Register een gratis account om van alle functies op het forum gebruik te kunnen maken.

Problemen met uw computer, of heeft u advies nodig? PC Web Plus helpt u graag verder.

Welkom op PC Web Plus, op dit computerforum kunt u terecht voor gratis hulp bij computerproblemen en allerhande vragen over software, hardware en computerbeveiliging.

Als gast kunt u alleen het forum bekijken en meelezen met de verschillende discussies. U kunt echter geen reacties of commentaar geven op bestaande discussies, of nieuwe onderwerpen op het forum starten met uw vraag of probleem.

Klik op de onderstaande link om geheel gratis een gebruikersaccount op ons forum te registreren. Vanaf dat moment kunt u deelnemen aan de diverse discussies op het forum.

Klik hier om een gratis account te registreren! - of lees onze Welkomstgids door voor meer informatie over het gebruik van het forum.

Forumoverzicht Malware en virusinfectie problemen Hulp bij malware en virusinfectie problemen (HijackThis / RSIT / DDS logs) Opgeloste problemen / logs

Gesloten onderwerpen. Stuur een privé bericht naar een Moderator of de Administrator om het topic weer te laten openen.

Politie trojan horse

Berichtdoor vincent11 » di 24 jul, 2012 11:29:54

Ik heb helaas ook het politie virus gekregen, hieronder de logs.
Bericht 1: DDS.txt
Bericht 2: Attach.txt
Bericht 3: Mbam-log-2012-07-24

