Mededeling

Collapse
No announcement yet.

syswow64 is dit een virus?

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • syswow64 is dit een virus?

    Hallo,

    Een virus of...? Krijg deze melding en heb alle logbestanden.

    kunnen jullie mij hiermee helpen a.u.b.

    Groet,

    Fred

    Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2014.02.02.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    Fred :: FAMILIE-PC [administrator]

    Bescherming: Ingeschakeld

    2-2-2014 23:58:15
    MBAM-log-2014-02-02 (23-59-35).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 258014
    Verstreken tijd: 53 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Fred\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Geen actie ondernomen.

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16428
    Run by Fred at 23:45:38 on 2014-02-02
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8137.6356 [GMT 1:00]
    .
    AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
    C:\Windows\system32\EscSvc64.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: Userinit = userinit.exe
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    uRun: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Fred\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
    uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    TCP: NameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{F6183958-C985-4238-92F4-B2275DB6FE2C} : DHCPNameServer = 212.54.40.25 212.54.35.25
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2014-2-2 19224]
    R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
    R1 EIO64;EIO Driver;C:\Windows\System32\drivers\EIO64.sys [2014-2-2 16384]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-9-12 1337752]
    R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
    R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-2-2 135824]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-2-2 165760]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-2 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-2 701512]
    R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2014-2-2 136704]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2014-2-2 364416]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
    R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2014-2-2 356632]
    R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2014-2-2 789272]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-2 25928]
    R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2014-2-2 32344]
    R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2014-2-2 14136]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-2-2 676968]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-1 111616]
    S3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-7-24 46016]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-1 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-1 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-2-1 30208]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-1 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-02-02 22:36:29 -------- d-----w- C:\Users\Fred\AppData\Roaming\Malwarebytes
    2014-02-02 22:36:04 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-02-02 22:36:04 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-02-02 22:36:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-02-02 22:19:42 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-02-02 22:19:42 -------- d-----w- C:\Users\Fred\AppData\Local\VirtualStore
    2014-02-02 22:17:07 24064 ----a-w- C:\Windows\zoek-delete.exe
    2014-02-02 22:17:07 -------- d-----w- C:\Users\Fred\AppData\Local\Temp
    2014-02-02 21:56:14 -------- d-----w- C:\zoek_backup
    2014-02-02 21:41:38 -------- d-----w- C:\ProgramData\AMD
    2014-02-02 21:41:38 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2014-02-02 21:41:36 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
    2014-02-02 21:40:10 -------- d-----w- C:\Program Files\AMD
    2014-02-02 21:39:24 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
    2014-02-02 21:31:28 -------- d-----w- C:\AMD
    2014-02-02 21:29:04 -------- d-----w- C:\Program Files (x86)\AMD APP
    2014-02-02 21:28:32 -------- d-----w- C:\Program Files\ATI
    2014-02-02 21:28:29 -------- d-----w- C:\Program Files (x86)\ATI Technologies
    2014-02-02 21:28:08 -------- d-----w- C:\Program Files\ATI Technologies
    2014-02-02 19:55:23 -------- d--h--w- C:\SuperChargerProfile
