Mededeling

Collapse
No announcement yet.

Windows updater kb12695 virus?

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Windows updater kb12695 virus?

    Click image for larger version

Name:	virus2.png
Views:	1
Size:	317,8 KB
ID:	1073945Click image for larger version

Name:	virus.png
Views:	2
Size:	320,4 KB
ID:	1073946


    Checkup.txt:


    Results of screen317's Security Check version 0.99.83
    x64 (UAC is disabled!)
    Internet Explorer 10 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    SpywareBlaster 5.0
    Java 7 Update 45
    Java version out of Date!
    Adobe Flash Player 11.5.502.149 Flash Player out of Date!
    Adobe Reader XI
    Mozilla Firefox (28.0)
    Google Chrome 34.0.1847.137
    Google Chrome 35.0.1916.114
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    Windows Defender MsMpEng.exe
    Windows Defender MpCmdRun.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    DDS.TXT:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16688 BrowserJavaVersion: 10.45.2
    Run by skyh at 23:20:31 on 2014-05-22
    Microsoft Windows 8 6.2.9200.0.932.81.1043.18.6033.4075 [GMT 1:00]
    .
    AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\dwm.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\dashost.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhostex.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\SCM\MSIService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\skyh\AppData\Local\FluxSoftware\Flux\flux.exe
    C:\Users\skyh\AppData\Local\Akamai\netsession_win.exe
    C:\Users\skyh\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files\Windows Defender\MpCmdRun.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.naver.com/
    uDefault_Page_URL = hxxp://msi13.msn.com
    uProxyOverride = <local>
    mWinlogon: Userinit = userinit.exe,
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [F.lux] "C:\Users\skyh\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
    uRun: [Akamai NetSession Interface] "C:\Users\skyh\AppData\Local\Akamai\netsession_win.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
    mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
    StartupFolder: C:\Users\skyh\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\QUALCO~1.LNK - C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\WINZIP~1.LNK - C:\Program Files\WinZip\WZQKPICK32.EXE
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Verzenden naar Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{9BA77E0C-F4C9-46A0-BED0-9B03BEF1EB3B} : DHCPNameServer = 192.168.100.1
    TCP: Interfaces\{DA8BF908-56BF-447A-AF42-E28B341764DD} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{E8FCC232-6683-4B3D-B1E0-491113F2D024} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{E8FCC232-6683-4B3D-B1E0-491113F2D024}\2626F68723D236735643 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{E8FCC232-6683-4B3D-B1E0-491113F2D024}\5514D27657563747 : DHCPNameServer = 143.169.252.201 143.169.252.202
    TCP: Interfaces\{E8FCC232-6683-4B3D-B1E0-491113F2D024}\75966496D223E243D273161646 : DHCPNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
    x64-mStart Page = hxxp://packardbell.msn.com
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    x64-Run: [Radio Manager] C:\Program Files (x86)\SCM\Radio Manager.exe
    x64-Run: [SCM] C:\Program Files (x86)\SCM\SCM.exe
    x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-mPolicies-System: PromptOnSecureDesktop = dword:0
    x64-mPolicies-System: EnableLUA = dword:0
    x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\skyh\AppData\Roaming\Mozilla\Firefox\Profiles\skhx68q5.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
    FF - plugin: C:\ProgramData\NexonEU\NGM\npnxgameEU.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordex t.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim. dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    FF - plugin: C:\Users\skyh\AppData\Roaming\Mozilla\plugins\NPNLiveCast.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-16 647736]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-10-13 32032]
    R1 BfLwf;Qualcomm Atheros Bandwidth Control;C:\Windows\System32\Drivers\bwcW8x64.sys [2012-9-25 74096]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-2-10 283200]
    R2 AMPPALR3;IntelR CentrinoR Wireless BluetoothR + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-11-13 755240]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-16 14904]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-20 634632]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-10-16 165760]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-23 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-23 701512]
