Mededeling

Collapse
No announcement yet.

Graag even nakijken na vreemd gedrag

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Graag even nakijken na vreemd gedrag

    Hallo,

    Ik moest voor een presentatie van de VS een bestand naar iemand anders doormailen. Gelukkig wilde ik het bestand, afkomstig van een klasgenoot, nog even checken (zodat de ander er niet mee zat...). Maar onmiddellijk na het openen van het bestand sprong mijn bureaublad op zwart, sloot explorer.exe af en viel de computer uit. Tot zover ik kan zien is er geen verdere schade, maar ik wil het even zeker weten.

    Defogger is succesvol uitgevoerd.

    Malwarebytes - computer clean.
    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes Cyber Security for Home & Business | Anti-Malware
    https://www.malwarebytes.org
    Protect your home and business PCs, Macs, iOS and Android devices from malware, viruses & cyber threats with Malwarebytes cyber security solutions.


    Databaseversie: v2013.07.03.06

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16599
    Joey :: JOEY-PC [administrator]

    3-7-2013 15:35:01
    mbam-log-2013-07-03 (15-35-01).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 207785
    Verstreken tijd: 2 minuut/minuten, 31 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    DDS - geen idee.
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: BrowserJavaVersion: 10.25.2
    Run by Joey at 15:39:27 on 2013-07-03
    Microsoft Windows 8 Pro 6.2.9200.0.1252.31.1043.18.3003.1355 [GMT 2:00]
    .
    AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_960c1f056a541068\STacSV64.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_960c1f056a541068\AESTSr64.exe
    C:\Windows\system32\dashost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Windows\system32\taskhostex.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Windows\syswow64\wwahost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Users\Joey\Local Settings\Apps\F.lux\flux.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wwahost.exe
    C:\Windows\notepad.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.nl/
    uProxyOverride = <local>
    mWinlogon: Userinit = userinit.exe
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [F.lux] "C:\Users\Joey\Local Settings\Apps\F.lux\flux.exe" /noshow
    uRun: [Akamai NetSession Interface] "C:\Users\Joey\AppData\Local\Akamai\netsession_win.exe"
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    Trusted Zone: aeriagames.com
    Trusted Zone: aeriagames.com
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {7340F0E4-AEDA-47C6-8971-9DB314030BD7} - hxxp://extcam-6.se.axis.com/activex/decoder/h264_dec.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://extcam-6.se.axis.com/activex/AMC.cab
    TCP: NameServer = 213.46.228.196 62.179.104.196
    TCP: Interfaces\{CFCA45CF-5B25-4AF0-B38B-1889B6F0CFC3} : DHCPNameServer = 213.46.228.196 62.179.104.196
    SSODL: WebCheck - <orphaned>
    mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\bc4f7ybu.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\bc4f7ybu.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}\plugins\npwidevinemediaoptimizer.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-06-15 10:41; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\bc4f7ybu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2013-06-16 21:33; {2d3fbcf7-be69-4433-8858-c621a8d0e58d}; C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\bc4f7ybu.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
    FF - ExtSQL: 2013-06-17 19:51; [email protected]; C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\bc4f7ybu.default\extensions\[email protected]
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_960c1f056a541068\AESTSr64.e xe [2009-3-2 89600]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\Drivers\IntcHdmi.sys [2009-7-10 139264]
    R3 RTL8168;Realtek 8168 NT-stuurprogramma;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