    2014-02-02 19:55:23 -------- d-----w- C:\Program Files (x86)\MSI
    2014-02-02 19:53:11 19224 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
    2014-02-02 19:53:01 789272 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
    2014-02-02 19:52:58 356632 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
    2014-02-02 19:52:33 15168 ----a-r- C:\Windows\System32\drivers\IntelMEFWVer.dll
    2014-02-02 19:51:37 -------- d-----w- C:\Windows\SysWow64\RTCOM
    2014-02-02 19:51:37 -------- d-----w- C:\Program Files\Realtek
    2014-02-02 19:51:05 32344 ----a-w- C:\Windows\System32\drivers\MBfilt64.sys
    2014-02-02 19:51:02 2605400 ----a-w- C:\Windows\System32\WavesGUILib.dll
    2014-02-02 19:51:01 518896 ----a-w- C:\Windows\System32\SRSTSX64.dll
    2014-02-02 19:51:01 155888 ----a-w- C:\Windows\System32\SRSWOW64.dll
    2014-02-02 19:51:00 211184 ----a-w- C:\Windows\System32\SRSTSH64.dll
    2014-02-02 19:51:00 198896 ----a-w- C:\Windows\System32\SRSHP64.dll
    2014-02-02 19:49:49 202336 ----a-w- C:\Windows\System32\AERTAC64.dll
    2014-02-02 19:48:47 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
    2014-02-02 19:48:41 -------- d-----w- C:\Intel
    2014-02-02 19:47:56 -------- d-----w- C:\MSI
    2014-02-02 18:58:34 -------- d-----w- C:\Users\Fred\AppData\Local\ATI
    2014-02-02 18:58:29 23680 ----a-w- C:\Windows\System32\drivers\IOMap64.sys
    2014-02-02 18:57:45 0 ----a-w- C:\Windows\ativpsrm.bin
    2014-02-02 16:37:18 16384 ----a-w- C:\Windows\System32\drivers\EIO64.sys
    2014-02-02 16:36:55 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2014-02-02 16:36:54 39424 ----a-w- C:\Windows\System32\drivers\ATKDispLowFilter.sys
    2014-02-02 16:36:54 1354240 ----a-w- C:\Windows\System32\atklumdispx.dll
    2014-02-02 16:36:53 17792 ----a-w- C:\Windows\System32\drivers\asusgsb.sys
    2014-02-02 16:36:03 -------- d-----w- C:\Program Files (x86)\My Company Name
    2014-02-02 16:34:51 58880 ----a-w- C:\Windows\System32\coinst.dll
    2014-02-02 16:34:51 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2014-02-02 00:57:06 -------- d-----w- C:\Users\Fred\AppData\Roaming\uTorrent
    2014-02-02 00:40:02 -------- d-----w- C:\ProgramData\EPSON
    2014-02-02 00:39:15 466432 ----a-w- C:\Windows\System32\esxw2ud.dll
    2014-02-02 00:39:15 135824 ----a-w- C:\Windows\System32\escsvc64.exe
    2014-02-02 00:39:10 -------- d-----w- C:\Program Files (x86)\epson
    2014-02-01 23:07:51 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
    2014-02-01 23:07:32 -------- d-----w- C:\Windows\PCHEALTH
    2014-02-01 23:07:32 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
    2014-02-01 23:05:36 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
    2014-02-01 23:05:00 -------- d-----w- C:\Program Files\Microsoft Analysis Services
    2014-02-01 23:05:00 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2014-02-01 22:01:01 -------- d-----w- C:\Windows\AutoKMS
    2014-02-01 21:58:55 -------- d-----w- C:\Users\Fred\AppData\Local\Microsoft Toolkit
    2014-02-01 21:45:31 -------- d-----w- C:\Users\Fred\AppData\Local\Microsoft Help
    2014-02-01 21:42:26 -------- d-----w- C:\Users\Fred\AppData\Local\Disc_Soft_Ltd
    2014-02-01 21:41:03 -------- d-----w- C:\Users\Fred\AppData\Roaming\DAEMON Tools Ultra
    2014-02-01 21:40:27 -------- d-----w- C:\ProgramData\DAEMON Tools Ultra
    2014-02-01 21:30:20 -------- d-----w- C:\Users\Fred\AppData\Local\CrashRpt
    2014-02-01 21:26:04 -------- d-----w- C:\Users\Fred\AppData\Local\Programs
    2014-02-01 20:53:59 -------- d-----w- C:\temp
    2014-02-01 20:48:46 -------- d-----w- C:\Users\Fred\AppData\Local\ESET
    2014-02-01 20:23:39 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2014-02-01 20:19:46 -------- d-----w- C:\Windows\Migration
    2014-02-01 20:18:07 -------- d-----w- C:\Windows\SysWow64\Wat
    2014-02-01 20:18:07 -------- d-----w- C:\Windows\System32\Wat
    2014-02-01 20:01:53 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
    2014-02-01 20:01:53 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    2014-02-01 20:01:53 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2014-02-01 20:01:52 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2014-02-01 19:53:58 2560 ----a-w- C:\Windows\System32\drivers\nl-NL\wdf01000.sys.mui
    2014-02-01 19:49:55 294912 ----a-w- C:\Windows\System32\browserchoice.exe
