HELP Politievirus!

[alexdesouza10]

Emsisoft Emergency Kit - Versie 2.0

Laatste Update: 6-9-2012 9:39:55

Scaninstellingen:

Scantype: Diepe scan

Objecten: Rootkits, Geheugen, Sporen, C:\

Scan archieven: Aan

ADS Scan: Aan

Scan gestart: 6-9-2012 9:52:00

c:\program files (x86)\downloadmanager Ontdekt: Trace.File.mediapipe!E1

Value: hkey_current_user\software\partygaming\partypoker --> 1 Ontdekt: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 10 Ontdekt: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 2 Ontdekt: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 4 Ontdekt: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 9 Ontdekt: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 6 Ontdekt: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 7 Ontdekt: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 5 Ontdekt: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> adslastknownstate Ontdekt: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> initialport Ontdekt: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> tabletype Ontdekt: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> usecount Ontdekt: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming --> autologintoothergames Ontdekt: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming --> cfdialogshown Ontdekt: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming --> freshinstall Ontdekt: Trace.Registry.partypoker!E1

Gescand 584196

Gevonden 16

Scan geëindigd: 6-9-2012 10:43:12

Scantijd: 0:51:12

Value: hkey_current_user\software\partygaming\partypoker --> 1 Verwijderd Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 10 Verwijderd Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 2 Verwijderd Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 4 Verwijderd Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 9 Verwijderd Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 6 Verwijderd Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 7 Verwijderd Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 5 Verwijderd Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> adslastknownstate Verwijderd Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> initialport Verwijderd Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> tabletype Verwijderd Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> usecount Verwijderd Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming --> autologintoothergames Verwijderd Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming --> cfdialogshown Verwijderd Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming --> freshinstall Verwijderd Trace.Registry.partypoker!E1

c:\program files (x86)\downloadmanager Verwijderd Trace.File.mediapipe!E1

Verwijderd 16

[alexdesouza10]

Tevens kreeg ik vandaag ineens een melding dat een onbekende uitgever een stuurprogramma probeert te installeren genaamd ''unknowd device'' Dit vind ik erg raar en vlak erna kreeg ik ook een melding dat een onbekende USB apparaat probeert te connecten (heel raar aangezien ik helemaal niets heb aangesloten op mijn laptop.) Is dit gewoon toeval of is dit ook een onderdeel van een virus? Tevens is dit de eerste keer dat ik zo'n melding krijg.

Tot nu toe erg bedankt voor de tijd en hulp die ik krijg ben er erg blij mee.

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[alexdesouza10]

Combofix is klaar en hier is de log:

ComboFix 12-09-06.04 - Renan 07-09-2012 11:17:52.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4003.2247 [GMT 2:00]

Gestart vanuit: c:\users\Renan\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}

FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\prefs.js

c:\programdata\dsgsdgdsgdsgw.pad

c:\users\Renan\AppData\Local\Temp\{B2FAEAC0-2303-4116-AC03-0608C0DC5D42}\fpb.tmp

c:\windows\Temp\log.txt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-08-07 to 2012-09-07 ))))))))))))))))))))))))))))))

.

.

2012-09-05 22:43 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-09-05 18:32 . 2012-09-05 18:32 388096 ----a-r- c:\users\Renan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-09-05 17:49 . 2012-09-05 17:49 -------- d-----w- c:\users\Renan\AppData\Roaming\Malwarebytes

2012-09-05 17:49 . 2012-09-05 17:49 -------- d-----w- c:\programdata\Malwarebytes

2012-09-05 17:49 . 2012-09-05 17:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-05 17:49 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-05 17:45 . 2012-09-05 17:45 -------- d-----w- c:\program files\CCleaner

2012-08-26 12:10 . 2012-08-26 12:10 -------- d-----w- c:\program files\iPod

2012-08-26 12:10 . 2012-08-26 12:11 -------- d-----w- c:\program files\iTunes

2012-08-26 12:10 . 2012-08-26 12:11 -------- d-----w- c:\program files (x86)\iTunes

2012-08-26 12:05 . 2012-08-26 12:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-08-26 12:05 . 2012-08-26 12:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-08-26 12:05 . 2012-08-26 12:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-08-26 12:05 . 2012-08-26 12:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-08-26 12:05 . 2012-08-26 12:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-08-26 12:05 . 2012-08-26 12:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-08-26 12:05 . 2012-08-26 12:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-08-26 12:05 . 2012-08-26 12:05 -------- d-----w- c:\program files (x86)\QuickTime

2012-08-25 18:48 . 2012-08-25 18:48 -------- d-----w- c:\users\Renan\AppData\Local\Ilivid Player

2012-08-25 10:46 . 2012-08-25 10:46 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-08-20 14:21 . 2012-07-05 16:10 59808 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll

2012-08-20 14:21 . 2012-07-05 16:10 34720 ----a-w- c:\windows\system32\LMIport.dll

2012-08-20 14:21 . 2012-07-05 16:11 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-08-20 14:21 . 2012-06-08 10:06 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys

2012-08-20 14:21 . 2012-07-05 16:10 80800 ----a-w- c:\windows\system32\LMIinit.dll

2012-08-20 14:21 . 2012-09-05 17:20 -------- d-----w- c:\programdata\LogMeIn

2012-08-20 11:28 . 2012-08-20 11:28 -------- d-----w- c:\users\Renan\AppData\Local\libimobiledevice

2012-08-18 16:09 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-08-18 16:02 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe

2012-08-18 14:45 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-08-18 14:45 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-08-18 14:45 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-18 14:45 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-18 14:45 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-08-18 14:45 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-08-18 14:45 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-08-18 14:45 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-08-18 14:45 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll

2012-08-18 14:45 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

2012-08-18 14:43 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-08-18 14:43 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-08-18 14:43 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-08-18 14:43 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-08-18 14:43 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-08-18 14:43 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-08-18 14:43 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-08-18 14:43 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-08-18 14:43 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-08-18 14:43 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-08-18 14:31 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-08-18 14:31 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-08-18 14:31 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-08-18 14:31 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-08-18 14:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-08-18 14:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-08-18 14:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-08-18 14:30 . 2012-06-02 11:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-18 14:30 . 2012-06-02 11:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-08-14 19:35 . 2012-08-14 19:35 -------- d-----w- c:\users\Renan\Calibre Bibliotheek

2012-08-14 19:35 . 2012-08-14 19:37 -------- d-----w- c:\users\Renan\AppData\Roaming\calibre

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-21 09:13 . 2011-07-26 17:34 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-08-21 09:13 . 2011-07-26 17:34 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-08-21 09:13 . 2011-07-26 17:34 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-08-21 09:13 . 2011-07-26 17:34 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-08-21 09:13 . 2011-07-26 17:34 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-08-21 09:12 . 2011-07-26 17:33 41224 ----a-w- c:\windows\avastSS.scr

2012-08-21 09:12 . 2011-07-26 17:33 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-08-21 09:12 . 2011-07-26 17:34 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-08-18 15:43 . 2012-03-30 15:45 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-18 15:43 . 2011-07-27 23:05 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-03 00:27 . 2011-07-22 20:09 62134624 ----a-w- c:\windows\system32\MRT.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2012-08-08 2102320]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-08-12 520330]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ DPPassFilter scecli

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Renan\AppData\Local\Temp\Rar$EX74.352\Run\a2ddax64.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 136176]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 250056]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-12-17 36000]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-12-17 298144]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-12-17 201376]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-12-17 55456]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-12-17 154272]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-12-17 275616]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 136176]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-22 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-11-08 196688]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe [2010-10-01 151552]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2010-12-17 53920]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]

S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2012-08-15 50736]

S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-07-12 342288]

S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-07-12 42768]

S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-11-08 338000]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-12-17 28832]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-06-16 176000]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]

S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-07-20 918064]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:43]

.

2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 18:35]

.

2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 18:35]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-21 3666800]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-15 686704]

"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2010-12-17 613536]

"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2010-12-17 379040]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-09-10 206336]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)

HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe

c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Voltooingstijd: 2012-09-07 11:32:42 - machine werd herstart

ComboFix-quarantined-files.txt 2012-09-07 09:32

.

Pre-Run: 241.353.273.344 bytes beschikbaar

Post-Run: 241.751.695.360 bytes beschikbaar

.

- - End Of File - - 8C8E2E343FE1447E7EE64D195C415451

Ik wacht de reactie af en bedankt voor de hulp tot nu toe!

Alex

[kape]

Krijg je nu nog meldingen over stuurprogramma's of USB's ? Of andere foutmeldingen i.v.m. het politievirus ?

[alexdesouza10]

Krijg je nu nog meldingen over stuurprogramma's of USB's ? Of andere foutmeldingen i.v.m. het politievirus ?

Nee eerlijk gezegd heb ik nergens last meer van. Alleen die anti Malware programma geeft soms een melding dat hij iets heeft geblokkeerd, maar dat lijkt me normaal.

[kape]

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In Windows 7

• via Start -> Configuratiescherm -> Systeem & Beveiliging -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.
  
• Klik nu op "verwijderen" om alle herstelpunten te verwijderen.
  
• Klik op "Toepassen" en "OK".
  
• Herstart nu de PC.
  
• Indien dit allemaal probleemloos verlopen is, mag je hieronder op "markeer als opgelost" tokkelen !