Mededeling

Collapse
No announcement yet.

Meerdere Problemen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Meerdere Problemen

    Beste .......,

    Ik heb meerdere problemen waarvan ik sterke vermoedens heb dat dit komt door een infectie.

    De problemen op een rijtje:

    - Macafee start niet meer op.
    - Windows security center kan niet worden ingeschakeld.
    - Programma's lopen vast
    - Processen beëindigen met taalbeheer lukt niet.

    DDS:

    DDS (Ver_2012-11-05.02) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.25.2
    Run by Morris at 10:13:24 on 2013-09-23
    .
    ============== Running Processes ================
    .
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    C:\Users\Morris\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Users\Morris\AppData\Local\Temp\NEW3E85.tmp.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Morris\AppData\Local\Temp\setup.exe
    C:\Users\Morris\AppData\Local\Temp\NEWCF4F.tmp.exe
    C:\Windows\SysWOW64\MSIEXEC.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://acer.msn.com
    mStart Page = hxxp://acer.msn.com
    mDefault_Page_URL = hxxp://acer.msn.com
    uSearchAssistant = hxxp://www.google.com
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uRun: [Google Update] "C:\Users\Morris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
    uExplorerRun: [OEM] C:\Users\Morris\AppData\Roaming\064076.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    LSP: mswsock.dll
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{B98AB6D2-0E2A-4CF3-8884-F8B61A3392CB} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{FFF12F21-E494-4FC0-B104-145B1E4A8E68} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{FFF12F21-E494-4FC0-B104-145B1E4A8E68}\9434944455 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{FFF12F21-E494-4FC0-B104-145B1E4A8E68}\D4F627279637D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://acer.msn.com
    x64-mDefault_Page_URL = hxxp://acer.msn.com
    x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    x64-Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service
    R? cfwids;McAfee Inc. cfwids
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
    R? EgisTec Ticket Service;EgisTec Ticket Service
    R? GamesAppService;GamesAppService
    R? HipShieldK;McAfee Inc. HipShieldK
    R? JNPRNA;Juniper Network Agent Miniport
    R? JnprVaMgr;Juniper Networks Virtual Adapter Manager Service
    R? McAWFwk;McAfee Activation Service
    R? McComponentHostService;McAfee Security Scan Component Host Service
    R? McMPFSvc;McAfee Personal Firewall Service
    R? McOobeSv;McAfee OOBE Service
    R? mferkdet;McAfee Inc. mferkdet
    R? mfetdi2k;McAfee Inc. mfetdi2k
    R? SkypeUpdate;Skype Updater
    R? TsUsbFlt;TsUsbFlt
    R? TsUsbGD;Remote Desktop Generic USB Device
    R? TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0
    R? USBAAPL64;Apple Mobile USB Driver
    R? WatAdminSvc;Windows Activation Technologies-service
    R? wlcrasvc;Windows Live Mesh remote connections service
    S? cvhsvc;Client Virtualization Handler
    S? DsiWMIService;Dritek WMI Service
    S? dtsoftbus01;DAEMON Tools Virtual Bus Driver
    S? ePowerSvc;ePower Service
    S? GREGService;GREGService
    S? HECIx64;Intel(R) Management Engine Interface
    S? Impcd;Impcd
    S? IntcDAud;Intel(R) Display Audio
    S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller
    S? Live Updater Service;Live Updater Service
    S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
    S? McNaiAnn;McAfee VirusScan Announcer
    S? McProxy;McAfee Proxy Service
    S? McShield;McAfee McShield
    S? mfeavfk;McAfee Inc. mfeavfk
    S? mfefire;McAfee Firewall Core Service
    S? mfefirek;McAfee Inc. mfefirek
    S? mfehidk;McAfee Inc. mfehidk
    S? mfevtp;McAfee Validation Trust Protection Service
    S? mfewfpk;McAfee Inc. mfewfpk
    S? mwlPSDFilter;mwlPSDFilter
    S? mwlPSDNServ;mwlPSDNServ
    S? mwlPSDVDisk;mwlPSDVDisk
    S? NOBU;Norton Online Backup
    S? NTI IScheduleSvc;NTI IScheduleSvc
    S? nvpciflt;nvpciflt
    S? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
    S? Sftfs;Sftfs
    S? sftlist;Application Virtualization Client
    S? Sftplay;Sftplay
    S? Sftredir;Sftredir
    S? Sftvol;Sftvol
    S? sftvsa;Application Virtualization Service Agent
    S? StarWindServiceAE;StarWind AE Service
    S? TurboB;Turbo Boost UI Monitor driver
    S? UNS;Intel(R) Management & Security Application User Notification Service
    .
    =============== Created Last 30 ================
    .
    2013-09-22 19:16:02 -------- d-----w- C:\Users\Morris\AppData\Local\MFAData
    2013-09-22 19:16:02 -------- d-----w- C:\Users\Morris\AppData\Local\Avg2014
    2013-09-22 19:16:02 -------- d-----w- C:\ProgramData\MFAData
    2013-09-03 08:48:20 -------- d-----w- C:\Users\Morris\AppData\Roaming\The Creative Assembly
    2013-09-02 10:50:10 -------- d-----w- C:\Program Files (x86)\Rockstar Games
    2013-09-02 10:49:55 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
    2013-09-02 10:49:55 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
    2013-09-02 10:49:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
    2013-09-02 10:49:55 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
    2013-09-02 10:49:55 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
    2013-09-02 10:49:52 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
    2013-09-02 10:49:51 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
    .
    ==================== Find3M ====================
    .
    2013-09-14 05:59:45 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-09-14 05:59:44 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-25 15:48:34 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-06-25 15:48:34 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-06-25 15:48:34 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 10:14:11,99 ===============

    Malware en GMER komen nog, maar die programma's slaan uiteraard weer vast dus dat moet ik even via veilige modus doen.

