty is offline
    Spyware Slayer   Rosty's schermafbeelding
    Geregistreerd
    19 May 2005
    Locatie
    Zandvliet/ Ledegem
    Berichten
    4.212
    Bedankjes
    1.207
    Bedankt
    2.706 keer in 1.759 posts
    Hallo, we gaan de volgende tool inzetten. zoek.exe ®by smeenk


    De scan kan een tijdje duren omdat je hele schijf afgezocht wordt naar recent geplaatste bestanden.

    "zoek.exe" gebruiken:
    • Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens het gebruik soms als trojan aangezien.
      (hier of hier) kan je lezen hoe je dat doet.
    • Download daarna zoek.exe naar het bureaublad.
    • Start de tool middels dubbelklik op "zoek.exe".
    • Vervolgens zal er na een tijdje een venster geopend worden.
    • Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:

      Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

      Code:
      autoclean;
filesrcm;
startupall;
firefoxlook;
chromelook;
emptyclsid;
    • Sluit nu eerst alle overige nog openstaande programmavensters!
    • Klik daarna op de knop "Run script".
    • Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
    • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
    • Post nu de inhoud van het geopende logje in het volgende bericht.
  3. 27 January 2013, 17:40 #3
    Nickel
    Nickel is offline
    Gevorderd   Nickel's schermafbeelding
    Geregistreerd
    11 May 2005
    Berichten
    135
    Bedankjes
    9
    Bedankt
    8 keer in 5 posts
    Het vakje "Combined fix" heb ik wel niet gevonden in zoek.exe
    Hieronder het logje