    S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2013-6-8 227896]
    S3 vmbusr;Provider van virtuele-machinebus;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-07-03 13:33:37 -------- d-----w- C:\Users\Joey\AppData\Roaming\Malwarebytes
    2013-07-03 13:33:24 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-07-03 13:33:22 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-07-03 13:33:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-07-03 13:33:12 -------- d-----w- C:\Users\Joey\AppData\Local\Programs
    2013-07-03 13:31:37 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9258D2F4-7204-419E-B017-8BC780424D08}\offreg.dll
    2013-07-03 13:22:14 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9258D2F4-7204-419E-B017-8BC780424D08}\mpengine.dll
    2013-06-30 16:05:10 9552976 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-06-30 08:46:19 243888 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10208.bin
    2013-06-30 08:45:10 -------- d-----r- C:\websites
    2013-06-26 16:52:50 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-06-22 20:31:59 -------- d-----w- C:\Program Files (x86)\SpeedFan
    2013-06-16 14:42:53 -------- d-----w- C:\Users\Joey\AppData\Roaming\uTorrent
    2013-06-16 14:39:49 -------- d-----w- C:\Program Files (x86)\VirtualDJ
    2013-06-16 08:14:05 1300992 ----a-w- C:\Windows\System32\gdi32.dll
    2013-06-16 08:14:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2013-06-16 08:14:04 888320 ----a-w- C:\Windows\System32\autochk.exe
    2013-06-16 08:14:04 542208 ----a-w- C:\Windows\System32\untfs.dll
    2013-06-16 08:14:04 482816 ----a-w- C:\Windows\SysWow64\untfs.dll
    2013-06-16 08:14:03 793088 ----a-w- C:\Windows\SysWow64\autochk.exe
    2013-06-15 14:14:59 446720 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
    2013-06-15 09:50:29 -------- d-----w- C:\Users\Joey\AppData\Local\Macromedia
    2013-06-14 20:19:13 -------- d-----w- C:\Users\Joey\AppData\Local\Diagnostics
    2013-06-14 18:58:16 -------- d-----w- C:\Program Files\CCleaner
    2013-06-09 15:43:26 -------- d-----w- C:\Program Files (x86)\Axis Communications
    2013-06-09 13:05:16 -------- d-----w- C:\Users\Joey\AppData\Roaming\Awesomium
    2013-06-09 11:33:40 -------- d-----w- C:\Users\Joey\AppData\Local\Aeria Games
    2013-06-09 11:33:14 -------- d-----w- C:\ProgramData\Aeria Games
    2013-06-09 11:25:37 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
    2013-06-09 11:25:36 -------- d-----w- C:\Program Files (x86)\Aeria Games
    2013-06-09 10:57:02 -------- d-----w- C:\Users\Joey\AppData\Local\Akamai
    2013-06-09 10:57:00 -------- d-----w- C:\AeriaGames
    2013-06-08 21:21:40 -------- d-----w- C:\Users\Joey\AppData\Roaming\LibreOffice
    2013-06-08 21:08:55 -------- d-----w- C:\Users\Joey\AppData\Local\Paint.NET
    2013-06-08 21:08:55 -------- d-----w- C:\Program Files\Paint.NET
    2013-06-08 21:06:35 -------- d-----w- C:\Windows\SysWow64\XPSViewer
    2013-06-08 21:04:42 778856 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
    2013-06-08 21:04:42 35400 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
    2013-06-08 21:04:42 102528 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2013-06-08 21:04:41 35400 ----a-w- C:\Windows\System32\TsWpfWrp.exe
    2013-06-08 21:04:41 124040 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2013-06-08 21:04:41 1166440 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
    2013-06-08 21:00:51 -------- d-----w- C:\Users\Joey\AppData\Local\Apps
    2013-06-08 20:58:43 -------- d-----w- C:\Program Files (x86)\LibreOffice 4.0
    2013-06-08 20:55:16 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-06-08 20:55:16 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-06-08 20:53:15 -------- d-----w- C:\Windows\SysWow64\Adobe
    2013-06-08 20:50:25 -------- d-----w- C:\Users\Joey\AppData\Local\Adobe
    2013-06-08 20:01:08 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
    2013-06-08 19:57:49 -------- d-----w- C:\Users\Joey\AppData\Roaming\hpqLog
