Mededeling

Collapse
No announcement yet.

Meerdere toolbars, allerlei adware, proxy etc.

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Meerdere toolbars, allerlei adware, proxy etc.

    Laptop is Compaq Presario met AMD Athlon X2 processor.
    Windows 7 Enterprise SP1 (32bits).
    Systeem kwam bij mij (Seniorweb PCHulp aan huis) met veel toolbars, verwijzingen etc.

    Ik had de volgende acties al uitgevoerd:
    - De-installatie van alle toolbars en bijnehorende programma's
    - Reset van browsers
    - AdwCleaner
    - MBAM
    - Hitman Pro (log aan het einde van dit bericht)
    Daarmee is het NIET opgelost: verschillende adprogramma's blijven terugkomen en ook de proxy-setting naar een vreemd adres wordt steeds opnieuw ingesteld. Kortom er is nog meer troep,
    Graag jullie hulp.
    ---------------------------------------------------
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 14-8-2014
    Scantijd: 14:03:13
    Logbestand: mbam-log 14-8.txt
    Beheerder: Ja

    Versie: 2.00.2.1012
    Malwaredatabase: v2014.08.14.04
    Rootkitdatabase: v2014.08.04.01
    Licentie: Gratis
    Malwarebescherming: Uitgeschakeld
    Kwaadaardige Website Bescherming: Uitgeschakeld
    Self-protection: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x86
    Bestandssysteem: NTFS
    Gebruiker: Gebruiker

    Scantype: Bedreigingsscan
    Resultaat: Voltooid
    Objecten Gescand: 270253
    Verstreken Tijd: 13 m, 56 s

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Uitgeschakeld
    Heuristics: Ingeschakeld
    POP: Waarschuwen
    POA: Ingeschakeld

    Processen: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registersleutels: 0
    (No malicious items detected)
    Registerwaardes: 0
    (No malicious items detected)
    Registerdata: 0
    (No malicious items detected)
    Mappen: 0
    (No malicious items detected)
    Bestanden: 0
    (No malicious items detected)
    Fysieke Sectoren: 0
    (No malicious items detected)