    Alvast heel erg bedankt,
    Morris

  • #2
    Log Gmer:

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-09-23 10:37:59
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB
    Running: xd3ej4jh.exe; Driver: C:\Users\Morris\AppData\Local\Temp\pxdiypoc.sys


    ---- User code sections - GMER 2.1 ----

    .reloc C:\Windows\system32\services.exe [556] section is executable [0x4A8, 0xA0000020] 0000000100052000

    ---- User IAT/EAT - GMER 2.1 ----

    IAT C:\Windows\system32\mfevtps.exe[1120] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13fe7b9f0] C:\Windows\system32\mfevtps.exe
    ---- Processes - GMER 2.1 ----

    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [496] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefd610000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [592] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefd610000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [816] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefd610000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [896] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefd610000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [372] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefd610000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [1200] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefd610000

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x29 0xCB 0xDB 0x68 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x9A 0x80 0xA7 0xC3 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] ew 0x62 0x79 0xEF 0xDE ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x29 0xCB 0xDB 0x68 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x9A 0x80 0xA7 0xC3 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0x62 0x79 0xEF 0xDE ...
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\[email protected]:\Users\Morris\Documents\Vuze Downloads\Zoo Tycoon 2 \xae Ultimate Collection with save+Extras\Zoo Tycoon 2\Setup.Exe 1

    ---- EOF - GMER 2.1 ----

    Log Malwarebytes lukt op een of andere manier niet

    Comment


    • #3
      Hoi Hansworst en welkom op Nucia Security Forum,

      Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
      .
      • Log enkel in als beheerder met alle rechten.
      • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
      • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
      • Volg aandachtig de instructies die door mij worden gegeven.
      • Volg enkel het door mij gegeven advies op
      • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
      • Als je iets niet weet of verstaat, vraag het dan even aub.
      • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
      • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
      • Zet je emoticons (Smileys) uit als je logs plaatst aub .
      • De logs niet als bijlage, noch tussen codetags zetten aub.

      .
      Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
      De instructies die worden gegeven, zijn enkel geldig voor jouw PC.


      Ik merk dat je Teatimer / SDHelper hebt aanstaan.
      Tijdens het oplossen van spyware problemen, zet je die service best uit, omdat deze (ongewild) de uitvoering kan beletten.
      Als alles gedaan is en je pc is clean, kan je deze service terug aan zetten.

      Wanneer Teatimer je achteraf een waarschuwing geeft dat er veranderingen zijn gemaakt,
      keur je deze goed in plaats van ze te blokkeren.

      Open Spybot, Search & Destroy (SSD) en klik op Mode .
      Selecteer: Advanced Mode.
      Klik op ja (yes) bij het volgend venster.
      Klik op Tools in de linkeronderkant.
      Klik op Resident en zet de vinkjes uit bij : Teatimer en SDHelper (als ze geinstalleerd zijn).
      Klik op Allow change (verandering toestaan)
      Sluit SSD en herstart je PC.


      Stap 1:

      Malware scannen en verwijderen....


      Download MalwareBytes' Anti-Malware naar je bureaublad vanuit één van de volgende links: Dubbelklik op mbam-setup.exe om het programma te installeren.

      Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
      Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

      Zorg dat er na de installatie een vinkje is geplaatst bij:
      • Update MalwareBytes' Anti-Malware
      • Start MalwareBytes' Anti-Malware
      • Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.



      Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
      • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
      • Ga naar het tabblad "Updates" en Update MBAM.
      • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
      • Druk vervolgens op "Scannen" om de scan te starten.
      • Het scannen kan een tijdje duren, dus wees geduldig.
      • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
      • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
      • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

      Indien MBAM vraagt om een herstart, doe dit dan ook.
      Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
      In dat geval post je dus de twee logs.

      De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


      Bij problemen!!!

      ___________________________________________________________

      Stap 2:

      Controle op slechte toolbars...

      Download AdwCleaner by Xplode naar je Bureaublad.
      • Sluit alle openstaande vensters
      • Start AdwCleaner
      • Klik op Scan
      • Klik op Clean
      • KLIK HIER voor een vergroting! 

      Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
      Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

      Enkel de log na de "clean" optie heb ik nodig.

      Vergeet niet om je "smileys" uit te schakelen.

      Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

      ___________________________________________________________

      Stap 3:

      Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


      DDS is een diagnosetool en maakt gebruik van scripts.
      Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


      Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
      Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
      Beide logfiles sla je op je bureaublad.

      Post de inhoud van DDS.txt.

      De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

      ___________________________________________________________

      Stap 4:

      Controle op updates...

      Download Security Check op je bureaublad via hier of hier

      Start Security Check
      Volg de Instructies in het scherm
      Aan het eind verschijnt een log ( checkup.txt )
      Plaats de inhoud ervan in je volgende antwoord.

      In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
      .
      • MBAM
      • AdwCleaner
      • DDS
      • checkup.txt

      .
      Deze logs NIET als bijlage of tussen codetags posten aub.
      (Desnoods in meerdere postingen.)

      Emphyrio
      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

      Comment


      • #4
        Beste Emphyrio,

        Bedankt voor je welkom bericht en je hulp!

        Bij Malware Bytes lukt alleen een snelle scan, bij een volledige loopt hij vast.

        MBAM:

        Malwarebytes Anti-Malware 1.75.0.1300
        www.malwarebytes.org

        Databaseversie: v2013.09.22.04

        Windows 7 Service Pack 1 x64 NTFS (Veilige modus/netwerkmogelijkheden)
        Internet Explorer 9.0.8112.16421
        Morris :: Morris-PC [administrator]

        23-9-2013 10:20:55
        mbam-log-2013-09-23 (10-20-55).txt

        Scan type: Snelle scan
        Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
        Uitgeschakelde scan opties: P2P
        Objecten gescand: 234164
        Verstreken tijd: 4 minuut/minuten, 54 seconde(n)

        Geheugenprocessen gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Geheugenmodulen gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Registersleutels gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Registerwaarden gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Registerdata gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Mappen gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Bestanden gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        (einde)

        Adwcleaner:

        # AdwCleaner v3.005 - Report created 23/09/2013 at 15:34:53
        # Updated 22/09/2013 by Xplode
        # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
        # Username : Morris - Morris-PC
        # Running from : C:\Users\Morris\Desktop\adwcleaner.exe
        # Option : Clean