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Vincent at 12:26:24 on 2012-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.5996.4111 [GMT 2:00]
.
AV: McAfeeAntivirus en antispyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfeeAntivirus en antispyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfeeFirewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627133537.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3B7F2F84-982A-49EA-9368-45FB5BC144D9} : DhcpNameServer = 150.200.3.2
TCP: Interfaces\{D6B09257-0768-4A65-BDA1-B1E8FE199012} : DhcpNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
{8dcb7100-df86-4384-8842-8fa844297b3f}
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\c1pla933.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-13 249648]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-10-14 353360]
R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-12-24 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-30 36456]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-14 13592]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-10-14 244624]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-10-14 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-10-14 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-24 256832]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-27 2348352]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-14 2656280]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\system32\DRIVERS\b57xdbd.sys --> C:\Windows\system32\DRIVERS\b57xdbd.sys [?]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\system32\DRIVERS\b57xdmp.sys --> C:\Windows\system32\DRIVERS\b57xdmp.sys [?]
R3 bScsiMSa;bScsiMSa;C:\Windows\system32\DRIVERS\bScsiMSa.sys --> C:\Windows\system32\DRIVERS\bScsiMSa.sys [?]
R3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys --> C:\Windows\system32\DRIVERS\bScsiSDa.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-10-14 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SIUSBXP;SIUSBXP;C:\Windows\system32\drivers\SiUSBXp.sys --> C:\Windows\system32\drivers\SiUSBXp.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-07-24 10:13:56 -------- d-----w- C:\Users\Vincent\AppData\Roaming\Malwarebytes
2012-07-24 10:13:47 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-24 10:13:46 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-24 10:13:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-24 09:45:13 -------- d-----w- C:\Users\Vincent\AppData\Local\{9D011968-C0B0-4B1B-B75C-141AF1D6D8B2}
2012-07-24 09:44:58 -------- d-----w- C:\Users\Vincent\AppData\Local\{CECF491F-41DA-42F6-90E0-01D2B8A06FBA}
2012-07-22 16:52:21 -------- d-----w- C:\Users\Vincent\AppData\Local\{5DCDC379-DB8B-4869-B98B-CB7D5548199E}
2012-07-22 16:52:05 -------- d-----w- C:\Users\Vincent\AppData\Local\{47BFC21F-9AB9-467D-B08F-E93B99410E91}
2012-07-16 07:38:07 -------- d-----w- C:\Users\Vincent\AppData\Local\{ACD8B77B-2B3C-438A-91A8-8763DDFC300B}
2012-07-16 07:37:52 -------- d-----w- C:\Users\Vincent\AppData\Local\{BC7D29BB-C7F4-43C2-865F-5B12C56417C0}
2012-07-13 19:07:23 -------- d-----w- C:\Program Files (x86)\Ventrilo
2012-07-13 19:06:51 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-07-13 09:35:39 -------- d-----w- C:\Users\Vincent\AppData\Local\{9582E8FC-B9E6-45CA-9B5A-1BE67653E243}
2012-07-13 09:35:29 -------- d-----w- C:\Users\Vincent\AppData\Local\{4F9DD49A-81FC-4513-90DE-4190F56A1A18}
2012-07-12 08:54:25 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 22:31:05 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 22:30:59 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-06 11:54:29 -------- d-----w- C:\Users\Vincent\AppData\Local\{B102A083-F0FC-430D-874B-94CB8F8FDA83}
2012-07-06 11:54:14 -------- d-----w- C:\Users\Vincent\AppData\Local\{31770145-1AF5-48D0-938F-601F5887803F}
2012-07-06 11:19:45 -------- d-----w- C:\Windows\nl
2012-07-06 11:15:56 -------- d-----w- C:\Windows\hu
2012-07-06 11:15:51 -------- d-----w- C:\Windows\it
2012-07-06 11:15:46 -------- d-----w- C:\Windows\no
2012-07-06 11:15:42 -------- d-----w- C:\Windows\pl
2012-07-06 11:15:37 -------- d-----w- C:\Windows\pt-br
2012-07-06 11:15:33 -------- d-----w- C:\Windows\ro
2012-07-06 11:15:28 -------- d-----w- C:\Windows\ru
2012-07-06 11:15:23 -------- d-----w- C:\Windows\sk
2012-07-06 11:15:18 -------- d-----w- C:\Windows\sl
2012-07-06 11:15:14 -------- d-----w- C:\Windows\sv
2012-07-06 11:15:10 -------- d-----w- C:\Windows\th
2012-07-06 11:15:05 -------- d-----w- C:\Windows\tr
2012-07-06 11:15:01 -------- d-----w- C:\Windows\zh-tw
2012-07-06 11:14:57 -------- d-----w- C:\Windows\ca
2012-07-06 11:03:56 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9895d871cd5b6701\DSETUP.dll
2012-07-06 11:03:56 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9895d871cd5b6701\DXSETUP.exe
2012-07-06 11:03:56 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9895d871cd5b6701\dsetup32.dll
2012-07-06 11:03:56 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9c01d2d1cd5b6702\MeshBetaRemover.exe
2012-07-06 11:01:22 -------- d-----w- C:\Users\Vincent\AppData\Local\{9257FE04-24D5-4425-8C2E-F36DDCB114D4}
2012-07-06 11:01:08 -------- d-----w- C:\Users\Vincent\AppData\Local\{973B80F6-2BAD-48D7-ABE6-1DCE9CFCCA06}
2012-07-06 11:00:24 -------- d-----w- C:\Users\Vincent\AppData\Local\{DE1F1126-5882-4B66-8372-E78592A9771D}
2012-07-06 11:00:09 -------- d-----w- C:\Users\Vincent\AppData\Local\{B941A2A2-FA38-423D-9752-C93D9ED7F179}
2012-07-06 10:59:17 -------- d-----w- C:\Users\Vincent\AppData\Local\{37E9B84F-9730-426F-B3FF-E782297CD93D}
2012-07-06 10:59:02 -------- d-----w- C:\Users\Vincent\AppData\Local\{4FDE4F18-0FC3-4734-B3F8-8E7FA854F6AF}
2012-07-06 10:57:00 -------- d-----w- C:\Users\Vincent\AppData\Local\{F98CD352-75F8-49D7-B41E-941BD30806B8}
2012-07-06 10:56:46 -------- d-----w- C:\Users\Vincent\AppData\Local\{11DECD89-F897-4D6A-A1CB-0B0D09B51830}
2012-07-06 10:55:58 -------- d-----w- C:\Users\Vincent\AppData\Local\{4DE9D232-3E21-44B7-A336-A060A6A33DD6}
2012-07-06 10:55:43 -------- d-----w- C:\Users\Vincent\AppData\Local\{56CE3420-C33D-470C-8D94-35F1D2F1FAAA}
2012-07-06 10:55:24 -------- d-----w- C:\Users\Vincent\AppData\Local\{4A3412A5-60E2-4C31-9EF6-0BD036606D98}
2012-07-06 10:55:09 -------- d-----w- C:\Users\Vincent\AppData\Local\{0702FD0B-D645-4C3A-862F-248991B544B6}
2012-07-06 10:51:35 -------- d-----w- C:\Users\Vincent\AppData\Local\{6D76EC34-EF32-4B13-8CFA-3DA38CA8BA1C}
2012-07-06 10:51:21 -------- d-----w- C:\Users\Vincent\AppData\Local\{EA66AEB1-CDCE-4EC7-BE07-739961625699}
2012-07-06 10:50:08 -------- d-----w- C:\Users\Vincent\AppData\Local\{12AD8B5C-4D47-4EE8-8E42-319B039C2EC0}
2012-07-06 10:49:54 -------- d-----w- C:\Users\Vincent\AppData\Local\{40D4BA4F-8747-4CFD-A1B0-3A93EBE4D0DE}
2012-07-06 10:49:39 -------- d-----w- C:\Users\Vincent\AppData\Local\{042EA525-B764-473D-9938-031C3B84B13E}
2012-07-06 10:49:28 -------- d-----w- C:\Users\Vincent\AppData\Local\{E0842CE5-23D2-45D7-BE2C-79CE3D314A54}
2012-07-06 10:46:37 -------- d-----w- C:\Users\Vincent\AppData\Local\{5BF5A561-D1DC-4441-8D9B-0347EBE35BF6}
2012-07-06 10:46:27 -------- d-----w- C:\Users\Vincent\AppData\Local\{90930CC8-EF49-4E49-B058-EFDAA67F1E73}
2012-07-06 10:46:13 -------- d-----w- C:\Users\Vincent\AppData\Local\{BAFFA6F1-22F8-46D0-8D0D-BDFE19973724}
2012-07-06 10:46:03 -------- d-----w- C:\Users\Vincent\AppData\Local\{3B728213-2168-4A4D-BFC9-21562D98E7D4}
2012-07-06 10:41:49 -------- d-----w- C:\Users\Vincent\AppData\Local\{10879771-4C97-4F70-9270-0E8D9733EB2E}
2012-07-06 10:41:35 -------- d-----w- C:\Users\Vincent\AppData\Local\{4C337A2C-D993-4365-B977-B947DC683B25}
2012-07-06 08:20:26 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-06-30 23:01:57 -------- d-----w- C:\Users\Vincent\AppData\Local\{26F4737D-500F-499A-80BE-009D1D97A261}
2012-06-30 23:01:47 -------- d-----w- C:\Users\Vincent\AppData\Local\{CE61AF2E-CB0E-46D2-8470-125D7FEE95E9}
2012-06-27 06:17:44 -------- d-----w- C:\Users\Vincent\AppData\Local\{B925D5DC-CAD4-41E8-A4D5-5A7E808774B0}
2012-06-27 06:17:24 -------- d-----w- C:\Users\Vincent\AppData\Local\{EFF21530-D4D9-4072-A3E5-31A6151E52E6}
.
==================== Find3M ====================
.
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 12:27:11,86 ===============
vincent11
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 9
Geregistreerd: di 24 jul, 2012 11:23:40
Kennisniveau: (1) Beginner