    (end

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.67.2
    Run by Gebruiker at 15:59:47 on 2014-08-14
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.31.1043.18.1983.973 [GMT 2:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\EMET 4.1\EMET_Agent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
    C:\Windows\system32\CronJREScreenshot\CronJREScreenshot.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k SDRSVC
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.nl/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.com
    uProxyServer = hxxp=127.0.0.1:41325
    uProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\program files\adblock plus for ie\AdblockPlus32.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [EMET 4.1 Update 1 Agent] "c:\program files\emet 4.1\EMET_agent.exe"
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    TCP: Interfaces\{964AB21D-612C-40D1-A2B3-080BB524FD53} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    TCP: Interfaces\{964AB21D-612C-40D1-A2B3-080BB524FD53}\445654E636B634166656 : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{964AB21D-612C-40D1-A2B3-080BB524FD53}\458656164756270246560254E636B6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{964AB21D-612C-40D1-A2B3-080BB524FD53}\4586F6D637F6E6934323336463 : DHCPNameServer = 192.168.2.254
    TCP: Interfaces\{964AB21D-612C-40D1-A2B3-080BB524FD53}\550534135303331343 : DHCPNameServer = 213.46.228.196 62.179.104.196
    TCP: Interfaces\{964AB21D-612C-40D1-A2B3-080BB524FD53}\84232303E4836303145343 : DHCPNameServer = 192.168.2.254
    TCP: Interfaces\{964AB21D-612C-40D1-A2B3-080BB524FD53}\D4565637475627A71616C6 : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{D5C033A0-902B-48D5-81A5-21D395DF546F} : DHCPNameServer = 213.46.228.196 62.179.104.196
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    AppInit_DLLs= \
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
    R2 CronJREScreenshot;CronJREScreenshot;c:\windows\system32\cronjrescreenshot\CronJREScreenshot.exe [2014-7-31 60965]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 104264]
    R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
    R3 RTL8192cu;NETGEAR WNA1000M N150 Wireless USB Micro Adapter;c:\windows\system32\drivers\WNA1000M.sys [2011-2-21 734824]
    S2 ADExchange;ArcSoft Exchange Service;c:\program files\common files\arcsoft\esinter\bin\eservutil.exe --> c:\program files\common files\arcsoft\esinter\bin\eservutil.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2013-1-18 228408]
    S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-8-14 30976]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-8-14 108032]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-8-14 14848]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-8-14 49152]
    S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2013-1-18 1343400]
    .
    =============== Created Last 30 ================
    .
    2014-08-14 10:20:18 6081224 -c--a-w- c:\program files\common files\windows live\.cache\58c262a01cfb7a901\onedrivesetup.exe
    2014-08-14 09:44:04 -------- d-----w- c:\program files\Adblock Plus for IE
    2014-08-14 09:15:42 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
    2014-08-14 09:15:42 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
    2014-08-14 09:05:41 -------- d-----w- c:\windows\system32\drivers\en-US
    2014-08-14 09:03:02 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
    2014-08-14 09:02:51 221184 ----a-w- c:\windows\system32\rdpudd.dll
    2014-08-14 09:02:51 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
    2014-08-14 08:57:15 -------- d-----w- c:\program files\Synaptics
    2014-08-14 08:54:09 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
    2014-08-14 08:54:04 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2014-08-14 08:54:02 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
    2014-08-14 08:54:00 17920 ----a-w- c:\windows\system32\wksprtPS.dll
    2014-08-14 08:54:00 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2014-08-14 08:53:59 53248 ----a-w- c:\windows\system32\tsgqec.dll
    2014-08-14 08:53:59 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
    2014-08-14 08:53:58 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
    2014-08-14 08:53:58 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
    2014-08-14 08:53:58 350208 ----a-w- c:\windows\system32\wksprt.exe
    2014-08-14 08:53:57 5698048 ----a-w- c:\windows\system32\mstscax.dll
    2014-08-14 08:53:57 1068544 ----a-w- c:\windows\system32\mstsc.exe
    2014-08-14 08:53:14 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{56149d31-797d-4388-859c-ae2ca7e601d7}\mpengine.dll
    2014-08-14 08:49:57 99480 ----a-w- c:\windows\system32\infocardapi.dll
    2014-08-14 08:49:48 8856 ----a-w- c:\windows\system32\icardres.dll
    2014-08-14 08:49:34 619672 ----a-w- c:\windows\system32\icardagt.exe
    2014-08-14 08:49:20 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
    2014-08-14 08:47:49 -------- d-----w- c:\program files\CONEXANT