    2013-06-08 19:57:31 1919968 ----a-w- C:\Windows\System32\drivers\wdfcoinstaller01005.dll
    2013-06-08 19:57:31 18432 ----a-w- C:\Windows\System32\drivers\HpqKbFiltr.sys
    2013-06-08 19:57:28 1885488 ----a-w- C:\Windows\SysWow64\BttnCmns.dll
    2013-06-08 19:57:28 1885488 ----a-r- C:\Windows\SysWow64\BttnCmn.dll
    2013-06-08 19:56:19 7360512 ----a-w- C:\Windows\System32\RTSUSTORicon.dll
    2013-06-08 19:56:14 225280 ----a-w- C:\Windows\SysWow64\drivers\RtsUStor.sys
    2013-06-08 19:56:14 -------- d-----w- C:\Program Files (x86)\Realtek
    2013-06-08 19:52:10 1002008 ----a-w- C:\Windows\SysWow64\igxpun.exe
    2013-06-08 19:52:10 -------- d-----w- C:\Windows\SysWow64\x64
    2013-06-08 19:52:10 -------- d-----w- C:\Windows\SysWow64\Lang
    2013-06-08 19:43:28 645632 ------w- C:\Windows\System32\stapi64.dll
    2013-06-08 19:43:07 68608 ----a-w- C:\Windows\System32\AESTAR64.dll
    2013-06-08 19:43:07 442368 ----a-w- C:\Windows\System32\AESTEC64.dll
    2013-06-08 19:43:07 162816 ----a-w- C:\Windows\System32\AESTAC64.dll
    2013-06-08 19:43:07 -------- d-----w- C:\Program Files\IDT
    2013-06-08 19:43:06 90624 ----a-w- C:\Windows\System32\AESTCo64.dll
    2013-06-08 19:43:06 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
    2013-06-08 19:43:06 487424 ----a-w- C:\Windows\sttray64.exe
    2013-06-08 19:43:06 3348480 ----a-w- C:\Windows\System32\stlang64.dll
    2013-06-08 19:43:06 12772352 ----a-w- C:\Windows\System32\idtcpl64.cpl
    2013-06-08 19:43:05 -------- d-----w- C:\Windows\System32\SRSLabs
    2013-06-08 19:22:30 2367528 ----a-w- C:\Windows\System32\WSService.dll
    2013-06-08 19:22:19 3265256 ----a-w- C:\Windows\System32\drivers\evbda.sys
    2013-06-08 19:22:08 2397184 ----a-w- C:\Windows\System32\WpcMon.exe
    2013-06-08 19:22:05 3847168 ----a-w- C:\Windows\System32\d2d1.dll
    2013-06-08 19:22:04 3964416 ----a-w- C:\Windows\System32\WinSAT.exe
    2013-06-08 19:22:01 533224 ----a-w- C:\Windows\System32\drivers\bxvbda.sys
    2013-06-08 19:22:00 3296256 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2013-06-08 19:20:59 98816 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2013-06-08 19:19:53 11459584 ----a-w- C:\Windows\System32\glcndFilter.dll
    2013-06-08 19:18:47 115712 ----a-w- C:\Windows\System32\wbem\PolicMan.dll
    2013-06-08 19:17:59 579584 ----a-w- C:\Windows\System32\StructuredQuery.dll
    2013-06-08 19:16:59 368640 ----a-w- C:\Windows\System32\sppwinob.dll
    2013-06-08 19:16:55 641536 ----a-w- C:\Windows\System32\WSShared.dll
    2013-06-08 19:16:55 523776 ----a-w- C:\Windows\SysWow64\WSShared.dll
    2013-06-08 19:16:55 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll
    2013-06-08 19:16:55 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
    2013-06-08 19:16:55 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
    2013-06-08 19:16:55 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
    2013-06-08 19:03:04 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-08 19:03:04 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-06-08 19:00:30 -------- d-----r- C:\Windows\BrowserChoice
    2013-06-08 18:46:12 -------- d-----w- C:\Windows\Panther
    2013-06-08 18:45:32 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-06-08 18:33:09 94208 ----a-w- C:\Windows\System32\synceng.dll
    2013-06-08 18:33:09 72192 ----a-w- C:\Windows\SysWow64\synceng.dll
    2013-06-08 18:33:09 1455368 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-06-08 18:31:06 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
    2013-06-08 18:30:53 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
    2013-06-08 18:27:56 1161728 ----a-w- C:\Windows\System32\sppobjs.dll
    2013-06-08 18:26:35 6987528 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-06-08 18:25:59 503080 ----a-w- C:\Windows\System32\ci.dll
    2013-06-08 18:24:47 405504 ----a-w- C:\Windows\System32\pcasvc.dll
    2013-06-08 18:23:51 26624 ----a-w- C:\Windows\System32\ReAgentc.exe