Re: Politie trojan horse

Berichtdoor vincent11 » di 24 jul, 2012 11:30:23

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 27-3-2012 13:26:53
System Uptime: 24-7-2012 12:19:08 (0 hours ago)
.
Motherboard: Acer | | JE50_HR
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz | CPU1 | 2300/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 289,324 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Reader X (10.1.0) MUI
Agatha Christie - Death on the Nile
Apple Application Support
Apple Software Update
µTorrent
Backup Manager V3
Bejeweled 2 Deluxe
Bing Bar
Canon Easy-WebPrint EX
Chuzzle Deluxe
clear.fi
clear.fi Client
Crazy Chicken Kart 2
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo III
Dolby Advanced Audio v2
eBay Worldwide
Evernote v. 4.5.1
FATE
Final Drive: Nitro
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galeria fotogràfica del Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Identity Card
Insaniquarium Deluxe
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 31
Jewel Match 3
Jewel Quest Solitaire
John Deere Drive Green
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware versie 1.62.0.1300
McAfee Internet Security Suite
Mesh Runtime
Microsoft Office 2010
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Language Pack 2010 - Dutch/Nederlands
Microsoft Office O MUI (Dutch) 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (Dutch) 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office X MUI (Dutch) 2010
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 14.0.1 (x86 nl)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Mystery of Mortlake Mansion
MyWinLocker 4
MyWinLocker Suite
Norton Online Backup
NTI Media Maker 9
NVIDIA PhysX
Penguins!
Plants vs. Zombies - Game of the Year
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Bowler
Pošta Windows Live
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
S?????? f?t???af??? t?? Windows Live
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Shredder
Skype™ 5.8
Slingo Deluxe
System Requirements Lab CYRI
System Requirements Lab for Intel
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Ventrilo Client
Virtual Villagers 4 - The Tree of Life
VLC media player 2.0.2
Wedding Dash
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Zuma Deluxe
.
==== End Of File ===========================
vincent11
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 9
Geregistreerd: di 24 jul, 2012 11:23:40
Kennisniveau: (1) Beginner