    Zoek.exe Version 4.0.0.1 Updated 26-January-2013
    Tool run by Dominiek on zo 27/01/2013 at 16:01:30,96.
    Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
    Running in: Normal Mode Internet Access Detected
    ==== Deleting Files \ Folders ======================
    "C:\Users\Dominiek\AppData\Roaming\skype.ini" deleted
    "C:\Windows\system32\appdata" deleted
    "C:\ProgramData\Partner" deleted
    ==== Files Recently Created / Modified ======================
    ====== C:\Windows ====
    ====== C:\Users\Dominiek\AppData\Local\Temp ====
    ====== C:\Windows\system32 =====
    2013-01-16 19:39:58 784003AF77F42566B3A2EEBEBBC88A06 558952 ------w- C:\Windows\System32\HPDiscoPMB011.dll
    ====== C:\Windows\system32\drivers =====
    ====== C:\Windows\Tasks ======
    ====== C:\Windows\Temp ======
    ======= C:\Program Files =====
    2013-01-27 12:59:53 -------- d-----w- C:\Program Files\AVG
    2013-01-16 19:39:11 -------- d-----w- C:\Program Files\HP
    ======= C: =====
    ====== C:\Users\Dominiek\AppData\Roaming ======
    2013-01-27 13:02:09 -------- d-----w- C:\users\Dominiek\AppData\Roaming\AVG2013
    2013-01-27 13:01:04 -------- d-----w- C:\users\Dominiek\AppData\Roaming\TuneUp Software
    2013-01-27 12:56:51 -------- d-----w- C:\users\Dominiek\AppData\Local\Avg2013
    2013-01-27 12:56:50 -------- d-----w- C:\users\Dominiek\AppData\Local\MFAData
    2013-01-26 12:22:37 -------- d-----w- C:\users\Dominiek\AppData\Roaming\QuickScan
    2013-01-23 17:03:14 -------- d-----w- C:\users\Nancy\AppData\Local\{984A5C9B-BA47-4042-AE40-AF99167B810B}
    2013-01-22 15:03:38 -------- d-----w- C:\users\Nancy\AppData\Local\{A710B7A5-83DA-4BCA-9D24-F79896DB6211}
    2013-01-22 13:43:01 -------- d-----w- C:\users\Jade\AppData\Local\{8E43BDC0-BC8B-42E8-A4D7-FCB5BA9F68A6}
    2013-01-18 23:30:18 -------- d-----w- C:\users\Nancy\AppData\Local\{AC9EC94E-045F-422D-A1E5-379E0B1F2C33}
    2013-01-16 19:37:34 -------- d-----w- C:\users\Dominiek\AppData\Local\HP
    2013-01-15 15:47:35 -------- d-----w- C:\users\Nancy\AppData\Local\{A4A0EA17-F8CD-40EA-B02E-DEEC888F5BF0}
    2013-01-14 18:19:36 -------- d-----w- C:\users\Nancy\AppData\Local\{26EF438E-4245-45ED-B160-373B1DE3F409}
    2013-01-13 15:56:34 A0F974C77BA657EBB328855EBDEECB87 4608 ----a-w- C:\users\Dominiek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-01-11 17:29:02 -------- d-----w- C:\users\Nancy\AppData\Local\{2AF4B126-9B2D-4EDF-9BCE-C3B51FFE9D53}
    2013-01-11 16:45:08 -------- d-----w- C:\users\Nancy\AppData\Local\{699A1027-9985-4D48-8D42-617F2C9A26CA}
    2013-01-09 16:44:49 -------- d-----w- C:\users\Nancy\AppData\Local\{223E575E-C103-49B1-A4CB-42E31F6A1209}
    2013-01-02 12:38:12 -------- d-----w- C:\users\Nancy\AppData\Local\{DECA162E-3957-47E3-B7F6-5C58D280F101}
    2012-12-30 16:39:18 -------- d-----w- C:\users\Dominiek\AppData\Locallow\Adobe
    2012-12-28 19:02:53 -------- d-----w- C:\users\Nancy\AppData\Local\{E37BBE5E-21BE-427C-A383-4B0E15440CA6}
    ====== C:\Users\Dominiek ======
    2013-01-27 13:00:31 -------- d-----w- C:\ProgramData\AVG2013
    2013-01-27 12:56:51 -------- d--h--w- C:\ProgramData\Common Files
    2013-01-27 12:56:50 -------- d-----w- C:\ProgramData\MFAData
    2013-01-16 19:39:09 5EEE13A909C0849A9536B7A0D5D9F7DE 57 ----a-w- C:\ProgramData\Ament.ini
    2013-01-16 19:34:04 -------- d-----w- C:\ProgramData\HP
    2013-01-13 15:22:30 -------- d-----w- C:\ProgramData\YTD Video Downloader
    2013-01-13 15:21:55 -------- d-----w- C:\Users\Dominiek\Ytube
    ====== C: exe-files ==
    2013-01-27 12:56:55 A2DD738C3E673E76E5EA538702414BB7 15480 ----a-w- C:\ProgramData\MFAData\SelfUpd\avgrdtestx.exe
    2013-01-27 12:56:55 277F82FB2817806BA25A2BD2790B1257 7241864 ----a-w- C:\ProgramData\MFAData\SelfUpd\avgmfapx.exe
    2013-01-27 12:56:55 0214EC38CFEF72AA54F5243F9D689F04 621176 ----a-w- C:\ProgramData\MFAData\SelfUpd\avgntdumpx.exe
    2013-01-27 12:56:54 150DE281AA5F4DA6FECAB535F93EC7F4 270968 ----a-w- C:\ProgramData\MFAData\SelfUpd\avgrunasx.exe
    2013-01-27 12:53:16 FE1504AFFC3AA544B85FB8BE09FE47A2 4422016 ----a-w- C:\Users\Dominiek\Downloads\avg\avg_free_stb_all_2 013_2805_cnet.exe
    2013-01-27 12:35:04 0D7ADA905282247F87161BE6E0A0B93D 4189792 ----a-w- C:\Users\Dominiek\Downloads\ccsetup327.exe
    2013-01-27 11:23:31 0FB6D382FA5FBF72D05FC2A4503B7DF2 10156344 ----a-w- C:\Users\Nancy\Downloads\mbam-setup-1.70.0.1100 (1).exe
    2013-01-26 12:34:46 68B59B1AEF0DFC71005836216A29BB65 700768 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\24.0.1312.56\24.0.1312.56_24.0.1312. 52_chrome_updater.exe
    === C: other files ==
    2013-01-27 13:01:28 39A61D3B3434CF56D97D56AE588813AC 323 ----a-w- C:\ProgramData\AVG2013\IDS\config\quarantinedList. zip
    2013-01-27 12:56:55 D548D02F1133E6232B54E22997B4312C 775288 ----a-w- C:\ProgramData\MFAData\SelfUpd\avgmfarx.dll
    2013-01-27 12:56:54 13DD23172C3E8A81FAA9F88C34131C61 939008 ----a-w- C:\ProgramData\MFAData\SelfUpd\htmlayout.dll
    2013-01-26 11:25:57 0849CFE65B98BA5FCD9A9EC61A671D09 75 ----a-w- C:\Users\Dominiek\AppData\Local\Temp\abcd.bat
    ==== Startup Registry Enabled ======================
    [HKEY_USERS\S-1-5-21-808880932-15578866-128347471-1001\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    "HP Deskjet 3520 series (NET)"="C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe -deviceID CN29K1C73X05SY:NW -scfn HP Deskjet 3520 series (NET) -AutoStart 1"
    [HKEY_USERS\S-1-5-21-808880932-15578866-128347471-1001\Software\Microsoft\Windows\CurrentVersion\run once]
    "FlashPlayerUpdate"="C:\Windows\system32\Macromed\ Flash\FlashUtil32_11_2_202_233_ActiveX.exe -update activex"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
    "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s"
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
    "NUSB3MON"="C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    "CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
    "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
    "AVG_UI"="C:\Program Files\AVG\AVG2013\avgui.exe /TRAYONLY"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    "HP Deskjet 3520 series (NET)"="C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe -deviceID CN29K1C73X05SY:NW -scfn HP Deskjet 3520 series (NET) -AutoStart 1"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce]
    "FlashPlayerUpdate"="C:\Windows\system32\Macromed\ Flash\FlashUtil32_11_2_202_233_ActiveX.exe -update activex"
    ==== Startup Registry Disabled ======================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
    "item"="CanonMyPrinter"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\D-Link SharePort]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
    "item"="D-Link SharePort"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\D-Link\\SharePort\\SharePort.exe -mini"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
    "item"="msnmsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirtualCloneDrive]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
    "item"="VirtualCloneDrive"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
    "item"="WinampAgent"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Winamp\\winampa.exe\""