    R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\SCM\MSIService.exe [2012-9-13 160768]
    R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-10-16 142904]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-13 15122208]
    R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2012-9-25 490496]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-16 364416]
    R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-10-10 558480]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-11-15 1153840]
    R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtuele adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-11-13 156160]
    R3 BthLEEnum;Bluetooth Low Energy-stuurprogramma;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2012-8-27 121728]
    R3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2012-8-29 857472]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2012-10-11 295760]
    R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-10-11 342528]
    R3 Ke2200;NDIS Miniport Driver for the Killer e2200 Gigabit Ethernet Controller;C:\Windows\System32\Drivers\e22w8x64.sys [2012-9-25 164720]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-2-23 25928]
    R3 MBfilt;MBfilt;C:\Windows\System32\Drivers\MBfilt64.sys [2012-10-16 32344]
    R3 NETwNe64;@oem18.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 8 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-11-22 4309032]
    R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-10-16 14136]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\Drivers\nvvad64v.sys [2013-10-28 39200]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-10-16 339600]
    R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 acsock;acsock;C:\Windows\System32\Drivers\acsock64.sys [2013-11-2 112496]
    S3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-11-13 156160]
    S3 ipadtst;ipadtst;C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [2012-10-16 17936]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-11-15 272176]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2014-05-22 22:07:37 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
    2014-05-22 22:07:20 -------- d-----w- C:\AdwCleaner
    2014-05-22 09:53:11 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D9AA315F-4DDB-4597-B821-795E334A6CC8}\mpengine.dll
    2014-05-21 13:51:18 -------- d-----w- C:\Program Files (x86)\Transistor
    2014-05-21 00:42:00 52752 ----a-w- C:\Windows\System32\drivers\asd2fsm.sys
    2014-05-21 00:41:53 -------- d-----w- C:\ProgramData\Anvisoft
    2014-05-21 00:41:48 -------- d-----w- C:\Program Files (x86)\Anvisoft
    2014-05-16 19:39:36 -------- d-----w- C:\Program Files (x86)\SQUARE ENIX
    2014-05-16 10:05:42 261808 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10239.bin
    2014-05-15 07:59:36 47632 ----a-w- C:\Windows\System32\drivers\asdids.sys
    2014-05-09 10:10:55 -------- d-----w- C:\ProgramData\EA Logs
    2014-05-09 09:48:00 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
    2014-05-08 23:02:58 -------- d-----w- C:\Users\skyh\AppData\Roaming\NVIDIA
    2014-05-08 23:00:27 -------- d-----w- C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
    2014-05-05 23:41:33 1031560 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C8EE9BE3-BB95-4A47-8866-C8C3F097FF21}\gapaengine.dll
    2014-05-05 23:39:22 10651704 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2014-05-05 16:12:42 -------- d-----w- C:\Users\skyh\Logs
    2014-05-05 16:12:42 -------- d-----w- C:\Users\skyh\Config
    2014-05-05 11:04:14 84992 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNBPP4.DLL
    2014-05-03 23:27:00 -------- d-----w- C:\Users\skyh\AppData\Local\sigil-ebook
    2014-05-03 23:26:15 -------- d-----w- C:\Program Files (x86)\Sigil
    2014-04-23 22:46:37 -------- d-----w- C:\Users\skyh\AppData\Local\ePubFixer
    2014-04-23 22:02:05 -------- d-----w- C:\Users\skyh\.config
    2014-04-23 15:08:32 -------- d-----w- C:\Users\skyh\AppData\Roaming\com.relax-gaming.skywalker
    2014-04-23 14:15:16 -------- d-----w- C:\Program Files (x86)\Sony
    2014-04-23 14:15:16 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared
    2014-04-23 14:13:17 -------- d-----w- C:\ProgramData\Sony Corporation
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 23:21:47,10 ===============