    2014-08-14 08:39:31 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
    2014-08-14 08:39:23 514560 ----a-w- c:\windows\system32\qdvd.dll
    2014-08-14 08:10:45 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
    2014-08-14 08:00:35 -------- d-----w- c:\programdata\HitmanPro
    2014-08-14 07:36:23 2352640 ----a-w- c:\windows\system32\win32k.sys
    2014-08-14 07:36:22 305152 ----a-w- c:\windows\system32\gdi32.dll
    2014-08-14 07:36:08 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
    2014-08-14 07:36:08 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
    2014-08-14 07:35:50 2363392 ----a-w- c:\windows\system32\msi.dll
    2014-08-14 07:35:50 1805824 ----a-w- c:\windows\system32\authui.dll
    2014-08-14 07:35:48 337408 ----a-w- c:\windows\system32\msihnd.dll
    2014-08-14 07:35:48 101824 ----a-w- c:\windows\system32\consent.exe
    2014-08-14 07:35:30 -------- d-----w- C:\AdwCleaner
    2014-08-14 07:34:30 412160 ----a-w- c:\windows\system32\aepdu.dll
    2014-08-14 07:34:26 302592 ----a-w- c:\windows\system32\aeinv.dll
    2014-08-14 07:34:20 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-08-13 16:11:11 -------- d-----w- c:\program files\EMET 4.1
    2014-08-13 15:59:46 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2014-08-13 15:08:07 536576 ----a-w- c:\windows\system32\sqlite3.dll
    2014-08-13 14:56:23 -------- d-----w- c:\windows\ERUNT
    2014-08-13 14:48:44 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{30788d79-fee1-4793-aeb1-1fddb07a0d7e}\gapaengine.dll
    2014-08-13 12:20:06 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-08-13 12:19:38 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-08-13 12:19:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-08-13 12:19:37 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-08-12 23:00:10 4575232 ----a-w- c:\windows\system32\GPhotos.scr
    2014-08-08 14:38:19 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-07-31 20:33:19 -------- d-----w- c:\users\gebruiker\appdata\local\StormAlerts
    2014-07-31 10:15:06 -------- d-----w- c:\programdata\teopbauyeer
    2014-07-31 09:45:34 -------- d-----w- c:\users\gebruiker\Nieuwe map
    2014-07-31 09:45:09 -------- d-----w- c:\users\gebruiker\7-zip
    2014-07-31 09:09:21 -------- d-----w- c:\windows\system32\CronJREScreenshot
    2014-07-31 09:08:29 -------- d-----w- c:\programdata\2ebf5fabd336352
    2014-07-16 05:50:48 -------- d-----w- c:\program files\iPod
    2014-07-16 05:50:46 -------- d-----w- c:\program files\iTunes
    .
    ==================== Find3M ====================
    .
    2014-07-25 13:04:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-07-25 13:03:54 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-07-25 12:34:49 61952 ----a-w- c:\windows\system32\iesetup.dll
    2014-07-25 12:34:03 455168 ----a-w- c:\windows\system32\vbscript.dll
    2014-07-25 12:33:08 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-07-25 12:30:32 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-07-25 12:10:15 112128 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-07-25 12:10:12 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-07-25 12:08:47 597504 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-07-25 12:06:47 4204032 ----a-w- c:\windows\system32\jscript9.dll
    2014-07-25 11:59:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-07-25 11:43:16 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-07-25 11:07:49 2001920 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-07-25 11:07:10 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-07-25 10:05:23 1792512 ----a-w- c:\windows\system32\wininet.dll
    2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
    2014-07-10 16:17:22 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-07-10 16:17:21 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
    2014-06-16 01:44:49 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2014-06-16 01:44:49 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2014-06-16 01:40:20 107520 ----a-w- c:\windows\system32\cdd.dll
    2014-06-06 09:44:17 509440 ----a-w- c:\windows\system32\qedit.dll
    2014-06-05 14:26:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
    2014-05-30 07:52:51 172032 ----a-w- c:\windows\system32\wdigest.dll
    2014-05-30 07:52:49 65536 ----a-w- c:\windows\system32\TSpkg.dll
    2014-05-30 07:52:45 247808 ----a-w- c:\windows\system32\schannel.dll
    2014-05-30 07:52:41 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2014-05-30 07:52:40 259584 ----a-w- c:\windows\system32\msv1_0.dll
    2014-05-30 07:52:36 550912 ----a-w- c:\windows\system32\kerberos.dll
    2014-05-30 07:52:30 17408 ----a-w- c:\windows\system32\credssp.dll
    2014-05-30 06:36:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2014-05-28 14:23:32 559312 ----a-w- c:\windows\apppatch\EMET.dll
    2014-05-28 14:23:30 160464 ----a-w- c:\windows\apppatch\apppatch64\EMET64.dll
    2013-11-11 13:59:29 10137600 ----a-w- c:\program files\GUTFF46.tmp
    .
    ============= FINISH: 16:01:41,98 ===============