    ==== Task Scheduler Jobs ======================
    C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [18/04/2012 18:55]
    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28/11/2010 11:39]
    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28/11/2010 11:39]
    ==== Chrome Look ======================
    YouTube - Baue2 - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbe o
    Google Search - Baue2 - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjp f
    Gmail - Baue2 - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedi a
    ==== Set IE to Default ======================
    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.aldi.com/"
    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.aldi.com/"
    ==== All HKCU SearchScopes ======================
    HKCU\*\SearchScopes "DefaultScope"="{DC97BFF9-5AE8-4C6A-830A-FA981DD01F6D}"
    HKCU\*\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={search...ox&FORM=IE8SRC"
    HKCU\*\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sear...age={startPage}"
    HKCU\*\SearchScopes\{DC97BFF9-5AE8-4C6A-830A-FA981DD01F6D} Google Url="http://www.google.com/search?q={sear...I7MDNA_enDE393"
    ==== Empty IE Cache ======================
    C:\Users\Baue2\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5 emptied successfully
    C:\Users\Baue2\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5 emptied successfully
    C:\Users\Default\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Dominiek\AppData\Local\Microsoft\Windows\ Temporary Internet Files\Low\Content.IE5 emptied successfully
    C:\Users\Dominiek\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Jade\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5 emptied successfully
    C:\Users\Jade\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5 emptied successfully
    C:\Users\Nancy\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5 emptied successfully
    C:\Users\Nancy\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5 emptied successfully
    C:\Windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\serviceprofiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\serviceprofiles\LocalService\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\serviceprofiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\serviceprofiles\NetworkService\AppData\ Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Dominiek\AppData\Local\Microsoft\Windows\ Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
    ==== Empty FireFox Cache ======================
    No FireFox Profiles found
    ==== Empty Chrome Cache ======================
    C:\users\Baue2\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
    C:\users\Dominiek\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
    ==== Empty All Flash Cache ======================
    Flash Cache is not empty, a reboot is needed
    ==== Empty All Java Cache ======================
    Java Cache cleared successfully
    After Reboot
    ==== Empty Temp Folders ======================
    C:\Windows\Temp successfully emptied
    C:\Users\Dominiek\AppData\Local\Temp successfully emptied
    ==== Empty Recycle Bin ======================
    C:\$RECYCLE.BIN successfully emptied
    ==== Deleting Files / Folders ======================
    "C:\Users\Dominiek\AppData\Local\Microsoft\Windows \Temporary Internet Files\Content.IE5\index.dat" not deleted
    "C:\users\Jade\AppData\Roaming\Macromedia\Flas h Player\#SharedObjects\AVAN53FE\5050-gamegos.voxcdn.com" not found
  4. 27 January 2013, 17:46 #4
    Rosty
    Rosty is offline
    Spyware Slayer   Rosty's schermafbeelding
    Geregistreerd
    19 May 2005
    Locatie
    Zandvliet/ Ledegem
    Berichten
    4.212
    Bedankjes
    1.207
    Bedankt
    2.706 keer in 1.759 posts
    Nog problemen nu?
  5. 29 January 2013, 21:37 #5
    Nickel
    Nickel is offline
    Gevorderd   Nickel's schermafbeelding
    Geregistreerd
    11 May 2005
    Berichten
    135
    Bedankjes
    9
    Bedankt
    8 keer in 5 posts
    Citaat Oorspronkelijk geplaatst door Rosty Bekijk bericht
    Nog problemen nu?
    Momenteel lijkt alles normaal. Bedankt.
    Grtz
    Nickel
  6. 29 January 2013, 22:18 #6
    Rosty
    Rosty is offline
    Spyware Slayer   Rosty's schermafbeelding
    Geregistreerd
    19 May 2005
    Locatie
    Zandvliet/ Ledegem
    Berichten
    4.212
    Bedankjes
    1.207
    Bedankt
    2.706 keer in 1.759 posts
    Graag gedaan!
« Vorige discussie | Volgende discussie »

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Soortgelijke discussies

  1. ¨Politie virus
    Door gemini in forum HijackThis
    Reacties: 9
    Laatste bericht: 2 January 2013, 16:10
  2. Politie virus
    Door Dag_schotel in forum HijackThis
    Reacties: 13
    Laatste bericht: 24 November 2012, 08:51
  3. Politie virus
    Door poohbeer in forum HijackThis
    Reacties: 11
    Laatste bericht: 16 November 2012, 14:27
  4. Controle na virus
    Door Gert B in forum HijackThis
    Reacties: 6
    Laatste bericht: 11 November 2009, 16:30
  5. virus in hotmail ?
    Door tomasven in forum Malware
    Reacties: 2
    Laatste bericht: 12 May 2005, 04:54

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •  

Forumregels