    Adwcleaner.txt:

    # AdwCleaner v3.210 - Rapport aangemaakt 22/05/2014 op 23:07:22
    # Laatste Update 19/05/2014 door Xplode
    # Besturingssysteem : Windows 8 (64 bits)
    # Gebruikersnaam : skyh - SKY
    # Gestart vanuit : C:\Users\skyh\Downloads\adwcleaner_3.210 (1).exe
    # Optie : Scannen

    ***** [ Services ] *****


    ***** [ Bestanden / Mappen ] *****

    Bestand Gevonden : C:\Users\skyh\AppData\Roaming\Mozilla\Firefox\Profiles\skhx68q5.default\user.js
    Bestand Gevonden : C:\Windows\System32\roboot64.exe
    Bestand Gevonden : C:\Windows\System32\Tasks\GoforFilesUpdate
    Map Gevonden : C:\Program Files (x86)\eSupport.com
    Map Gevonden : C:\Program Files (x86)\globalUpdate
    Map Gevonden : C:\Program Files (x86)\WinZip Registry Optimizer
    Map Gevonden : C:\ProgramData\apn
    Map Gevonden : C:\ProgramData\Babylon
    Map Gevonden : C:\ProgramData\StarApp
    Map Gevonden : C:\ProgramData\Tarma Installer
    Map Gevonden : C:\Users\skyh\AppData\Local\eSupport.com
    Map Gevonden : C:\Users\skyh\AppData\Local\globalUpdate
    Map Gevonden : C:\Users\skyh\AppData\Local\Oxy
    Map Gevonden : C:\Users\skyh\AppData\Roaming\goforfiles
    Map Gevonden : C:\Users\skyh\AppData\Roaming\Mozilla\Firefox\Profiles\skhx68q5.default\Extensions\[email protected]
    Map Gevonden : C:\Users\skyh\AppData\Roaming\Mozilla\Firefox\Profiles\skhx68q5.default\Extensions\[email protected] .com
    Map Gevonden : C:\Users\skyh\AppData\Roaming\Oxy
    Map Gevonden : C:\Users\skyh\AppData\Roaming\Yontoo

    ***** [ Snelkoppelingen ] *****


    ***** [ Register ] *****

    Sleutel Gevonden : HKCU\Software\AppDataLow\Software\Crossrider
    Sleutel Gevonden : HKCU\Software\Escolade
    Sleutel Gevonden : HKCU\Software\GoforFiles
    Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Sleutel Gevonden : HKCU\Software\WEDLMNGR
    Sleutel Gevonden : [x64] HKCU\Software\Escolade
    Sleutel Gevonden : [x64] HKCU\Software\GoforFiles
    Sleutel Gevonden : [x64] HKCU\Software\WEDLMNGR
    Sleutel Gevonden : HKLM\Software\Babylon
    Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Sleutel Gevonden : HKLM\SOFTWARE\Classes\Prod.cap
    Sleutel Gevonden : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab
    Sleutel Gevonden : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0
    Sleutel Gevonden : HKLM\Software\GoforFiles
    Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
    Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
    Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
    Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Sleutel Gevonden : [x64] HKLM\SOFTWARE\Tarma Installer

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16688


    -\\ Mozilla Firefox v28.0 (nl)

    [ Bestand : C:\Users\skyh\AppData\Roaming\Mozilla\Firefox\Profiles\skhx68q5.default\prefs.js ]

    Regel gevonden : user_pref("extensions.ibMvYr_.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo
    Regel gevonden : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
    Regel gevonden : user_pref("extentions.y2layers.installId", "ea9611b7-0390-4ab2-830a-107b889fac8b");

    -\\ Google Chrome v35.0.1916.114

    [ Bestand : C:\Users\skyh\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Gevonden [Extension] : dcpfhaghaadpjpgocojgnlhjcieeooel

    *************************

    AdwCleaner[R0].txt - [4289 octets] - [22/05/2014 23:07:22]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4349 octets] ##########

  • #2
    Hoi Skykh en welkom op Nucia Security Forum,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....




    Malware scannen en verwijderen....

    Heb je MBAM reeds op je pc staan, moet je niet downloaden uiteraard.

    Download Malwarebytes Anti-Malware naar je bureaublad .

    Dubbelklik op mbam-setup.exe om het programma te installeren.

    Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
    Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

    KLIK HIER voor een vergroting! 
    Klik op de foto voor een vergroting...

    Zorg dat er na de installatie een vinkje is geplaatst bij:
    • Update MalwareBytes' Anti-Malware
    • Start MalwareBytes' Anti-Malware
    • Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.



    Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
    • Ga naar het tabblad "Updates" en Update MBAM.
    • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
    • Druk vervolgens op "Scannen" om de scan te starten.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    .
    Indien MBAM vraagt om een herstart, doe dit dan ook.
    Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
    In dat geval post je dus de twee logs. Dus een tweede "snelle scan" log enkel indien de VOLLEDIGE scan "iets" gevonden heeft.

    De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


    Bij problemen!!!

    .___________________________________________________________



    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • DDS

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Wilt het lukken?
      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

      Comment


      • #4
        Bij gebrek aan feedback zet ik dit topic op opgelost.

        Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
        Dit is gedaan om het forum netjes en overzichtelijk te houden.

        Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.


        Emphyrio
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment

        Sorry, you are not authorized to view this page
        Working...
        X