        ***** [ Services ] *****


        ***** [ Files / Folders ] *****

        Folder Deleted : C:\ProgramData\Ask
        Folder Deleted : C:\Program Files (x86)\1ClickDownload
        Folder Deleted : C:\Program Files (x86)\Ask.com
        Folder Deleted : C:\Program Files (x86)\jZip
        Folder Deleted : C:\Users\Morris\AppData\Local\jZip
        Folder Deleted : C:\Users\Morris\AppData\LocalLow\AskToolbar
        File Deleted : C:\Users\Morris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
        File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

        ***** [ Shortcuts ] *****


        ***** [ Registry ] *****

        Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
        Key Deleted : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
        Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
        Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
        Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
        Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
        Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
        Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
        Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
        Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
        Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
        Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
        Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
        Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
        Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
        Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
        Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
        Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
        Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
        Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
        Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
        Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
        Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
        Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
        Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
        Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
        Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
        Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
        Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
        Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
        Key Deleted : HKCU\Software\APN
        Key Deleted : HKCU\Software\Ask.com
        Key Deleted : HKCU\Software\jZip
        Key Deleted : HKCU\Software\SmartBar
        Key Deleted : HKCU\Software\SmartbarBackup
        Key Deleted : HKCU\Software\SmartbarLog
        Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
        Key Deleted : HKLM\Software\APN
        Key Deleted : HKLM\Software\AskToolbar
        Key Deleted : HKLM\Software\jZip
        Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
        Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

        ***** [ Browsers ] *****

        -\\ Internet Explorer v9.0.8112.16450

        Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
        Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

        -\\ Google Chrome v

        [ File : C:\Users\Morris\AppData\Local\Google\Chrome\User Data\Default\preferences ]

        Deleted : homepage

        *************************

        AdwCleaner[R0].txt - [7681 octets] - [23/09/2013 15:26:30]
        AdwCleaner[S0].txt - [6195 octets] - [23/09/2013 15:34:53]

        ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6255 octets] ##########

        DDS:

        DDS (Ver_2012-11-05.02) - NTFS_AMD64
        Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.25.2
        Run by Morris at 10:13:24 on 2013-09-23
        .
        ============== Running Processes ================
        .
        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
        C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
        C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
        C:\Program Files (x86)\Launch Manager\dsiwmis.exe
        C:\Program Files (x86)\Launch Manager\LMutilps32.exe
        C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
        C:\Program Files\Acer\Acer Updater\UpdaterService.exe
        C:\Windows\SysWOW64\rundll32.exe
        C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
        C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
        C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
        C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
        C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
        C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
        C:\Users\Morris\AppData\Local\Google\Update\GoogleUpdate.exe
        C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
        C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
        C:\Program Files (x86)\Steam\Steam.exe
        C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
        C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
        C:\Program Files (x86)\Launch Manager\LManager.exe
        C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
        C:\Program Files (x86)\iTunes\iTunesHelper.exe
        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
        C:\Program Files (x86)\Launch Manager\LMworker.exe
        C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
        C:\Program Files (x86)\Common Files\Steam\SteamService.exe
        C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
        C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
        C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
        C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
        C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
        C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
        C:\Users\Morris\AppData\Local\Temp\NEW3E85.tmp.exe
        c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
        C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
        C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
        C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
        C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
        C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
        C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
        C:\Users\Morris\AppData\Local\Temp\setup.exe
        C:\Users\Morris\AppData\Local\Temp\NEWCF4F.tmp.exe
        C:\Windows\SysWOW64\MSIEXEC.EXE
        C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
        C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
        .
        ============== Pseudo HJT Report ===============
        .
        uStart Page = hxxp://www.google.com
        uSearch Bar = hxxp://www.google.com
        uSearch Page = hxxp://www.google.com
        uDefault_Page_URL = hxxp://acer.msn.com
        mStart Page = hxxp://acer.msn.com
        mDefault_Page_URL = hxxp://acer.msn.com
        uSearchAssistant = hxxp://www.google.com
        uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
        mWinlogon: Userinit = userinit.exe,
        BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
        BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
        BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
        BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
        BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
        BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
        BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
        TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
        TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
        TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
        TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
        uRun: [Google Update] "C:\Users\Morris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
        uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
        uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
        uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
        uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
        mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
        mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
        mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
        mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
        mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
        mRun: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
        mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
        mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
        mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
        mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
        mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
        mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
        dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
        uExplorerRun: [OEM] C:\Users\Morris\AppData\Roaming\064076.exe
        mPolicies-Explorer: NoActiveDesktop = dword:1
        mPolicies-Explorer: NoActiveDesktopChanges = dword:1
        mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
        mPolicies-System: ConsentPromptBehaviorUser = dword:3
        mPolicies-System: EnableUIADesktopToggle = dword:0
        IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
        IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
        IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
        IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
        IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
        IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
        LSP: mswsock.dll
        TCP: NameServer = 192.168.1.1
        TCP: Interfaces\{B98AB6D2-0E2A-4CF3-8884-F8B61A3392CB} : DHCPNameServer = 192.168.1.1
        TCP: Interfaces\{FFF12F21-E494-4FC0-B104-145B1E4A8E68} : DHCPNameServer = 192.168.1.1
        TCP: Interfaces\{FFF12F21-E494-4FC0-B104-145B1E4A8E68}\9434944455 : DHCPNameServer = 192.168.1.1
        TCP: Interfaces\{FFF12F21-E494-4FC0-B104-145B1E4A8E68}\D4F627279637D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
        Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
        Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
        Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
        Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
        Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
        SSODL: WebCheck - <orphaned>
        x64-mStart Page = hxxp://acer.msn.com
        x64-mDefault_Page_URL = hxxp://acer.msn.com
        x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
        x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
        x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
        x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
        x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
        x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
        x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
        x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
        x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
        x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
        x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
        x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
        x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
        x64-Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe
        x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
        x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
        x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
        x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
        x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
        x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
        x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
        x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
        x64-Notify: igfxcui - igfxdev.dll
        x64-SSODL: WebCheck - <orphaned>
        .
        ============= SERVICES / DRIVERS ===============
        .
        R? AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service
        R? cfwids;McAfee Inc. cfwids
        R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
        R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
        R? EgisTec Ticket Service;EgisTec Ticket Service
        R? GamesAppService;GamesAppService
        R? HipShieldK;McAfee Inc. HipShieldK
        R? JNPRNA;Juniper Network Agent Miniport
        R? JnprVaMgr;Juniper Networks Virtual Adapter Manager Service
        R? McAWFwk;McAfee Activation Service
        R? McComponentHostService;McAfee Security Scan Component Host Service
        R? McMPFSvc;McAfee Personal Firewall Service
        R? McOobeSv;McAfee OOBE Service
        R? mferkdet;McAfee Inc. mferkdet
        R? mfetdi2k;McAfee Inc. mfetdi2k
        R? SkypeUpdate;Skype Updater
        R? TsUsbFlt;TsUsbFlt
        R? TsUsbGD;Remote Desktop Generic USB Device
        R? TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0
        R? USBAAPL64;Apple Mobile USB Driver
        R? WatAdminSvc;Windows Activation Technologies-service
        R? wlcrasvc;Windows Live Mesh remote connections service
        S? cvhsvc;Client Virtualization Handler
        S? DsiWMIService;Dritek WMI Service
        S? dtsoftbus01;DAEMON Tools Virtual Bus Driver
        S? ePowerSvc;ePower Service
        S? GREGService;GREGService
        S? HECIx64;Intel(R) Management Engine Interface
        S? Impcd;Impcd
        S? IntcDAud;Intel(R) Display Audio
        S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller
        S? Live Updater Service;Live Updater Service
        S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
        S? McNaiAnn;McAfee VirusScan Announcer
        S? McProxy;McAfee Proxy Service
        S? McShield;McAfee McShield
        S? mfeavfk;McAfee Inc. mfeavfk
        S? mfefire;McAfee Firewall Core Service
        S? mfefirek;McAfee Inc. mfefirek
        S? mfehidk;McAfee Inc. mfehidk
        S? mfevtp;McAfee Validation Trust Protection Service
        S? mfewfpk;McAfee Inc. mfewfpk
        S? mwlPSDFilter;mwlPSDFilter
        S? mwlPSDNServ;mwlPSDNServ
        S? mwlPSDVDisk;mwlPSDVDisk
        S? NOBU;Norton Online Backup
        S? NTI IScheduleSvc;NTI IScheduleSvc
        S? nvpciflt;nvpciflt
        S? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
        S? Sftfs;Sftfs
        S? sftlist;Application Virtualization Client
        S? Sftplay;Sftplay
        S? Sftredir;Sftredir
        S? Sftvol;Sftvol
        S? sftvsa;Application Virtualization Service Agent
        S? StarWindServiceAE;StarWind AE Service
        S? TurboB;Turbo Boost UI Monitor driver
        S? UNS;Intel(R) Management & Security Application User Notification Service
        .
        =============== Created Last 30 ================
        .
        2013-09-22 19:16:02 -------- d-----w- C:\Users\Morris\AppData\Local\MFAData
        2013-09-22 19:16:02 -------- d-----w- C:\Users\Morris\AppData\Local\Avg2014
        2013-09-22 19:16:02 -------- d-----w- C:\ProgramData\MFAData
        2013-09-03 08:48:20 -------- d-----w- C:\Users\Morris\AppData\Roaming\The Creative Assembly
        2013-09-02 10:50:10 -------- d-----w- C:\Program Files (x86)\Rockstar Games
        2013-09-02 10:49:55 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
        2013-09-02 10:49:55 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
        2013-09-02 10:49:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
        2013-09-02 10:49:55 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
        2013-09-02 10:49:55 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
        2013-09-02 10:49:52 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
        2013-09-02 10:49:51 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
        .
        ==================== Find3M ====================
        .
        2013-09-14 05:59:45 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
        2013-09-14 05:59:44 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
        2013-06-25 15:48:34 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
        2013-06-25 15:48:34 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
        2013-06-25 15:48:34 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
        .
        ============= FINISH: 10:14:11,99 ===============