    GMER 2.1.19357 - http://www.gmer.net
    Rootkit quick scan 2014-08-14 16:04:13
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 Hitachi_HTS541616J9SA00 rev.SB4OC7BP 149,05GB
    Running: t6lzfzg3.exe; Driver: C:\Users\GEBRUI~1\AppData\Local\Temp\kgryyuog.sys

    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-08-14 16:35:11
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 Hitachi_HTS541616J9SA00 rev.SB4OC7BP 149,05GB
    Running: t6lzfzg3.exe; Driver: C:\Users\GEBRUI~1\AppData\Local\Temp\kgryyuog.sys


    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C84A15 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBE212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ? System32\drivers\ghmk.sys Het systeem kan het opgegeven pad niet vinden. !
    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F208340, 0x3EE217, 0xE8000020]
    ? C:\Users\GEBRUI~1\AppData\Local\Temp\mbr.sys Het systeem kan het opgegeven pad niet vinden. !

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] ntdll.dll!NtAllocateVirtualMemory 77285318 5 Bytes JMP 37271600
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] ntdll.dll!NtCreateFile 77285608 5 Bytes JMP 37272B00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] ntdll.dll!NtCreateProcess 772856D8 5 Bytes JMP 37271F00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] ntdll.dll!NtCreateSection 77285728 5 Bytes JMP 37273000
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] ntdll.dll!NtCreateThreadEx 77285768 5 Bytes JMP 37272300
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] ntdll.dll!NtCreateUserProcess 772857B8 5 Bytes JMP 37271E00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] ntdll.dll!NtMapViewOfSection 77285C68 5 Bytes JMP 37273500
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] ntdll.dll!NtProtectVirtualMemory 77285F58 5 Bytes JMP 37270A00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] ntdll.dll!NtUnmapViewOfSection 772869F8 5 Bytes JMP 64CD48B6 C:\Windows\AppPatch\EMET.DLL
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] ntdll.dll!NtWriteVirtualMemory 77286AD8 5 Bytes JMP 37272600
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] ntdll.dll!LdrLoadDll 772A22AE 5 Bytes JMP 37271100
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] ntdll.dll!RtlCreateHeap 772A2934 5 Bytes JMP 37271900
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] ntdll.dll!LdrHotPatchRoutine 772DF59E 7 Bytes JMP 37270500
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!CreateProcessW 7680204D 7 Bytes JMP 37271B00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!CreateProcessA 76802082 10 Bytes JMP 37271A00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!VirtualAllocEx 7683C893 8 Bytes JMP 37271300
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!CreateFileMappingW 7684131C 11 Bytes JMP 37272D00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!VirtualProtect 76842CDD 11 Bytes JMP 37270600
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!LoadLibraryExA 76844576 6 Bytes JMP 37270D00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!LoadLibraryExW 76845189 6 Bytes JMP 37270E00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!MapViewOfFile 768494EB 11 Bytes JMP 37273100
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!CreateFileMappingA 76849D1E 6 Bytes JMP 37272C00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!VirtualAlloc 7684C4EA 6 Bytes JMP 37271200
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!MapViewOfFileEx 7684D89C 8 Bytes JMP 37273200
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!LoadLibraryA 7684DD15 9 Bytes JMP 37270B00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!CreateFileW 7684E955 6 Bytes JMP 37272900
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!CreateFileA 7684EB11 7 Bytes JMP 37272800
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!LoadLibraryW 7684EFF2 7 Bytes JMP 37270C00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!HeapCreate 7684F024 6 Bytes JMP 37271700
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!CreateProcessInternalW 76850852 10 Bytes JMP 37271D00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!CreateProcessInternalA 7685C954 10 Bytes JMP 37271C00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!WriteProcessMemory 76869657 6 Bytes JMP 37272400
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!WinExec 7688F22E 11 Bytes JMP 37272700
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!CreateRemoteThread 7689000B 8 Bytes JMP 37272000
    .text C:\Program Files\Internet Explorer\iexplore.exe[3920] kernel32.dll!VirtualProtectEx 76890269 11 Bytes JMP 37270700
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] ntdll.dll!NtAllocateVirtualMemory 77285318 5 Bytes JMP 37271600
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] ntdll.dll!NtCreateFile 77285608 5 Bytes JMP 37272B00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] ntdll.dll!NtCreateProcess 772856D8 5 Bytes JMP 37271F00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] ntdll.dll!NtCreateSection 77285728 5 Bytes JMP 37273000
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] ntdll.dll!NtCreateThreadEx 77285768 5 Bytes JMP 37272300
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] ntdll.dll!NtCreateUserProcess 772857B8 5 Bytes JMP 37271E00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] ntdll.dll!NtMapViewOfSection 77285C68 5 Bytes JMP 37273500
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] ntdll.dll!NtProtectVirtualMemory 77285F58 5 Bytes JMP 37270A00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] ntdll.dll!NtUnmapViewOfSection 772869F8 5 Bytes JMP 64CD48B6 C:\Windows\AppPatch\EMET.DLL
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] ntdll.dll!NtWriteVirtualMemory 77286AD8 5 Bytes JMP 37272600
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] ntdll.dll!LdrLoadDll 772A22AE 5 Bytes JMP 37271100
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] ntdll.dll!RtlCreateHeap 772A2934 5 Bytes JMP 37271900
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] ntdll.dll!LdrHotPatchRoutine 772DF59E 7 Bytes JMP 37270500
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!CreateProcessW 7680204D 7 Bytes JMP 37271B00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!CreateProcessA 76802082 10 Bytes JMP 37271A00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!VirtualAllocEx 7683C893 8 Bytes JMP 37271300
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!CreateFileMappingW 7684131C 11 Bytes JMP 37272D00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!VirtualProtect 76842CDD 11 Bytes JMP 37270600
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!LoadLibraryExA 76844576 6 Bytes JMP 37270D00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!LoadLibraryExW 76845189 6 Bytes JMP 37270E00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!MapViewOfFile 768494EB 11 Bytes JMP 37273100
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!CreateFileMappingA 76849D1E 6 Bytes JMP 37272C00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!VirtualAlloc 7684C4EA 6 Bytes JMP 37271200
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!MapViewOfFileEx 7684D89C 8 Bytes JMP 37273200
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!LoadLibraryA 7684DD15 9 Bytes JMP 37270B00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!CreateFileW 7684E955 6 Bytes JMP 37272900
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!CreateFileA 7684EB11 7 Bytes JMP 37272800
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!LoadLibraryW 7684EFF2 7 Bytes JMP 37270C00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!HeapCreate 7684F024 6 Bytes JMP 37271700
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!CreateProcessInternalW 76850852 10 Bytes JMP 37271D00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!CreateProcessInternalA 7685C954 10 Bytes JMP 37271C00
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!WriteProcessMemory 76869657 6 Bytes JMP 37272400
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!WinExec 7688F22E 11 Bytes JMP 37272700
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!CreateRemoteThread 7689000B 8 Bytes JMP 37272000
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] kernel32.dll!VirtualProtectEx 76890269 11 Bytes JMP 37270700
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] shell32.DLL!RealDriveType + 173D 7588FD70 4 Bytes [F5, CA, D7, 64] {CMC ; RETF 0x64d7}
    .text C:\Program Files\Internet Explorer\iexplore.exe[3976] shell32.DLL!RealDriveType + 1745 7588FD78 8 Bytes [64, 4F, D6, 64, 60, CB, D7, ...]

