Mededeling

Collapse
No announcement yet.

internet is super traag

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • internet is super traag

    Laatste dagen is internet super traag. Heb de nodige scans gedaan, ook met superantispyware (41 tracking cookies gevonden en verwijderd).
    Zien jullie nog iets in de logs?

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 10.45.2
    Run by kim at 11:35:06 on 2013-12-25
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.2008.859 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ================
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
    C:\Program Files\Lenovo\PM Driver\PMSveH.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\Lenovo\System Update\SUService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Lenovo\PM Driver\PMHandler.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
    C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
    C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.hln.be/
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [PMHandler] c:\progra~1\lenovo\pmdriv~1\PMHandler.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
    mRun: [TPWAUDAP] c:\program files\lenovo\hotkey\TpWAudAp.exe
    mRun: [SmartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c
    mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
    mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRunOnce: [PrivacyGuardianIndex] c:\program files\privacy guardian\PgIndex.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 195.130.131.131 195.130.130.3
    TCP: Interfaces\{7471ED11-4127-4C22-9A17-20EA635C6961} : DHCPNameServer = 195.130.131.131 195.130.130.3
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Notification Packages = scecli ACGina
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-8 250080]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-4-11 302368]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-20 13480]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2013-10-16 5175856]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    R2 FNF5SVC;Fn+F5 Service;c:\program files\lenovo\hotkey\FnF5svc.exe [2008-9-11 54560]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072]
    R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-9-11 53325]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-25 520192]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-12-10 142176]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-10-31 29736]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-10-31 112128]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-10-31 97536]
    R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
    R3 vm331avs;Lenovo EasyCamera;c:\windows\system32\drivers\vm331avs.sys [2008-10-31 974336]
    S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-24 48192]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 253952]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2013-12-25 10:20:12 -------- d-----w- c:\windows\pss
    2013-12-25 09:16:58 -------- d-----w- c:\users\kim\appdata\roaming\SUPERAntiSpyware.com
    2013-12-25 09:16:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2013-12-25 09:16:38 -------- d-----w- c:\program files\SUPERAntiSpyware
    2013-12-24 09:12:12 -------- d-----w- c:\users\kim\appdata\local\Apple
    2013-12-23 22:06:36 -------- d-----w- c:\users\kim\appdata\local\Apple Computer
    2013-12-23 21:53:18 -------- d-----w- C:\E
    2013-12-22 19:13:05 -------- d-----w- C:\D
    2013-11-25 17:09:56 -------- d-----w- c:\programdata\Oracle
    2013-11-25 17:07:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    .
    ==================== Find3M ====================
    .
    2013-12-12 02:13:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-12-12 02:13:27 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    .
    ============= FINISH: 11:35:51,75 ===============


    Log van GMER:
    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-12-25 12:03:17
    Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2250BH_G2 rev.00000009 232,89GB
    Running: download[1].exe; Driver: C:\Users\kim\AppData\Local\Temp\kgldypob.sys


    ---- System - GMER 2.1 ----

    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x9DCE8004]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x9DCE80D4]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x9DCE7D76]
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x87FDD640]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x9DCE7EBA]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x9DCE7F56]

    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!KeSetTimerEx + 5F0 822C3E44 8 Bytes [04, 80, CE, 9D, D4, 80, CE, ...] {ADD AL, 0x80; INTO ; POPF ; AAM 0x80; INTO ; POPF }
    .text ntkrnlpa.exe!KeSetTimerEx + 624 822C3E78 4 Bytes [76, 7D, CE, 9D] {JBE 0x7f; INTO ; POPF }
    .text ntkrnlpa.exe!KeSetTimerEx + 854 822C40A8 8 Bytes [40, D6, FD, 87, BA, 7E, CE, ...]
    .text ntkrnlpa.exe!KeSetTimerEx + 8B4 822C4108 4 Bytes [56, 7F, CE, 9D] {PUSH ESI; JG 0xffffffd1; POPF }
    ? C:\Users\kim\AppData\Local\Temp\mbr.sys Het systeem kan het opgegeven bestand niet vinden. !