Re: Politie trojan horse

Berichtdoor vincent11 » di 24 jul, 2012 11:30:46

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Databaseversie: v2012.07.24.04

Windows 7 Service Pack 1 x64 NTFS (Veilige modus/netwerkmogelijkheden)
Internet Explorer 9.0.8112.16421
Vincent :: VINCENT-PC [administrator]

24-7-2012 12:15:01
mbam-log-2012-07-24 (12-15-01).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 212165
Verstreken tijd: 3 minuut/minuten, 21 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 2
C:\Users\Vincent\AppData\Local\Temp\rty0_7z.exe (Spyware.Zbot.DG) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)
vincent11
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 9
Geregistreerd: di 24 jul, 2012 11:23:40
Kennisniveau: (1) Beginner

Re: Politie trojan horse

Berichtdoor vincent11 » di 24 jul, 2012 11:31:19

Alvast bedankt voor de gegeven hulp.
vincent11
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 9
Geregistreerd: di 24 jul, 2012 11:23:40
Kennisniveau: (1) Beginner

Re: Politie trojan horse

Berichtdoor Maxstar » di 24 jul, 2012 12:22:28

Hoi en welkom op het forum,

Download zoek.exe naar het bureaublad.
"zoek.exe" gebruiken:
  • Sluit nu eerst alle nog openstaande programmavensters!
  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
    • Windows 2000 en Windows XP: start de tool middels dubbelklik op "zoek.exe".
    • Windows Vista en Windows 7: start de tool middels rechtsklik op "zoek.exe" en dan kiezen voor Als Administrator uitvoeren.
  • Vervolgens zal er na een tijdje een venster geopend worden.
  • Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:

    Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

    Code: Selecteer alles
    startupall;
    filesrcm;
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33979
Geregistreerd: za 27 sep, 2008 09:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Re: Politie trojan horse

Berichtdoor vincent11 » di 24 jul, 2012 12:32:27

Zoek.exe Version 3.0.0.3 Updated 22-07-2012
Tool run by Vincent on di 24-07-2012 at 13:28:07,82.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running from: C:\Users\Vincent\Desktop\zoek.exe