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys

    ---- EOF - GMER 2.1 ----


    De Hitman Pro outpt komt in een volgende posting

    Vast dank voor jullie zeer gewaardeerde werk
    Rob

  • #2
    Voor wat het waard is stuur ik hierbij ook het log van Hitman Pro dat dus iets eerder dan de logs in het bovenstaande bericht gemaakt is:

    Code:
    HitmanPro 3.7.9.221
    www.hitmanpro.com
    
       Computer name . . . . : GEBRUIKER-PC
       Windows . . . . . . . : 6.1.1.7601.X86/2
       User name . . . . . . : Gebruiker-PC\Gebruiker
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Trial (30 days left)
    
       Scan date . . . . . . : 2014-08-14 10:01:12
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 4m 48s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : Yes
    
       Threats . . . . . . . : 5
       Traces  . . . . . . . : 47
    
       Objects scanned . . . : 924.657
       Files scanned . . . . : 19.047
       Remnants scanned  . . : 217.294 files / 688.316 keys
    
    Malware _____________________________________________________________________
    
       C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\DriverFrozenWiget.exe -> Quarantined
          Size . . . . . . . : 98.341 bytes
          Age  . . . . . . . : 14.0 days (2014-07-31 11:08:34)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : 0A0FDE4396D679E6BB24A42A11D0292038043E889B95597E973812C50F686012
          Service  . . . . . : DriverFrozenWiget.exe
          Parent Name  . . . : C:\Windows\system32\services.exe
          Running processes  : 2040
        > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Tirrip.s
          Fuzzy  . . . . . . : 114.0
          Startup
             HKLM\SYSTEM\CurrentControlSet\Services\DriverFrozenWiget.exe\
          Forensic Cluster
             -34.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\33\
             -34.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\33\
             -34.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\33\
             -34.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\33\C9E054FC41D8BC21.dat
             -26.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\57\
             -26.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\57\60021EA30339C455.dat
             -26.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\57\60021EA30339C455.dat
             -22.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\89\
             -22.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\89\35F41E53EFE14A01.dat
             -16.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\63\A06D11D8241781F3.dat
             -14.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\72\AF49EA6DC1A264D8.dat
             -14.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\72\
             -9.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\64\
             -9.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\64\14FA41E43C326564.dat
             -8.7s C:\Users\Gebruiker\AppData\LocalLow\{C59E105D-FFD1-539F-40D3-0448A95CB425}\
             -7.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\92\
             -7.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\92\AB8B997DD689B778.dat
             -7.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\
             -7.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\
             -7.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\E7C8FC2B3EEDCB60.dat
             -7.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\E7C8FC2B3EEDCB60.dat
             -7.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\E7C8FC2B3EEDCB60.dat
             -7.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\E7C8FC2B3EEDCB60.dat
             -7.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\E7C8FC2B3EEDCB60.dat
             -7.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\E7C8FC2B3EEDCB60.dat
             -7.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\E7C8FC2B3EEDCB60.dat
             -5.2s C:\ProgramData\2ebf5fabd336352\
             -5.2s C:\ProgramData\2ebf5fabd336352\{CE681A67-9477-CBE6-EB9D-FE534875F98D}.20140731110829
             -5.2s C:\ProgramData\2ebf5fabd336352\{CE681A67-9477-CBE6-EB9D-FE534875F98D}.20140731110829
             -2.5s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\
             -2.5s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\
             -2.5s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\QtCore4.dll
             -1.6s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\QtNetwork4.dll
             -1.3s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\msvcr100.dll
             -0.9s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\msvcp100.dll
             -0.4s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\FAT32OpenWinsock.exe
              0.0s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\DriverFrozenWiget.exe
              8.3s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\desktop\
              9.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\67\
              9.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\67\58D3CD5BD5FF9C8F.dat
             16.3s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\service\
             16.4s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\service\DriverFrozenWiget.exe-(PID-4440)-5029238\
             16.4s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\service\DriverFrozenWiget.exe-(PID-4440)-5029238\DriverFrozenWiget.exe-(PID-4440).dmp
             18.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\01\
             18.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\01\1632DC8095619DE9.dat
             23.5s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\service\DriverFrozenWiget.exe-(PID-5436)-5036351\
             23.5s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\service\DriverFrozenWiget.exe-(PID-5436)-5036351\DriverFrozenWiget.exe-(PID-5436).dmp
             23.5s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\service\DriverFrozenWiget.exe-(PID-5436)-5036351\DriverFrozenWiget.exe-(PID-5436).dmp
             26.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\31\
             26.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\31\8ECFAD75813869BB.dat
             27.6s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\service\DriverFrozenWiget.exe-(PID-3088)-5040423\
             29.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\58\3CB49BB7CF562046.dat
             29.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\58\3CB49BB7CF562046.dat
             30.9s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\service\DriverFrozenWiget.exe-(PID-3088)-5040423\DriverFrozenWiget.exe-(PID-3088).dmp
             31.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\64\C186B01024B4BD3C.dat
             40.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\39\
             40.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\39\ABAC63195B6E40E3.dat
             41.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\33\C5EE1CCE2CA575D5.dat
             41.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\33\C5EE1CCE2CA575D5.dat
             43.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\67\58D3CD5BD5FF9C8F.dat
             43.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\67\
             47.3s C:\Windows\System32\CronJREScreenshot\
             47.3s C:\Windows\System32\CronJREScreenshot\QtCore4.dll
             47.8s C:\Windows\System32\CronJREScreenshot\QtNetwork4.dll
             47.8s C:\Windows\System32\CronJREScreenshot\QtNetwork4.dll
             48.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\67\7962CB7B12233B87.dat
             48.1s C:\Windows\System32\CronJREScreenshot\msvcr100.dll
             48.3s C:\Windows\System32\CronJREScreenshot\msvcp100.dll
             48.4s C:\Windows\System32\CronJREScreenshot\CronJREScreenshot.exe
             53.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\81\
             53.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\81\
             53.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\81\E0002FF35862CD65.dat
             53.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\91\
             53.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\91\2055C24E4A7F9AA7.dat
             53.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\91\2055C24E4A7F9AA7.dat
             53.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\91\2055C24E4A7F9AA7.dat
             53.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\91\2055C24E4A7F9AA7.dat
             53.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\91\2055C24E4A7F9AA7.dat
    