    2013-06-08 18:02:29 -------- d-----w- C:\Program Files\Synaptics
    2013-06-08 17:58:08 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
    2013-06-08 17:58:06 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
    2013-06-08 17:57:03 -------- d-----w- C:\Users\Joey\AppData\Local\VirtualStore
    2013-06-08 17:50:58 -------- d-sh--we C:\ProgramData\Sjablonen
    2013-06-08 17:50:58 -------- d-sh--we C:\ProgramData\Menu Start
    2013-06-08 17:50:58 -------- d-sh--we C:\ProgramData\Documenten
    2013-06-08 17:50:58 -------- d-sh--we C:\ProgramData\Bureaublad
    .
    ==================== Find3M ====================
    .
    2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
    2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll
    2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-05-04 07:58:17 120736 ----a-w- C:\Windows\System32\AuthHost.exe
    2013-05-04 07:45:29 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-05-04 07:34:17 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS
    2013-05-04 07:34:15 284416 ----a-w- C:\Windows\System32\drivers\spaceport.sys
    2013-05-04 06:59:56 39424 ----a-w- C:\Windows\System32\wuapp.exe
    2013-05-04 06:59:51 1483776 ----a-w- C:\Windows\System32\VSSVC.exe
    2013-05-04 06:59:36 812544 ----a-w- C:\Windows\System32\Magnify.exe
    2013-05-04 06:59:25 98304 ----a-w- C:\Windows\System32\wudriver.dll
    2013-05-04 06:59:25 251904 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
    2013-05-04 06:59:25 141824 ----a-w- C:\Windows\System32\wuwebv.dll
    2013-05-04 06:59:24 1619968 ----a-w- C:\Windows\System32\wucltux.dll
    2013-05-04 06:59:08 13644288 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
    2013-05-04 06:58:54 328192 ----a-w- C:\Windows\System32\ubpm.dll
    2013-05-04 06:58:54 10116096 ----a-w- C:\Windows\System32\twinui.dll
    2013-05-04 06:58:49 173568 ----a-w- C:\Windows\System32\storewuauth.dll
    2013-05-04 06:58:49 1332736 ----a-w- C:\Windows\System32\sysmain.dll
    2013-05-04 06:58:48 330240 ----a-w- C:\Windows\System32\stobject.dll
    2013-05-04 06:58:28 93696 ----a-w- C:\Windows\System32\psmsrv.dll
    2013-05-04 06:58:02 470528 ----a-w- C:\Windows\System32\netprofmsvc.dll
    2013-05-04 06:58:02 151552 ----a-w- C:\Windows\System32\netprofm.dll
    2013-05-04 06:58:01 169984 ----a-w- C:\Windows\System32\netplwiz.dll
    2013-05-04 06:57:59 17408 ----a-w- C:\Windows\System32\muifontsetup.dll
    2013-05-04 06:57:46 560640 ----a-w- C:\Windows\System32\mfmp4srcsnk.dll
    2013-05-04 06:57:31 820736 ----a-w- C:\Windows\System32\gpprefcl.dll
    2013-05-04 06:57:15 501760 ----a-w- C:\Windows\System32\DevicePairing.dll
    2013-05-04 06:57:05 179712 ----a-w- C:\Windows\System32\bisrv.dll
    2013-05-04 06:57:05 122368 ----a-w- C:\Windows\System32\biwinrt.dll
    2013-05-04 06:57:04 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll
    2013-05-04 06:57:04 2305024 ----a-w- C:\Windows\System32\authui.dll
    2013-05-04 06:57:00 708096 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll
    2013-05-04 06:57:00 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
    2013-05-04 06:56:53 419840 ----a-w- C:\Windows\System32\intl.cpl
    2013-05-04 04:58:34 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2013-05-04 04:58:14 758784 ----a-w- C:\Windows\SysWow64\Magnify.exe
    2013-05-04 04:58:02 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2013-05-04 04:58:02 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    2013-05-04 04:57:49 10788864 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll
    2013-05-04 04:57:39 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll
    2013-05-04 04:57:39 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll
    2013-05-04 04:57:35 303616 ----a-w- C:\Windows\SysWow64\stobject.dll
    2013-05-04 04:57:16 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll
    2013-05-04 04:57:04 151040 ----a-w- C:\Windows\SysWow64\netplwiz.dll