        Checkup:

        Results of screen317's Security Check version 0.99.73
        Windows 7 Service Pack 1 x64 (UAC is enabled)
        Internet Explorer 10
        ``````````````Antivirus/Firewall Check:``````````````
        Windows Security Center service is not running! This report may not be accurate!
        WMI entry may not exist for antivirus; attempting automatic update.
        `````````Anti-malware/Other Utilities Check:`````````
        Spybot - Search & Destroy
        Java 7 Update 25
        Adobe Flash Player 11.8.800.168
        Adobe Reader 10.1.0 Adobe Reader out of Date!
        Google Chrome 29.0.1547.66
        Google Chrome 29.0.1547.76
        ````````Process Check: objlist.exe by Laurent````````
        Symantec Norton Online Backup NOBuAgent.exe
        `````````````````System Health check`````````````````
        Total Fragmentation on Drive C: 8%
        ````````````````````End of Log``````````````````````

        Comment


        • #5
          Update MBAM.
          Sluit MBAM.


          Start je PC op in Veilige Modus.
          Doe nu een VOLLEDIGE scan, selecteer en verwijder de gevonden items.
          Post deze log.


          Post eveneens een verse DDS log en wel NADAT mbam zijn werk gedaan heeft.

          Jouw vorige DDS log was voor AdwCleaner en daar kan ik niets mee.
          Dus volg mijn instructies correct op aub.
          Last edited by Emphyrio; 23-09-13, 14:57.
          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

          Comment


          • #6
            Excuses voor het niet juist opvolgen van je aanwijzingen, ik zal daar beter opletten.

            Het probleem is dus dat Malwarebytes na 7 minuten ongeveer vast loopt bij een volledige scan. Ik heb het nu 2 keer geprobeerd zoals jij beschreven hebt, maar steeds hetzelfde liedje. Ik kan hem dus niet afronden en de log opsturen.

            Comment


            • #7
              Ok, dan gaan we even het volgende proberen.....


              Download DeFogger naar je bureaublad.
              Dubbelklik op DeFogger.