       C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\FAT32OpenWinsock.exe -> Quarantined
          Size . . . . . . . : 226.853 bytes
          Age  . . . . . . . : 14.0 days (2014-07-31 11:08:34)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : 3AEEE1CF7DC4D8D7E3CAA168CAB72DE757315C9FA7B17AB9F59634E43CCAA4A3
          Parent Name  . . . : C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\DriverFrozenWiget.exe
          Running processes  : 3372
        > Bitdefender  . . . : Application.Generic.688453
          Fuzzy  . . . . . . : 117.0
          Network Ports
             127.0.0.1:27441	
             192.168.1.63:49225	173.194.65.138:80
             192.168.1.63:49265	173.194.65.138:80
             192.168.1.63:49272	66.70.34.113:80
             192.168.1.63:49277	87.249.108.118:80
             192.168.1.63:49280	87.249.108.118:80
             192.168.1.63:49281	87.249.108.118:80
             192.168.1.63:49308	209.94.144.19:80
             192.168.1.63:49318	185.29.133.223:80
             192.168.1.63:49337	64.12.106.9:80
             192.168.1.63:49339	87.249.108.118:80
             192.168.1.63:49343	77.222.64.235:80
             192.168.1.63:49344	213.189.27.250:80
             192.168.1.63:49345	213.189.27.250:80
          Forensic Cluster
             -33.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\33\
             -33.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\33\
             -33.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\33\
             -33.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\33\C9E054FC41D8BC21.dat
             -25.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\57\
             -25.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\57\60021EA30339C455.dat
             -25.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\57\60021EA30339C455.dat
             -22.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\89\
             -22.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\89\35F41E53EFE14A01.dat
             -15.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\63\A06D11D8241781F3.dat
             -14.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\72\AF49EA6DC1A264D8.dat
             -14.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\72\
             -9.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\64\
             -9.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\64\14FA41E43C326564.dat
             -8.2s C:\Users\Gebruiker\AppData\LocalLow\{C59E105D-FFD1-539F-40D3-0448A95CB425}\
             -7.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\92\
             -7.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\92\AB8B997DD689B778.dat
             -7.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\
             -7.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\
             -7.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\E7C8FC2B3EEDCB60.dat
             -7.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\E7C8FC2B3EEDCB60.dat
             -7.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\E7C8FC2B3EEDCB60.dat
             -7.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\E7C8FC2B3EEDCB60.dat
             -7.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\E7C8FC2B3EEDCB60.dat
             -7.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\E7C8FC2B3EEDCB60.dat
             -7.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\E7C8FC2B3EEDCB60.dat
             -4.8s C:\ProgramData\2ebf5fabd336352\
             -4.8s C:\ProgramData\2ebf5fabd336352\{CE681A67-9477-CBE6-EB9D-FE534875F98D}.20140731110829
             -4.8s C:\ProgramData\2ebf5fabd336352\{CE681A67-9477-CBE6-EB9D-FE534875F98D}.20140731110829
             -2.1s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\
             -2.1s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\
             -2.0s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\QtCore4.dll
             -1.1s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\QtNetwork4.dll
             -0.9s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\msvcr100.dll
             -0.5s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\msvcp100.dll
              0.0s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\FAT32OpenWinsock.exe
              0.4s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\DriverFrozenWiget.exe
              8.7s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\desktop\
              9.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\67\
              9.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\67\58D3CD5BD5FF9C8F.dat
             16.7s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\service\
             16.8s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\service\DriverFrozenWiget.exe-(PID-4440)-5029238\
             16.8s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\service\DriverFrozenWiget.exe-(PID-4440)-5029238\DriverFrozenWiget.exe-(PID-4440).dmp
             19.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\01\
             19.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\01\1632DC8095619DE9.dat
             23.9s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\service\DriverFrozenWiget.exe-(PID-5436)-5036351\
             23.9s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\service\DriverFrozenWiget.exe-(PID-5436)-5036351\DriverFrozenWiget.exe-(PID-5436).dmp
             23.9s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\service\DriverFrozenWiget.exe-(PID-5436)-5036351\DriverFrozenWiget.exe-(PID-5436).dmp
             26.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\31\
             26.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\31\8ECFAD75813869BB.dat
             28.0s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\service\DriverFrozenWiget.exe-(PID-3088)-5040423\
             29.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\58\3CB49BB7CF562046.dat
             29.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\58\3CB49BB7CF562046.dat
             31.4s C:\Users\Gebruiker\AppData\Local\DriverFrozenWiget\service\DriverFrozenWiget.exe-(PID-3088)-5040423\DriverFrozenWiget.exe-(PID-3088).dmp
             32.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\64\C186B01024B4BD3C.dat
             40.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\39\
             40.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\39\ABAC63195B6E40E3.dat
             41.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\33\C5EE1CCE2CA575D5.dat
             41.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\33\C5EE1CCE2CA575D5.dat
             43.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\67\58D3CD5BD5FF9C8F.dat
             43.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\67\
             47.7s C:\Windows\System32\CronJREScreenshot\
             47.7s C:\Windows\System32\CronJREScreenshot\QtCore4.dll
             48.2s C:\Windows\System32\CronJREScreenshot\QtNetwork4.dll
             48.2s C:\Windows\System32\CronJREScreenshot\QtNetwork4.dll
             48.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\67\7962CB7B12233B87.dat
             48.5s C:\Windows\System32\CronJREScreenshot\msvcr100.dll
             48.7s C:\Windows\System32\CronJREScreenshot\msvcp100.dll
             48.8s C:\Windows\System32\CronJREScreenshot\CronJREScreenshot.exe
             53.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\81\
             53.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\81\
             53.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\81\E0002FF35862CD65.dat
             54.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\91\
             54.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\91\2055C24E4A7F9AA7.dat
             54.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\91\2055C24E4A7F9AA7.dat
             54.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\91\2055C24E4A7F9AA7.dat
             54.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\91\2055C24E4A7F9AA7.dat
             54.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\91\2055C24E4A7F9AA7.dat
    