    2014-02-01 19:45:34 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2014-02-01 19:45:34 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2014-02-01 19:45:34 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2014-02-01 19:45:34 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2014-02-01 19:45:34 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2014-02-01 19:45:34 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2014-02-01 19:45:34 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2014-02-01 19:42:33 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2014-02-01 19:42:33 5120 ----a-w- C:\Windows\System32\wmi.dll
    2014-02-01 19:42:33 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2014-02-01 19:42:25 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2014-02-01 19:42:24 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{33B6FAB3-FF8A-4EEF-84DF-E2AA74621110}\mpengine.dll
    2014-02-01 19:40:16 -------- d-----w- C:\Windows\System32\MRT
    2014-02-01 19:33:34 70144 ----a-w- C:\Windows\System32\appinfo.dll
    2014-02-01 19:31:59 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
    2014-02-01 19:30:59 715776 ----a-w- C:\Windows\System32\kerberos.dll
    2014-02-01 19:28:08 461312 ----a-w- C:\Windows\System32\scavengeui.dll
    2014-02-01 19:20:52 77312 ----a-w- C:\Windows\System32\packager.dll
    2014-02-01 19:20:52 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2014-02-01 19:14:04 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
    2014-02-01 19:14:03 -------- d-----w- C:\Windows\System32\wbem\en-US
    2014-02-01 19:10:11 -------- d-----w- C:\Program Files\ESET
    2014-02-01 19:10:07 -------- d-sh--w- C:\Windows\Installer
    2014-02-01 19:03:32 878080 ----a-w- C:\Windows\System32\advapi32.dll
    2014-02-01 19:02:10 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2014-02-01 19:01:28 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2014-02-01 19:01:28 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2014-02-01 19:00:26 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2014-02-01 19:00:26 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2014-02-01 19:00:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2014-02-01 18:57:21 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2014-02-01 18:57:17 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2014-02-01 18:57:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2014-02-01 18:57:12 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2014-02-01 18:55:25 -------- d-----w- C:\Users\Fred\AppData\Roaming\TP-LINK
    2014-02-01 18:54:39 1579520 ----a-w- C:\Windows\System32\drivers\athrx.sys
    2014-02-01 18:54:39 1579520 ----a-w- C:\Windows\System32\athrx.sys
    2014-02-01 18:54:29 -------- d-----w- C:\Program Files (x86)\TP-LINK
    2014-02-01 18:53:53 -------- d-----w- C:\ProgramData\TP-LINK
    2014-02-01 18:29:05 -------- d-----w- C:\Windows\Panther
    2014-02-01 18:28:52 -------- d-sh--w- C:\Boot
    .
    ==================== Find3M ====================
    .
    2014-02-01 19:03:32 859648 ----a-w- C:\Windows\System32\tdh.dll
    2014-02-01 19:02:10 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2014-01-16 08:59:44 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\atimpc64.dll
    2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
    2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2013-12-06 22:04:10 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
    2013-12-06 22:03:46 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2013-12-06 22:03:00 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
    2013-12-06 22:02:38 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2013-12-06 22:01:52 1318552 ----a-w- C:\Windows\System32\aticfx64.dll
    2013-12-06 22:01:04 1100216 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2013-12-06 22:00:16 9753752 ----a-w- C:\Windows\System32\atidxx64.dll
    2013-12-06 21:59:50 8406024 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2013-12-06 21:59:00 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2013-12-06 21:58:10 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2013-12-06 21:57:20 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll
    2013-12-06 21:56:54 7751920 ----a-w- C:\Windows\System32\atiumd64.dll
    2013-12-06 21:52:14 13207552 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2013-12-06 21:38:52 230912 ----a-w- C:\Windows\System32\clinfo.exe
    2013-12-06 21:38:40 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
    2013-12-06 21:38:40 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
    2013-12-06 21:38:38 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
    2013-12-06 21:38:38 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