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[7956] USER32.dll!DialogBoxIndirectParamW 74F1BD25 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[7956] USER32.dll!DialogBoxIndirectParamW 74F1BD25 5 Bytes JMP 6BA15329 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[7956] USER32.dll!CreateWindowExW 74F23D67 5 Bytes JMP 6B91DB04 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[7956] USER32.dll!DialogBoxParamW 74F31FD5 5 Bytes JMP 6B8454C5 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[7956] USER32.dll!DialogBoxParamA 74F580B2 5 Bytes JMP 6BA152C6 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[7956] USER32.dll!DialogBoxIndirectParamA 74F583DD 5 Bytes JMP 6BA1538C C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[7956] USER32.dll!MessageBoxIndirectA 74F6D471 5 Bytes JMP 6BA1525B C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[7956] USER32.dll!MessageBoxIndirectW 74F6D56B 5 Bytes JMP 6BA151F0 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[7956] USER32.dll!MessageBoxExA 74F6D5D1 5 Bytes JMP 6BA1518E C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[7956] USER32.dll!MessageBoxExW 74F6D5F5 5 Bytes JMP 6BA1512C C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!SetWindowsHookExW 74F17B69 5 Bytes JMP 6B919A91 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!CallNextHookEx 74F18C33 5 Bytes JMP 6B90D0CD C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!GetAsyncKeyState 74F18DF4 5 Bytes JMP 6B838EFF C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!DialogBoxIndirectParamW 74F1BD25 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!DialogBoxIndirectParamW 74F1BD25 5 Bytes JMP 6BA15329 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!SendInput 74F1BEE7 5 Bytes JMP 6BA1675F C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!EndDialog 74F1C178 5 Bytes JMP 6B847E7E C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!EnableWindow 74F1DC79 5 Bytes JMP 6B91DD1D C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!CreateWindowExW 74F23D67 5 Bytes JMP 6B91DB04 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!GetKeyState 74F287C7 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!GetKeyState 74F287C7 5 Bytes JMP 6B91D2CB C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!IsDialogMessageW 74F299AE 5 Bytes JMP 6B8459D7 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!CreateDialogParamA 74F316FD 5 Bytes JMP 6BA15F95 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!IsDialogMessage 74F3179A 5 Bytes JMP 6BA15831 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!DialogBoxParamW 74F31FD5 5 Bytes JMP 6B8454C5 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!CreateDialogIndirectParamA 74F327CD 5 Bytes JMP 6BA15FCC C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!CreateDialogIndirectParamW 74F39AFA 5 Bytes JMP 6BA16003 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!UnhookWindowsHookEx 74F408BE 5 Bytes JMP 6B88466E C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!CreateDialogParamW 74F41C58 5 Bytes JMP 6B91DE90 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!SetKeyboardState 74F41ECE 5 Bytes JMP 6BA15BA0 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!SetCursorPos 74F56F1A 5 Bytes JMP 6BA167B3 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!DialogBoxParamA 74F580B2 5 Bytes JMP 6BA152C6 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!DialogBoxIndirectParamA 74F583DD 5 Bytes JMP 6BA1538C C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!MessageBoxIndirectA 74F6D471 5 Bytes JMP 6BA1525B C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!MessageBoxIndirectW 74F6D56B 5 Bytes JMP 6BA151F0 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!MessageBoxExA 74F6D5D1 5 Bytes JMP 6BA1518E C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!MessageBoxExW 74F6D5F5 5 Bytes JMP 6BA1512C C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] USER32.dll!keybd_event 74F6D93C 5 Bytes JMP 6BA16AE3 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] SHELL32.dll!SHRestricted + DFD 753B8390 4 Bytes [4D, 30, 51, 70] {DEC EBP; XOR [ECX+0x70], DL}
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] SHELL32.dll!SHRestricted + E05 753B8398 8 Bytes [57, 2F, 51, 70, 9C, 5B, 50, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] ole32.dll!OleLoadFromStream 750D9794 5 Bytes JMP 6BA15691 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[8048] ole32.dll!CoCreateInstance 7510E2D8 5 Bytes JMP 6B91DB60 C:\Windows\system32\IEFRAME.dll