    
    Malware remnants ____________________________________________________________
    
       HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}\ (FindWide) -> Deleted
       HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}\ (FindWide) -> Deleted
       HKU\S-1-5-21-3398213811-2827433973-1474199790-1000\Software\TNT2\ (FindWide) -> Deleted
    
    Potential Unwanted Programs _________________________________________________
    
       HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player) -> Deleted
       HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player) -> Deleted
       HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player) -> Deleted
       HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player) -> Deleted
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122a36-83b2-46b8-b39a-ec72a4614a07}\ (MindSpark) -> Deleted
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467\ (FLV Player) -> Deleted
       HKLM\SYSTEM\ControlSet001\services\eventlog\Application\Registry Helper Service\ (RegistryHelper) -> Deleted
       HKLM\SYSTEM\ControlSet002\services\eventlog\Application\Registry Helper Service\ (RegistryHelper) -> Deleted
       HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Registry Helper Service\ (RegistryHelper) -> PendingDelete
       HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> Deleted
       HKU\.DEFAULT\Software\AskPartnerNetwork\ (AskBar) -> Deleted
       HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> PendingDelete
       HKU\S-1-5-18\Software\AskPartnerNetwork\ (AskBar) -> PendingDelete
       HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> Deleted
       HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> Deleted
       HKU\S-1-5-21-3398213811-2827433973-1474199790-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113} (FLV Player) -> Deleted
       HKU\S-1-5-21-3398213811-2827433973-1474199790-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe (FLV Player) -> Deleted
       HKU\S-1-5-21-3398213811-2827433973-1474199790-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find) -> Deleted
       HKU\S-1-5-21-3398213811-2827433973-1474199790-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find) -> Deleted
    