              Klik op de Disable button om de CD Emulation drivers uit te schakelen.
              Klik daarna Yes .



              DeFogger zal op het einde vragen om te rebooten, klik op OK.

              • Zet Teatimer uit.
              • Zet je beveiligingssoftware tijdelijk uit (McAfee)



              Download RKill via één van de links op deze webpagina naar je bureaublad. Het best kies je hier voor iExplore.exe.
              Dubbelklik op "rkill" om het te starten

              Dit kan een beetje tijd in beslag nemen.
              Indien er een melding komt dat rkill een infectie is kunt u dit negeren, het is namelijk een vals alarm.
              Indien u problemen blijft houden qua meldingen download dan hier (iExplorer.exe) een hernoemde rkill versie naar uw bureaublad en voer deze uit.

              Als "rkill" gereed is zal er LOG bestanden geopend worden, deze is ook terug te vinden op de systeemschijf C:\rkill.log plaats de inhoud hiervan in het volgende bericht.


              Let op!!! Herstart niet de computer na het gebruik van rkill



              Doe nu een volledige scan met MBAM.
              (Je pc mag je herstarten als MBAM hierom vraagt)


              Post de volgende logs:
              .
              • RKill
              • MBAM
              • DDS

              .
              Als MBAM weer niet wilt dien je in elk geval de RKill en DDS log te posten.
              Last edited by Emphyrio; 23-09-13, 15:53.
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                Bedankt voor je reactie (wederom!)

                Na Rkill MalwareBytes opnieuw opgestart, dit keer hield hij het 19 seconde vol.

                Rkill:

                Rkill 2.6.1 by Lawrence Abrams (Grinler)
                http://www.bleepingcomputer.com/
                Copyright 2008-2013 BleepingComputer.com
                More Information about Rkill can be found at this link:
                http://www.bleepingcomputer.com/forums/topic308364.html

                Program started at: 09/23/2013 05:28:39 PM in x64 mode.
                Windows Version: Windows 7 Home Premium Service Pack 1

                Checking for Windows services to stop:

                * No malware services found to stop.

                Checking for processes to terminate:

                * No malware processes found to kill.

                Possibly Patched Files.

                * C:\Windows\system32\services.exe

                Checking Registry for malware related settings:

                * Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

                Backup Registry file created at:
                C:\Users\Morris\Desktop\rkill\rkill-09-23-2013-05-28-43.reg

                Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

                Performing miscellaneous checks:

                * Windows Defender Disabled

                [HKLM\SOFTWARE\Microsoft\Windows Defender]

                DDS:

                DDS (Ver_2012-11-20.01) - NTFS_AMD64
                Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.25.2
                Run by Morris at 17:35:00 on 2013-09-23
                .
                ============== Running Processes ================
                .
                C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
                C:\Program Files (x86)\Launch Manager\dsiwmis.exe
                C:\Program Files (x86)\Launch Manager\LMutilps32.exe
                C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
                C:\Program Files\Acer\Acer Updater\UpdaterService.exe
                C:\Windows\SysWOW64\rundll32.exe
                C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
                C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
                C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
                C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
                C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
                C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
                C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
                C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
                C:\Program Files (x86)\Launch Manager\LManager.exe
                C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
                C:\Program Files (x86)\iTunes\iTunesHelper.exe
                C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                C:\Program Files (x86)\Launch Manager\LMworker.exe
                C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
                C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
                C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
                C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
                C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
                C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
                C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
                C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
                C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
                C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
                .
                ============== Pseudo HJT Report ===============
                .
                uStart Page = hxxp://www.google.com
                uSearch Bar = hxxp://www.google.com
                uSearch Page = hxxp://www.google.com
                uDefault_Page_URL = hxxp://acer.msn.com
                mStart Page = hxxp://acer.msn.com
                mDefault_Page_URL = hxxp://acer.msn.com
                uSearchAssistant = hxxp://www.google.com
                uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
                mWinlogon: Userinit = userinit.exe,
                BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
                BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
                BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
                BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
                BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
                uRun: [Google Update] "C:\Users\Morris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
                uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
                uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
                mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
                mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
                mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
                mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
                mRun: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
                mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
                mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
                mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
                uExplorerRun: [OEM] C:\Users\Morris\AppData\Roaming\064076.exe
                mPolicies-Explorer: NoActiveDesktop = dword:1
                mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                mPolicies-System: ConsentPromptBehaviorUser = dword:3
                mPolicies-System: EnableUIADesktopToggle = dword:0
                IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
                IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
                IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
                IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
                LSP: mswsock.dll
                TCP: NameServer = 192.168.1.1
                TCP: Interfaces\{FFF12F21-E494-4FC0-B104-145B1E4A8E68} : DHCPNameServer = 192.168.1.1
                TCP: Interfaces\{FFF12F21-E494-4FC0-B104-145B1E4A8E68}\9434944455 : DHCPNameServer = 192.168.1.1
                TCP: Interfaces\{FFF12F21-E494-4FC0-B104-145B1E4A8E68}\D4F627279637D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
                Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
                Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
                Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
                Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
                SSODL: WebCheck - <orphaned>
                x64-mStart Page = hxxp://acer.msn.com
                x64-mDefault_Page_URL = hxxp://acer.msn.com
                x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
                x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
                x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
                x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
                x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
                x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
                x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
                x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
                x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
                x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
                x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
                x64-Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe
                x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
                x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
                x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
                x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
                x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                x64-Notify: igfxcui - igfxdev.dll
                x64-SSODL: WebCheck - <orphaned>
                .
                ============= SERVICES / DRIVERS ===============
                .
                R? AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service
                R? cfwids;McAfee Inc. cfwids
                R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
                R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
                R? EgisTec Ticket Service;EgisTec Ticket Service
                R? GamesAppService;GamesAppService
                R? HipShieldK;McAfee Inc. HipShieldK
                R? JNPRNA;Juniper Network Agent Miniport
                R? JnprVaMgr;Juniper Networks Virtual Adapter Manager Service
                R? McAWFwk;McAfee Activation Service
                R? McComponentHostService;McAfee Security Scan Component Host Service
                R? McMPFSvc;McAfee Personal Firewall Service
                R? McOobeSv;McAfee OOBE Service
                R? mferkdet;McAfee Inc. mferkdet
                R? mfetdi2k;McAfee Inc. mfetdi2k
                R? SkypeUpdate;Skype Updater
                R? TsUsbFlt;TsUsbFlt
                R? TsUsbGD;Remote Desktop Generic USB Device
                R? TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0
                R? USBAAPL64;Apple Mobile USB Driver
                R? WatAdminSvc;Windows Activation Technologies-service
                R? wlcrasvc;Windows Live Mesh remote connections service
                S? cvhsvc;Client Virtualization Handler
                S? DsiWMIService;Dritek WMI Service
                S? dtsoftbus01;DAEMON Tools Virtual Bus Driver
                S? ePowerSvc;ePower Service
                S? GREGService;GREGService
                S? HECIx64;Intel(R) Management Engine Interface
                S? Impcd;Impcd
                S? IntcDAud;Intel(R) Display Audio
                S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller
                S? Live Updater Service;Live Updater Service
                S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
                S? McNaiAnn;McAfee VirusScan Announcer
                S? McProxy;McAfee Proxy Service
                S? McShield;McAfee McShield
                S? mfeavfk;McAfee Inc. mfeavfk
                S? mfefire;McAfee Firewall Core Service
                S? mfefirek;McAfee Inc. mfefirek
                S? mfehidk;McAfee Inc. mfehidk
                S? mfevtp;McAfee Validation Trust Protection Service
                S? mfewfpk;McAfee Inc. mfewfpk
                S? mwlPSDFilter;mwlPSDFilter
                S? mwlPSDNServ;mwlPSDNServ
                S? mwlPSDVDisk;mwlPSDVDisk
                S? NOBU;Norton Online Backup
                S? NTI IScheduleSvc;NTI IScheduleSvc
                S? nvpciflt;nvpciflt
                S? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
                S? Sftfs;Sftfs
                S? sftlist;Application Virtualization Client
                S? Sftplay;Sftplay
                S? Sftredir;Sftredir
                S? Sftvol;Sftvol
                S? sftvsa;Application Virtualization Service Agent
                S? StarWindServiceAE;StarWind AE Service
                S? TurboB;Turbo Boost UI Monitor driver
                S? UNS;Intel(R) Management & Security Application User Notification Service
                .
                =============== Created Last 30 ================
                .
                2013-09-23 13:25:50 -------- d-----w- C:\AdwCleaner
                2013-09-22 19:16:02 -------- d-----w- C:\Users\Morris\AppData\Local\MFAData
                2013-09-22 19:16:02 -------- d-----w- C:\Users\Morris\AppData\Local\Avg2014
                2013-09-22 19:16:02 -------- d-----w- C:\ProgramData\MFAData
                2013-09-03 08:48:20 -------- d-----w- C:\Users\Morris\AppData\Roaming\The Creative Assembly
                2013-09-02 10:50:10 -------- d-----w- C:\Program Files (x86)\Rockstar Games
                2013-09-02 10:49:55 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
                2013-09-02 10:49:55 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
                2013-09-02 10:49:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
                2013-09-02 10:49:55 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
                2013-09-02 10:49:55 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
                2013-09-02 10:49:52 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
                2013-09-02 10:49:51 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
                .
                ==================== Find3M ====================
                .
                2013-09-23 12:33:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                2013-09-23 12:33:09 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                2013-06-25 15:48:34 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                2013-06-25 15:48:34 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
                2013-06-25 15:48:34 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
                .
                ============= FINISH: 17:35:24,92 ===============

                Comment


                • #9
                  Ik vermoed dat je McAfee hier voor probleme zorgt ivm MBAM.


                  Eerst :

                  Schakel je emulatiesoftware (Alcohol Soft) uit met Defogger
                  Schakel Teatimer uit.
                  Zet je McAfee uit.


                  Download de Emsisoft Emergency Kit naar het bureaublad.

                  Klik hier voor de complete / uitgebreide handleiding van de Emsisoft Emergency Kit.
                  .
                  • Dubbelklik op "EmsisoftEmergencyKit.exe", wanneer u een melding krijgt van het gebruikersaccountbeheer staat u dit toe.
                  • Klik vervolgens op de knop "Accept & Extract" en de bestanden worden nu automatisch uitgepakt naar de systeemschijf "C:\EEK".
                  • Wanneer het uitpakken gereed is wordt er een snelkoppeling op het bureaublad aangemaakt en zal de Emsisoft Emergency Kit vanzelf openen.
                  • Klik nu op de optie "Emergency Kit Scanner" en wanneer u de melding "Wilt u nu updaten?" krijgt klikt u op "Ja".
                  • Wanneer de update gereed is klikt u in het linker menu op de optie "Computer Scannen".
                  • Kies vervolgens de optie "Diep", deze scan kan geruime tijd in beslag nemen en gebruik bij voorkeur de computer niet voor andere bezigheden tijdens de scan.
                  • Wanneer de scan gereed is zorg dat alle items staan aangevinkt en klik op de knop "Quarantaine".
                  • Klik vervolgens op de knop "Rapport bekijken" en plaats de inhoud van dit bestand in uw volgende bericht. (Het logbestand is teven terug te vinden op de systeemschijf (C:\EEK\Run\Reports) met de naam a2scan_130711-154142.txt



                  Download of Update Ccleaner

                  Start CCleaner op.
                  • Run Ccleaner en klik in de linkse kolom op Opties
                  • Selecteer het tabblad Geavanceerd
                  • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                  • Haal het vinkje weg voor Verwijder alleen bestanden in de Prullenbak die ouder zijn dan 24 uur
                  • Selecteer het tabblad Instellingen
                  • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                  • Klik in de linkse kolom op Cleaner.
                  • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                  • Klik vervolgens in de linkse kolom op Register
                  • Klik op Scan naar problemen.
                  • Als er fouten gevonden worden klik je op Herstel geselecteerde problemen
                  • Hier kan de vraag verschijnen of je je register wil backuppen.Antwoord met Ja en OK

                  .