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2012-07-13 19:07:22 8D0944E48D8F8F1FDFE9653A6E155807 268 ----a-w- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
====== C:\Users\Vincent\AppData\Local\Temp ====
2012-07-22 09:07:03 FA2AEB6E70B6C6BB576C7576179B64FF 22657136 ----a-w- C:\Users\Vincent\AppData\Local\Temp\vlc-2.0.2-win32.exe
====== C:\Windows\SysWOW64 =====
2012-07-12 08:50:30 DC5F7BAE79D7F8328497F5FBD7A00A2E 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2012-07-12 08:50:30 9B6A1E70C142492A73E325F46EDCB686 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2012-07-12 08:50:29 EFFC2EDD5E7BF93D312A2899F06B48EA 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll
2012-07-12 08:50:29 C516284DE6DB833E77CC0E5217CDC6AA 1793024 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2012-07-12 08:50:29 AEE054BB5693EB336BA6218EBBEEDF60 231936 ----a-w- C:\Windows\SysWOW64\url.dll
2012-07-12 08:50:29 1408CF9B0DD2AAA80D8E7087C8A2E3BC 1103872 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2012-07-12 08:50:28 94532D14FC8F02A119BA9F9DDD5A12DA 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2012-07-12 08:50:28 8E87270C4704CF2951E1E7820D6C8A2B 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll
2012-07-12 08:50:27 F20D67994CAE796EABF2F57D04F9BADA 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2012-07-12 08:50:27 D27DF9AFC0D190A9AD89893A406C9B18 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2012-07-12 08:50:27 53CECC958DB8F5E8188B1E80042588DB 1800192 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2012-07-12 08:50:27 37F674BD7EC41C352260D16C6A646FB6 716800 ----a-w- C:\Windows\SysWOW64\jscript.dll
2012-07-12 08:50:26 6820A9E91AFF7CB3A510360D8CCD9BDD 12314624 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2012-07-12 08:50:24 8DCDD0B5939043A1EC98C6F168A56B16 9737728 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2012-07-11 22:31:05 D9A9702E43A5859896F34898D5FD3FEC 1390080 ----a-w- C:\Windows\SysWOW64\msxml6.dll
2012-07-11 22:31:05 A45CB10FC8C4DCA23F96FE4D334F64FE 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll
2012-07-11 22:31:05 1CDEA9188899E76D4FFD54C9D512CCDB 1236992 ----a-w- C:\Windows\SysWOW64\msxml3.dll
2012-07-11 22:31:03 29E9794708DF51DB5DC89FB2E903A0F6 12873728 ----a-w- C:\Windows\SysWOW64\shell32.dll
2012-07-11 22:31:00 591FE0A6CEB19BF886CEB1331F591940 219136 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 22:31:00 3D3CBD1847F980FB03343A63671E7886 225280 ----a-w- C:\Windows\SysWOW64\schannel.dll
2012-07-11 22:30:59 F93674263F6B07C77956E966953242D9 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2012-07-11 22:30:59 EDA7AD21DF8945528F01F0A86D69E524 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2012-07-11 22:30:55 3B7C1A53047FF6ACEFD9BA6E281DEBB7 805376 ----a-w- C:\Windows\SysWOW64\cdosys.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2012-07-12 08:54:25 511166D3F5D7EBA36DE48C4F5E195886 3148800 ----a-w- C:\Windows\Sysnative\win32k.sys
2012-07-12 08:50:30 E432B213AEA72C1B01426BDE624425FA 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2012-07-12 08:50:30 E1EC71AD60D508B2711FC5D9A3AAFE16 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2012-07-12 08:50:29 E8FD953D416772794408A68CC20B247D 1346048 ----a-w- C:\Windows\Sysnative\urlmon.dll
2012-07-12 08:50:29 78CA24E3B51C624007C1B8A7B8D6C9AF 2144768 ----a-w- C:\Windows\Sysnative\iertutil.dll
2012-07-12 08:50:29 524906A4A2796236CAA264DE8F59B683 237056 ----a-w- C:\Windows\Sysnative\url.dll
2012-07-12 08:50:28 6D91DE6BFBC367C2F4B0E4F2867857EF 248320 ----a-w- C:\Windows\Sysnative\ieui.dll
2012-07-12 08:50:28 5C1B93F765504927CAE1FAFC7E88E69B 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2012-07-12 08:50:28 5A45FA344F4AD99D903F4B20E43B89EC 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll
2012-07-12 08:50:28 573BA161EE8D49F9AED48A72096158EB 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2012-07-12 08:50:27 CC06D5777831BE933D4A8519B9198D50 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2012-07-12 08:50:27 9E63F231D643366FD5DB493D0C0301FB 818688 ----a-w- C:\Windows\Sysnative\jscript.dll
2012-07-12 08:50:27 1CBAB9DB246B8B910419B74392989A48 2311680 ----a-w- C:\Windows\Sysnative\jscript9.dll
2012-07-12 08:50:25 89C4B3BF66D3C2F3D83F9DEDF1B218D6 17807360 ----a-w- C:\Windows\Sysnative\mshtml.dll
2012-07-12 08:50:24 FC3A5E13D26C131E6BB39094D9ACD1F6 10924032 ----a-w- C:\Windows\Sysnative\ieframe.dll
2012-07-11 22:31:05 D0EC440FA8D306E4CEFC8CC4DEFD2AC4 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll
2012-07-11 22:31:05 4FFDE68C4B7C9993FA551E7E36DDB34D 2004480 ----a-w- C:\Windows\Sysnative\msxml6.dll
2012-07-11 22:31:05 0B2D65FDDE31069299AA6330F359FF9C 1881600 ----a-w- C:\Windows\Sysnative\msxml3.dll
2012-07-11 22:31:03 C6689007B3A749C49A5438DCF36E0CE4 14172672 ----a-w- C:\Windows\Sysnative\shell32.dll
2012-07-11 22:31:00 400645085A91BF3EB0271329B95AE0BE 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2012-07-11 22:31:00 1573C45E65DE32B1BC3572634F8F1E8E 340992 ----a-w- C:\Windows\Sysnative\schannel.dll
2012-07-11 22:30:53 1FEB1694B13247A451B274E114AFAC45 1133568 ----a-w- C:\Windows\Sysnative\cdosys.dll
====== C:\Windows\Sysnative\drivers =====
2012-07-24 10:13:46 DC8490812A3B72811AE534F423B4C206 24904 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2012-07-11 22:31:00 9AC4F97C2D3E93367E2148EA940CD2CD 458704 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2012-07-11 22:31:00 26C43A7C2862447EC59DEDA188D1DA07 151920 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2012-07-11 22:30:59 97A7070AEA4C058B6418519E869A63B4 95600 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files (x86) =====
2012-07-13 19:07:23 -------- d-----w- C:\Program Files (x86)\Ventrilo
2012-07-13 19:06:51 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
======= C: =====
====== C:\Users\Vincent\AppData\Roaming ======
====== C:\Users\Vincent ======
2012-07-24 09:41:26 68912CCF1008B8DE265B0C7B07C05FDA 4503728 ----atw- C:\Users\All Users\z7_0ytr.pad
2012-07-24 09:41:26 68912CCF1008B8DE265B0C7B07C05FDA 4503728 ----atw- C:\ProgramData\z7_0ytr.pad
====== C:\Windows\Downloaded Program Files ====