    ---- User IAT/EAT - GMER 2.1 ----

    IAT C:\Windows\explorer.exe[1364] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [735A8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll
    IAT C:\Windows\explorer.exe[1364] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [735E9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll
    IAT C:\Windows\explorer.exe[1364] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [735AB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll
    IAT C:\Windows\explorer.exe[1364] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7359FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll
    IAT C:\Windows\explorer.exe[1364] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [735A7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll
    IAT C:\Windows\explorer.exe[1364] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7359EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll
    IAT C:\Windows\explorer.exe[1364] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [735DB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll
    IAT C:\Windows\explorer.exe[1364] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [735ABC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll
    IAT C:\Windows\explorer.exe[1364] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [735A0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll
    IAT C:\Windows\explorer.exe[1364] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [735A06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll
    IAT C:\Windows\explorer.exe[1364] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [735971B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll
    IAT C:\Windows\explorer.exe[1364] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7362D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll
    IAT C:\Windows\explorer.exe[1364] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [735C7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll
    IAT C:\Windows\explorer.exe[1364] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7359E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll
    IAT C:\Windows\explorer.exe[1364] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [7359697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll
    IAT C:\Windows\explorer.exe[1364] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [735969A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll
    IAT C:\Windows\explorer.exe[1364] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [735A2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys

    Device \Driver\BTHUSB \Device\00000070 bthport.sys

    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys

    Device \Driver\BTHUSB \Device\0000006e bthport.sys

    ---- Processes - GMER 2.1 ----

    Process (*** hidden *** ) [4] 8421FA90
    Library C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll (*** hidden *** ) @ C:\Windows\explorer.exe [1364] 0x60F30000
    Library C:\Program Files\Common Files\Nero\NeroShellExt\SolutionExplorer.dll (*** hidden *** ) @ C:\Windows\explorer.exe [1364] 0x734E0000

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269f14348
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269f14348 (not active ControlSet)

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.1 ----

  • #2
    Hoi Kim77 en welkom op Nucia Security Forum,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub .
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Stap 1:

    Malware scannen en verwijderen....

    Heb je MBAM reeds op je pc staan, moet je niet downloaden uiteraard.

    Download MalwareBytes' Anti-Malware naar je bureaublad vanuit één van de volgende links:
    .
    .
    Dubbelklik op mbam-setup.exe om het programma te installeren.

    Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
    Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

    Zorg dat er na de installatie een vinkje is geplaatst bij:
    .
    • Update MalwareBytes' Anti-Malware
    • Start MalwareBytes' Anti-Malware
    • Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

    .
    Zodra het programma gestart is, ga je naar het tabblad "Instellingen"
    .
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
    • Ga naar het tabblad "Updates" en Update MBAM.
    • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
    • Druk vervolgens op "Scannen" om de scan te starten.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
      Indien het veel items zijn, kan je in het venster rechtsklikken en "alle items selecteren" kiezen.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    .
    Indien MBAM vraagt om een herstart, doe dit dan ook.
    Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
    In dat geval post je dus de twee logs.

    De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


    Bij problemen!!!
    .
    .
    ___________________________________________________________

    Stap 2:

    Controle op slechte toolbars...

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner
    • Klik op Scan
    • Klik op Clean
    • KLIK HIER voor een vergroting! 

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

    Enkel de log na de "clean" optie heb ik nodig.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

    ___________________________________________________________

    Stap 3:

    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


    DDS is een diagnosetool en maakt gebruik van scripts.
    Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.

    Post de inhoud van DDS.txt.

    De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

    ___________________________________________________________

    Stap 4:

    Controle op updates...

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.

    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Wil het lukken?
      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

      Comment


      • #4
        Bij gebrek aan feedback zet ik dit topic op opgelost.

        Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
        Dit is gedaan om het forum netjes en overzichtelijk te houden.

        Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een direct bericht met verzoek om heropening.


        Emphyrio
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment

        Sorry, you are not authorized to view this page
        Working...
        X