                  Post eveneens een verse DDS log.
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment


                  • #10
                    Mcafee kom ik niet in. Is het een idee om Mcafee volledig te verwijderen?

                    Comment


                    • #11
                      Oorspronkelijk geplaatst door Hansworst Bekijk Berichten
                      Mcafee kom ik niet in. Is het een idee om Mcafee volledig te verwijderen?
                      Ja, dat zou wat problemen besparen.
                      McAfee is niet eenvoudig te verwijderen, daarom volg je best deze instructies.

                      Als je dat hebt gedaan, ga dan verder met de rest.
                      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                      Comment


                      • #12
                        Eindelijk gelukt om alles helemaal te scannen na behoorlijk wat 'troep' te verwijderen

                        EEK:

                        Emsisoft Emergency Kit - Versie 4.0
                        Laatste Update: 23-9-2013 19:52:29
                        Gebruikersaccount: Morris-PC\Morris

                        Scaninstellingen:

                        Scanmodus: Diepe scan
                        Objecten: Rootkits, Geheugen, Sporen, C:\, Q:\

                        Detecteer PUPs: Aan
                        Scan archieven: Aan
                        ADS Scan: Aan
                        Bestandsextensiefilter: Uit
                        Geavanceerde cache: Aan
                        Directe schijftoegang: Uit

                        Scan gestart: 24-9-2013 15:26:44
                        C:\Users\Morris\Downloads\SVSPITTTTS.rar.exe Ontdekt: Adware.Generic.560917 (B)
                        C:\Windows\assembly\GAC_32\Desktop.ini Ontdekt: Trojan.Generic.7798618 (B)
                        C:\Windows\assembly\GAC_64\Desktop.ini Ontdekt: Trojan.Generic.7713809 (B)
                        C:\Windows\Installer\{00fde218-baa4-5183-3624-ac1a5572d32c}\L\[email protected] Ontdekt: Trojan.Win32.ZAccess (A)
                        C:\Windows\System32\services.exe Ontdekt: Trojan.Patched.Sirefef.A (B)

                        Gescand: 517766
                        Gevonden: 5

                        Scan geëindigd: 24-9-2013 17:05:44
                        Scantijd: 1:39:00

                        C:\Windows\Installer\{00fde218-baa4-5183-3624-ac1a5572d32c}\L\[email protected] In quarantaine geplaatst Trojan.Win32.ZAccess (A)
                        C:\Users\Morris\Downloads\SVSPITTTTS.rar.exe In quarantaine geplaatst Adware.Generic.560917 (B)

                        In quarantaine geplaatst 2

                        DDS:

                        DDS (Ver_2012-11-20.01) - NTFS_AMD64
                        Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.25.2
                        Run by Morris at 17:39:10 on 2013-09-24
                        Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.7861.6033 [GMT 2:00]
                        .
                        AV: McAfee Antivirus en antispyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
                        SP: McAfee Antivirus en antispyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
                        SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                        FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
                        .
                        ============== Running Processes ===============
                        .
                        C:\Windows\system32\lsm.exe
                        C:\Windows\system32\svchost.exe -k DcomLaunch
                        C:\Windows\system32\nvvsvc.exe
                        C:\Windows\system32\svchost.exe -k RPCSS
                        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                        C:\Windows\system32\svchost.exe -k netsvcs
                        C:\Windows\system32\svchost.exe -k LocalService
                        C:\Windows\system32\svchost.exe -k NetworkService
                        C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
                        C:\Windows\system32\nvvsvc.exe
                        C:\Windows\System32\spoolsv.exe
                        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                        C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                        C:\Program Files\Bonjour\mDNSResponder.exe
                        C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
                        C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
                        C:\Program Files (x86)\Launch Manager\dsiwmis.exe
                        C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
                        C:\Program Files (x86)\Launch Manager\LMutilps32.exe
                        C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
                        C:\Program Files\Acer\Acer Updater\UpdaterService.exe
                        C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
                        C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
                        C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
                        C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
                        C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
                        C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
                        C:\Windows\system32\SearchIndexer.exe
                        C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
                        C:\Windows\servicing\TrustedInstaller.exe
                        C:\Windows\system32\taskhost.exe
                        C:\Windows\system32\Dwm.exe
                        C:\Windows\Explorer.EXE
                        C:\Windows\System32\igfxtray.exe
                        C:\Windows\System32\hkcmd.exe
                        C:\Windows\System32\igfxpers.exe
                        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                        C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                        C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
                        C:\Windows\system32\igfxsrvc.exe
                        C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
                        C:\Program Files (x86)\Steam\Steam.exe
                        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
                        C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
                        C:\Program Files (x86)\Launch Manager\LManager.exe
                        C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
                        C:\Program Files (x86)\iTunes\iTunesHelper.exe
                        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                        C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
                        C:\Windows\system32\igfxext.exe
                        C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
                        C:\Windows\system32\wbem\unsecapp.exe
                        C:\Program Files (x86)\Launch Manager\LMworker.exe
                        C:\Windows\system32\wbem\wmiprvse.exe
                        C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
                        C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
                        C:\Program Files\iPod\bin\iPodService.exe
                        C:\Windows\system32\taskeng.exe
                        C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
                        C:\Program Files\Windows Media Player\wmpnetwk.exe
                        C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
                        C:\Program Files (x86)\Common Files\Steam\SteamService.exe
                        C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                        C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
                        C:\Windows\system32\NOTEPAD.EXE
                        C:\Windows\system32\taskeng.exe
                        C:\Windows\system32\svchost.exe -k SDRSVC
                        C:\Windows\system32\SearchFilterHost.exe
                        C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
                        C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
                        C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
                        C:\Users\Morris\AppData\Local\Google\Chrome\Application\chrome.exe
                        C:\Windows\system32\SearchProtocolHost.exe
                        C:\Windows\system32\wbem\wmiprvse.exe
                        C:\Windows\System32\cscript.exe
                        .
                        ============== Pseudo HJT Report ===============
                        .
                        uStart Page = hxxp://www.google.com
                        uSearch Bar = hxxp://www.google.com
                        uSearch Page = hxxp://www.google.com
                        uDefault_Page_URL = hxxp://acer.msn.com
                        mStart Page = hxxp://acer.msn.com
                        mDefault_Page_URL = hxxp://acer.msn.com
                        uSearchAssistant = hxxp://www.google.com
                        uURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>
                        mWinlogon: Userinit = userinit.exe,
                        BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
                        BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                        BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
                        BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
                        BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                        uRun: [Google Update] "C:\Users\Morris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
                        uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
                        mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
                        mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
                        mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                        mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
                        mRun: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
                        mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
                        mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
                        mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                        mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                        mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                        dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
                        uExplorerRun: [OEM] C:\Users\Morris\AppData\Roaming\064076.exe
                        StartupFolder: C:\Users\Morris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
                        StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
                        mPolicies-Explorer: NoActiveDesktop = dword:1
                        mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                        mPolicies-System: ConsentPromptBehaviorUser = dword:3
                        mPolicies-System: EnableUIADesktopToggle = dword:0
                        IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
                        IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
                        IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                        IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
                        IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                        IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
                        LSP: mswsock.dll
                        TCP: NameServer = 192.168.1.1
                        TCP: Interfaces\{FFF12F21-E494-4FC0-B104-145B1E4A8E68} : DHCPNameServer = 192.168.1.1
                        TCP: Interfaces\{FFF12F21-E494-4FC0-B104-145B1E4A8E68}\9434944455 : DHCPNameServer = 192.168.1.1
                        TCP: Interfaces\{FFF12F21-E494-4FC0-B104-145B1E4A8E68}\D4F627279637D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
                        Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                        Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
                        Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
                        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                        Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                        AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
                        SSODL: WebCheck - <orphaned>
                        x64-mStart Page = hxxp://acer.msn.com
                        x64-mDefault_Page_URL = hxxp://acer.msn.com
                        x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        x64-BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
                        x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
                        x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
                        x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
                        x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
                        x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
                        x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
                        x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
                        x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
                        x64-Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe
                        x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
                        x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                        x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                        x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
                        x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
                        x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                        x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                        x64-Notify: igfxcui - igfxdev.dll
                        x64-SSODL: WebCheck - <orphaned>
                        .
                        ============= SERVICES / DRIVERS ===============
                        .
                        R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-7-13 28992]
                        R1 A2DDA;A2 Direct Disk Access Support Driver;C:\EEK\Run\a2ddax64.sys [2013-9-23 26176]
                        R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-7 283200]
                        R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2012-3-20 22648]
                        R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2012-3-20 20520]
                        R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2012-3-20 62776]
                        R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
                        R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-3-20 353360]
                        R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2012-7-13 871296]
                        R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2012-2-29 28264]
                        R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-3-20 255376]
                        R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
                        R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-1-5 256536]
                        R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
                        R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
                        R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-30 16120]
                        R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-20 2538520]
                        R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-3-20 56344]
                        R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-3-20 158976]
                        R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-20 317440]
                        R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-20 77936]
                        R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-3-20 250984]
                        R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
                        R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
                        R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
                        R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
                        R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
                        S2 0070101379957529mcinstcleanup;McAfee Application Installer Cleanup (0070101379957529);C:\Users\Morris\AppData\Local\Temp\007010~1.EXE -cleanup -nolog --> C:\Users\Morris\AppData\Local\Temp\007010~1.EXE -cleanup -nolog [?]
                        S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-1-5 75624]
                        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                        S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
                        S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
                        S3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2013-9-23 57024]
                        S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
                        S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
                        S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-22 196440]
                        S3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;C:\Windows\System32\drivers\jnprvamgr.sys [2013-1-17 45352]
                        S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
                        S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
                        S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
                        S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
                        S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-1 1255736]
                        S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
                        .
                        =============== Created Last 30 ================
                        .
                        2013-09-24 15:34:17 -------- d-----w- C:\Program Files\CCleaner
                        2013-09-23 17:49:34 -------- d-----w- C:\EEK
                        2013-09-23 17:36:22 -------- d-s---w- C:\Windows\SysWow64\Microsoft
                        2013-09-23 13:25:50 -------- d-----w- C:\AdwCleaner
                        2013-09-22 19:16:02 -------- d-----w- C:\Users\Morris\AppData\Local\MFAData
                        2013-09-22 19:16:02 -------- d-----w- C:\Users\Morris\AppData\Local\Avg2014
                        2013-09-22 19:16:02 -------- d-----w- C:\ProgramData\MFAData
                        2013-09-03 08:48:20 -------- d-----w- C:\Users\Morris\AppData\Roaming\The Creative Assembly
                        2013-09-02 10:50:10 -------- d-----w- C:\Program Files (x86)\Rockstar Games
                        2013-09-02 10:49:55 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
                        2013-09-02 10:49:55 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
                        2013-09-02 10:49:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
                        2013-09-02 10:49:55 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
                        2013-09-02 10:49:55 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
                        2013-09-02 10:49:52 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
                        2013-09-02 10:49:51 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
                        .
                        ==================== Find3M ====================
                        .
                        2013-09-23 12:33:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                        2013-09-23 12:33:09 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                        .
                        ============= FINISH: 17:39:55,79 ===============

                        Comment


                        • #13
                          Dit ziet er idd reeds stukken beter uit

                          Hetgeen EEK in quarantine heeft geplaatst, mag je verwijderen.

                          Doe nu eens een volledige scan van MBAM.
                          Selecteer de gevonden items voor verwijdering en post de log.
                          Post eveneens een verse DDS log.
                          Last edited by Emphyrio; 24-09-13, 16:54.
                          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                          Comment


                          • #14
                            Wil het lukken?
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment


                            • #15
                              Sorry voor de late reactie maar het wil maar niet lukken. Na ongeveer een uur staat Malwarebytes vast. Ik heb trouwens verder geen problemen meer. Alles loopt weer soepel en snel en lijkt prima te werken. Alleen Malwarebytes dus niet.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X