====== C: exe-files ==
2012-07-24 10:13:25 B3F52C1F402613B110EE66F5A3604063 10652120 ----a-w- C:\Users\Vincent\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-23 22:23:28 9477F92E249465756BD9A51FD2EFD3F2 646800 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
2012-07-23 22:23:27 B891E3920F24FF1A3BEAD6CD2B42ED99 103472 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
2012-07-23 22:23:27 8F503189E3E47ACA3E0659973F742A0E 818304 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\saUpd.exe
2012-07-23 22:23:27 60BEB1B781DC2B2A838ACA35C82310EE 515448 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\ActUtil.exe
2012-07-23 22:23:27 430F7D75EF6D4E2EA997A9F57FADD6FE 516472 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\uninstall.exe
2012-07-23 22:23:27 2DEF7819FB2D52B4D9BC0643F9169AA7 53496 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\saOemMgr.exe
2012-07-23 14:09:11 E1A8683606BF84E000777C9C0EA0297A 285050 ----a-w- C:\Users\All Users\NVIDIA\Updatus\Download\ACC\updatus.13506955_RUNASUSER.exe
2012-07-23 14:09:11 E1A8683606BF84E000777C9C0EA0297A 285050 ----a-w- C:\ProgramData\NVIDIA\Updatus\Download\ACC\updatus.13506955_RUNASUSER.exe
2012-07-22 09:07:03 FA2AEB6E70B6C6BB576C7576179B64FF 22657136 ----a-w- C:\Users\Vincent\AppData\Local\Temp\vlc-2.0.2-win32.exe
=== C: other files ==
2012-07-24 10:21:43 2E84724E785214F625E16D1E89519DA2 607260 ------r- C:\Users\Vincent\Downloads\dds.com
2012-07-24 10:13:46 DC8490812A3B72811AE534F423B4C206 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-23 22:23:28 F9F003ECAB0AC26E2ABA43E672F15BD9 59200 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACorePS.dll
2012-07-23 22:23:28 C6FD288C265157410A17AE0531D3AF4C 236824 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
2012-07-23 22:23:28 99B22BFF4544B5E230C976749087AF9F 2015128 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\sares.dll
2012-07-23 22:23:28 5C4BA8EF8FBA80397C33CC33F7F3922F 261568 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
2012-07-23 22:23:28 4011E202D10468CD68EF1791A7F5E2F3 185336 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\McPlgUI.dll
2012-07-23 22:23:27 EF87F690AD87C87DDB2EE9B7B5F4F42A 486096 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\saplugin.dll
2012-07-23 22:23:27 E94B0A38346D49679E270C473AF4C3AF 529904 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\saSubMgr.dll
2012-07-23 22:23:27 9E3D27F8B25773343B69DC4ECB28E100 322344 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
2012-07-23 22:23:27 9DF21887DD7D78D8DFE82BFC99A67618 60760 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McSACorePS.dll
2012-07-23 22:23:27 9DC80AE0D74422296E8D88E1EDB5ACC2 684368 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\mcbrwctl.dll
2012-07-23 22:23:27 6C63C81746719E5742679314B12063F1 897072 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McBrwCtl.dll
2012-07-23 22:23:27 64ECE532B8ABD7E035803515E9C11DC9 2419936 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\sasshmod.dll
2012-07-23 22:23:27 5A18A6B8131444BD4C86164E61984479 857408 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\saupkeep.dll
2012-07-23 22:23:27 26BEC2843E317B32C24BB4083FE35024 20072 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
2012-07-23 22:23:27 17807DE3402F8B5A3440FEBA1ABF0BC7 19560 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\saHook.dll
2012-07-23 22:23:27 0FCC94F1C18D732506B0F87BDD68F067 219344 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McPlgUI.dll
2012-07-23 22:23:27 027DA362A208A1F722070EEE57C3CD4F 632344 ----a-w- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\saPlugin.dll