    2013-12-06 21:38:34 99840 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2013-12-06 21:38:28 83968 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2013-12-06 21:38:22 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
    2013-12-06 21:38:18 73728 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2013-12-06 21:37:58 29382144 ----a-w- C:\Windows\System32\amdocl64.dll
    2013-12-06 21:35:36 24860160 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2013-12-06 21:33:28 63488 ----a-w- C:\Windows\System32\OpenCL.dll
    2013-12-06 21:33:24 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2013-12-06 21:26:44 129536 ----a-w- C:\Windows\System32\coinst_13.251.dll
    2013-12-06 21:16:40 26352128 ----a-w- C:\Windows\System32\atio6axx.dll
    2013-12-06 21:13:02 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
    2013-12-06 21:12:52 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
    2013-12-06 21:12:50 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2013-12-06 21:12:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
    2013-12-06 21:12:40 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2013-12-06 21:12:26 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
    2013-12-06 21:09:18 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2013-12-06 20:58:50 22157824 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2013-12-06 20:53:18 442368 ----a-w- C:\Windows\System32\atidemgy.dll
    2013-12-06 20:53:10 31232 ----a-w- C:\Windows\System32\atimuixx.dll
    2013-12-06 20:53:04 588288 ----a-w- C:\Windows\System32\atieclxx.exe
    2013-12-06 20:52:10 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
    2013-12-06 20:50:36 190976 ----a-w- C:\Windows\System32\atitmm64.dll
    2013-12-06 20:22:42 1144320 ----a-w- C:\Windows\System32\atiadlxx.dll
    2013-12-06 20:22:28 825344 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2013-12-06 20:22:12 74752 ----a-w- C:\Windows\System32\atig6pxx.dll
    2013-12-06 20:22:08 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2013-12-06 20:22:08 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
    2013-12-06 20:22:04 100352 ----a-w- C:\Windows\System32\atig6txx.dll
    2013-12-06 20:21:54 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2013-12-06 20:21:44 626176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2013-12-06 20:18:12 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2013-12-06 15:49:18 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
    2013-12-06 15:44:26 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
    2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
    2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
    2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    .
    ============= FINISH: 23:46:02,22 ===============
    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-02-02 23:45:12
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-6 ST31000525SV rev.CV12 931,51GB
    Running: niv8dgjl.exe; Driver: C:\Users\Fred\AppData\Local\Temp\pxdiyfod.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1760] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076ed8769 4 bytes [C2, 04, 00, 00]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000768e1465 2 bytes [8E, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000768e14bb 2 bytes [8E, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768e1465 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768e14bb 2 bytes [8E, 76]
    .text ... * 2

    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\System32\svchost.exe [2524:3648] 000007fee7099688
    ---- Processes - GMER 2.1 ----

    Process C:\Users\Fred\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1L206EP\niv8dgjl.exe (*** suspicious ***) @ C:\Users\Fred\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1L206EP\niv8dgjl.exe [3752](2014-02-02 22:40:31) 0000000000400000

    ---- EOF - GMER 2.1 ----
    Last edited by me64; 03-02-14, 00:02.

  • #2
    Hoi me64,

    Waar krijg jij deze melding (screenshot?)
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Bij gebrek aan feedback zet ik dit topic op opgelost.

      Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
      Dit is gedaan om het forum netjes en overzichtelijk te houden.

      Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.


      Emphyrio
      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

      Comment

      Sorry, you are not authorized to view this page
      Working...
      X