    2013-05-04 04:57:04 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll
    2013-05-04 04:57:02 14336 ----a-w- C:\Windows\SysWow64\muifontsetup.dll
    2013-05-04 04:56:48 411136 ----a-w- C:\Windows\SysWow64\mfmp4srcsnk.dll
    2013-05-04 04:56:35 582144 ----a-w- C:\Windows\SysWow64\gpprefcl.dll
    2013-05-04 04:56:14 449536 ----a-w- C:\Windows\SysWow64\DevicePairing.dll
    2013-05-04 04:56:06 92160 ----a-w- C:\Windows\SysWow64\biwinrt.dll
    2013-05-04 04:56:05 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll
    2013-05-04 04:56:05 2035712 ----a-w- C:\Windows\SysWow64\authui.dll
    2013-05-04 04:55:58 389632 ----a-w- C:\Windows\SysWow64\intl.cpl
    2013-05-04 04:51:38 14848 ----a-w- C:\Windows\System32\rars.rs
    2013-05-04 04:48:33 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys
    2013-05-04 04:48:26 27648 ----a-w- C:\Windows\System32\drivers\hidusb.sys
    2013-05-04 04:47:02 427520 ----a-w- C:\Windows\System32\drivers\rdbss.sys
    2013-05-04 04:10:47 14848 ----a-w- C:\Windows\SysWow64\rars.rs
    2013-04-28 22:30:55 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-04-28 22:30:12 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-04-28 22:28:33 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-04-28 22:28:29 915968 ----a-w- C:\Windows\System32\uxtheme.dll
    2013-04-28 22:28:00 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-04-27 05:20:12 733184 ----a-w- C:\Windows\System32\win32spl.dll
    2013-04-23 23:13:53 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe
    2013-04-23 23:12:44 1569792 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-04-23 23:12:44 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-04-23 22:56:35 1255936 ----a-w- C:\Windows\System32\certutil.exe
    2013-04-23 22:55:48 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-04-23 22:55:48 1889280 ----a-w- C:\Windows\System32\crypt32.dll
    2013-04-23 22:55:48 141312 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-04-13 05:56:35 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-04-09 05:33:02 489576 ----a-w- C:\Windows\System32\AudioEng.dll
    2013-04-09 05:33:02 446792 ----a-w- C:\Windows\System32\AudioSes.dll
    2013-04-09 05:33:02 253544 ----a-w- C:\Windows\System32\audiodg.exe
    2013-04-09 05:20:02 86280 ----a-w- C:\Windows\System32\kdnet.dll
    2013-04-09 05:20:02 306952 ----a-w- C:\Windows\System32\kd_02_10ec.dll
    2013-04-09 05:18:05 77960 ----a-w- C:\Windows\System32\kdvm.dll
    2013-04-09 05:17:57 1829408 ----a-w- C:\Windows\System32\ntdll.dll
    2013-04-09 04:52:07 816128 ----a-w- C:\Windows\System32\SearchIndexer.exe
    2013-04-09 04:52:07 373760 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
    2013-04-09 04:52:07 197120 ----a-w- C:\Windows\System32\SearchFilterHost.exe
    2013-04-09 04:52:07 126464 ----a-w- C:\Windows\System32\Robocopy.exe
    2013-04-09 04:52:06 804352 ----a-w- C:\Windows\System32\RecoveryDrive.exe
    2013-04-09 04:51:51 367616 ----a-w- C:\Windows\System32\conhost.exe
    2013-04-09 04:51:45 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2013-04-09 04:51:41 99840 ----a-w- C:\Windows\System32\wscsvc.dll
    2013-04-09 04:51:41 456704 ----a-w- C:\Windows\System32\wpncore.dll
    2013-04-09 04:51:17 595456 ----a-w- C:\Windows\System32\Windows.Networking.dll
    2013-04-09 04:51:17 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
    2013-04-09 04:51:03 3552768 ----a-w- C:\Windows\System32\tquery.dll
    2013-04-09 04:50:53 414720 ----a-w- C:\Windows\System32\GenuineCenter.dll
    2013-04-09 04:50:39 422400 ----a-w- C:\Windows\System32\schannel.dll
    2013-04-09 04:50:39 1285632 ----a-w- C:\Windows\System32\schedsvc.dll
    2013-04-09 04:50:03 96256 ----a-w- C:\Windows\System32\mssprxy.dll
    2013-04-09 04:50:03 745984 ----a-w- C:\Windows\System32\mssvp.dll
    2013-04-09 04:50:03 2107904 ----a-w- C:\Windows\System32\mssrch.dll
    2013-04-09 04:50:02 65024 ----a-w- C:\Windows\System32\msscntrs.dll
    .
    ============= FINISH: 15:39:56,31 ===============