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-877963767-4111451062-1969559298-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"uTorrent"="C:\Program Files (x86)\uTorrent\uTorrent.exe /MINIMIZED"

[HKEY_USERS\S-1-5-21-877963767-4111451062-1969559298-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k"
"Dolby Advanced Audio v2"="C:\Dolby PCEE4\pcee4.exe -autostart"
"ArcadeMovieService"="C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"uTorrent"="C:\Program Files (x86)\uTorrent\uTorrent.exe /MINIMIZED"
vincent11
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 9
Geregistreerd: di 24 jul, 2012 11:23:40
Kennisniveau: (1) Beginner

Re: Politie trojan horse

Berichtdoor Maxstar » di 24 jul, 2012 13:12:47

Hoi,

Start Zoek.exe nogmaals.
"zoek.exe" gebruiken:
  • Sluit nu eerst alle nog openstaande programmavensters!
  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
    • Windows 2000 en Windows XP: start de tool middels dubbelklik op "zoek.exe".
    • Windows Vista en Windows 7: start de tool middels rechtsklik op "zoek.exe" en dan kiezen voor Als Administrator uitvoeren.
  • Vervolgens zal er na een tijdje een venster geopend worden.
  • Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:

    Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

    Code: Selecteer alles
    C:\Users\All Users\z7_0ytr.pad;f
    C:\ProgramData\z7_0ytr.pad;f
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33979
Geregistreerd: za 27 sep, 2008 09:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Re: Politie trojan horse

Berichtdoor vincent11 » di 24 jul, 2012 13:15:41

Zoek.exe Version 3.0.0.3 Updated 22-07-2012
Tool run by Vincent on di 24-07-2012 at 14:14:11,46.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running from: C:\Users\Vincent\Desktop\zoek.exe

==== Deleting Files \ Folders ======================

"C:\Users\All Users\z7_0ytr.pad" deleted
"C:\ProgramData\z7_0ytr.pad" deleted
vincent11
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 9
Geregistreerd: di 24 jul, 2012 11:23:40
Kennisniveau: (1) Beginner

Re: Politie trojan horse

Berichtdoor Maxstar » di 24 jul, 2012 13:19:34

Hoi,

Voer nu nog even een scan uit met de Emsisoft Emergency Kit

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.
  • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
    Afbeelding
  • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
  • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
    Afbeelding
  • Als het verwijderen gereed is klikt u op de knop "Rapport bekijken" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  • Herstart nu de computer.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33979
Geregistreerd: za 27 sep, 2008 09:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Re: Politie trojan horse

Berichtdoor vincent11 » di 24 jul, 2012 14:19:29

Diepe scan uitgevoerd en niks gevonden.

Hier volgt de log:
Emsisoft Emergency Kit - Versie 2.0
Laatste Update: 24-7-2012 14:26:34

Scaninstellingen:

Scantype: Diepe scan
Objecten: Rootkits, Geheugen, Sporen, C:\
Scan archieven: Aan
ADS Scan: Aan

Scan gestart: 24-7-2012 14:27:26


Gescand 617076
Gevonden 0

Scan geëindigd: 24-7-2012 15:18:37
Scantijd: 0:51:11
vincent11
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 9
Geregistreerd: di 24 jul, 2012 11:23:40
Kennisniveau: (1) Beginner

Re: Politie trojan horse

Berichtdoor Maxstar » di 24 jul, 2012 14:31:41

Hoi,

Zijn er nu verder nog problemen merkbaar?
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33979
Geregistreerd: za 27 sep, 2008 09:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Re: Politie trojan horse

Berichtdoor vincent11 » di 24 jul, 2012 14:36:18

Ik werk nu alweer een tijdje in de normale modus van Windows 7 en heb nergens problemen mee.
Is het verstandig om nog een normale virusscan te doen?
vincent11
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 9
Geregistreerd: di 24 jul, 2012 11:23:40
Kennisniveau: (1) Beginner

Re: Politie trojan horse

Berichtdoor Maxstar » di 24 jul, 2012 14:42:49

Hoi,

Je kan inderdaad nog een virusscan uitvoeren ter controle.

De volgende programma's en bijbehorende log bestanden mag je verwijderen. MBAM en de Emsisoft Emergency Kit kan je gewoon blijven gebruiken om periodiek de computer te scannen (wel eerst updaten).
  • Zoek.exe
  • DDS


Aangezien de problemen zijn verholpen adviseer ik u nog wel even het onderstaande uit te voeren.

1.) Systeemherstelpunten verwijderen
Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.
  • Hoe u de herstelpunten verwijderd leest u hier
  • Hoe u zelf snel een nieuw systeemherstelpunt aan kunt maken leest u hier

2.) Installeren van essentiële updates.
Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier lezen.
Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier

3.) Pas op voor 'Phishing' berichten.
Phishing is een vorm van internet oplichting (fraude), met valse e-mailberichten en websites die er vertrouwd uitzien wordt er getracht 'logingegevens' en andere persoonlijke informatie te achterhalen.
Dit gebeurt vaak op hele slinkse manieren, zoals bijvoorbeeld e-mailberichten waarin u gevraagd wordt uw inloggegevens te verifiëren, in deze gevallen wordt u vaak naar een valse (clone) website gestuurd, zodra u uw gegevens hier hebt ingevoerd zijn deze in de handen van de kwaadwillende met alle gevolgen van dien.
Meer informatie leest u hier

4.) Gebruikersaccounts
Met dit account heeft u dus het volledige beheer van de computer in handen, het is dan ook niet aan te raden om dit account als primair account voor het dagelijkse gebruik in te stellen.
Meer informatie hierover leest u hier

5.) Risico's bij het downloaden
Peer to Peer (P2P) netwerken en ook Usenet (nieuwsgroepen) zijn een grote bron op het internet wat betreft het verspreiden van malware, het aanbieden van 'gevaarlijke' software (malware) gebeurt vrijwel anoniem waardoor dit een veel gebruikte methode is voor het verspreiden van malware.
Meer informatie hierover leest u hier

6.) Preventie informatie & het gebruik van beveiligings software.
Hier en hier staat informatie hoe u een infectie kunt voorkomen, lees dit eens op uw gemak door.

Meer informatie over het gebruik van "beveiligings software" en "valse (nep) software" (rogueware) leest u hier
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33979
Geregistreerd: za 27 sep, 2008 09:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Re: Politie trojan horse

Berichtdoor vincent11 » di 24 jul, 2012 15:33:50

Ik zal de stukken nog even doorkijken.
Reuze bedankt voor de snelle hulp.

Groeten,
Vincent
vincent11
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 9
Geregistreerd: di 24 jul, 2012 11:23:40
Kennisniveau: (1) Beginner

Re: Politie trojan horse

Berichtdoor Maxstar » di 24 jul, 2012 16:10:31

Hoi,

Graag gedaan... :good:

Omdat het probleem is verholpen wordt dit topic gesloten en verplaatst naar de sectie opgeloste problemen / logs.

Als u dit topic heropent wilt hebben, dan kunt u mij of één van moderators een (PB) privébericht sturen met een link naar dit betreffende topic.

Indien het topic al langere tijd is gesloten kunt u het beste hier een nieuw topic aanmaken, en eventueel verwijzen naar dit topic.


Voor alle andere vragen kunt u in het juiste forum een nieuw onderwerp starten.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33979
Geregistreerd: za 27 sep, 2008 09:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security


Keer terug naar Opgeloste problemen / logs

Wie is er online

Gebruikers op dit forum: Geen geregistreerde gebruikers. en 1 gast