    GMER - items gevonden, ik denk false positives.
    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-07-03 15:53:48
    Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 ST9500420AS rev.0006HPM1 465,76GB
    Running: xg44scj8.exe; Driver: C:\Users\Joey\AppData\Local\Temp\kxloypob.sys


    ---- Kernel code sections - GMER 2.1 ----

    .text C:\Windows\system32\ntoskrnl.exe!KiCpuId + 988 fffff801aee6a41c 1 byte [21]

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2124] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f955fd177a 4 bytes [FD, 55, F9, 07]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2124] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f955fd1782 4 bytes [FD, 55, F9, 07]
    .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3428] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f955fd177a 4 bytes [FD, 55, F9, 07]
    .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3428] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f955fd1782 4 bytes [FD, 55, F9, 07]

    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\system32\csrss.exe [3416:2176] fffff960009995e8
    Thread C:\Windows\system32\taskhost.exe [5148:1156] 000007f9511ac5a4

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\[email protected] -925594926
    Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\[email protected] 0xC5 0xB3 0xE4 0x07 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\[email protected] 1118

    ---- EOF - GMER 2.1 ----

    -einde-

    Alvast bedankt voor het nakijken. Ik reageer zo snel mogelijk.
    Joey
    Labels: Geen
    • Citaat
  • #2
    Ik zie geen rare dingen in de logjes.
    • Citaat

    Comment

    • #3
      Hallo Marckie,

      Bedankt voor uw reactie. Ik ga er vanuit dat mijn PC schoon is van virussen.

      Groet,
      Joey
      • Citaat

      Comment

      • #4
        Graag gedaan.
        • Citaat

        Comment

        Vorige template Volgende
        Sorry, you are not authorized to view this page
        Working...
        X