    Repairs _____________________________________________________________________
    
       Proxyserver op deze computer (Gebruiker)
       127.0.0.1:27441
    
    
    Cookies _____________________________________________________________________
    
       C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
       C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
       C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
       C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
       C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Cookies\OXG7PE3K.txt

    Comment


    • #3
      Hoi PH-RVG en welkom op Nucia Security Forum,

      Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
      .
      • Log enkel in als beheerder met alle rechten.
      • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
      • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
      • Volg aandachtig de instructies die door mij worden gegeven.
      • Volg enkel het door mij gegeven advies op
      • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
      • Als je iets niet weet of verstaat, vraag het dan even aub.
      • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
      • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
      • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
      • De logs niet als bijlage, noch tussen codetags zetten aub.

      .
      Opmerking: Alle tools steeds uitvoeren als admin.
      De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

      Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....



      Stap 1:

      Malware scannen en verwijderen....

      Start MBAM.
      Klik bovenin het scherm van Malwarebytes Anti-Malware op Scan.
      Kies in het scherm voor de Aangepaste scan en vink de partities aan die van toepassing zijn (c:\ d\ enz..)
      Klik vervolgens op de knop Scan nu.

      Voor het scannen wordt er altijd eerst automatisch gecontroleerd of er updates van de virusdefinities beschikbaar zijn, indien er een update beschikbaar is, moet je deze eerst laten installeren.

      Wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijg je hier een overzicht van.
      Selecteer om allen in quarantaine te plaatsen.
      Bij de melding dat uw computer opnieuw opgestart moet worden klik je op Ja.

      Na herstart van de PC, indien Malwarebytes heeft gevraagd om de PC opnieuw op te starten, open Malwarebytes opnieuw.
      Klik de Historie knop bovenaan in het menu.
      Klik vervolgens op de optie programmalogboeken en selecteer het Scanlogboek wat u wilt exporteren. Dit is de laatste scan die je hebt gedaan (kan je zien aan de datum en tijd).
      Selecteer deze om te bekijken.
      In een nieuw venster dat zal openen zal je de resultaten van je scan zien.

      Onderaan, selecteer ofwel om te exporteren als tekstbestand en geef het tekstbestand een naam, bijvoorbeeld mbamlog.
      Ofwel kan je selecteren om te kopieren naar het klembord, zodat de inhoud van de log naar je klembord wordt gekopieerd en je die zo in je volgende post kan plakken.

      .___________________________________________________________

      Stap 2:

      Controle op slechte toolbars...

      Download AdwCleaner by Xplode naar je Bureaublad.
      • Sluit alle openstaande vensters
      • Start AdwCleaner
      • Klik op Scannen
      • Klik op Verwijderen
      • KLIK HIER voor een vergroting! 

      Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
      Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
      Post deze inhoud hier op het Forum.

      Enkel de log na de "Verwijderen" optie heb ik nodig.

      Vergeet niet om je "smileys" uit te schakelen.

      Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
      Deze word standaard door AdwCleaner terug gezet naar Google.com
      ___________________________________________________________

      Stap 3:

      Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


      DDS is een diagnosetool en maakt gebruik van scripts.
      Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


      Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
      Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
      Beide logfiles sla je op je bureaublad.

      Post de inhoud van DDS.txt.

      De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.


      ___________________________________________________________

      Stap 4:

      Download Security Check op je bureaublad via hier of hier

      Start Security Check
      Volg de Instructies in het scherm
      Aan het eind verschijnt een log ( checkup.txt )
      Plaats de inhoud ervan in je volgende antwoord.


      In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
      .
      • MBAM
      • AdwCleaner
      • DDS
      • checkup.txt

      .
      Deze logs NIET als bijlage of tussen codetags posten aub.
      (Desnoods in meerdere postingen.)

      Emphyrio
      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

      Comment


      • #4
        Malwarebytes Anti-Malware
        www.malwarebytes.org

        Scandatum: 14-8-2014
        Scantijd: 14:03:13
        Logbestand: mbam-log 14-8-2.txt
        Beheerder: Ja

        Versie: 2.00.2.1012
        Malwaredatabase: v2014.08.14.04
        Rootkitdatabase: v2014.08.04.01
        Licentie: Gratis
        Malwarebescherming: Uitgeschakeld
        Kwaadaardige Website Bescherming: Uitgeschakeld
        Self-protection: Uitgeschakeld

        Besturingssysteem: Windows 7 Service Pack 1
        Processor: x86
        Bestandssysteem: NTFS
        Gebruiker: Gebruiker

        Scantype: Bedreigingsscan
        Resultaat: Voltooid
        Objecten Gescand: 270253
        Verstreken Tijd: 13 m, 56 s

        Geheugen: Ingeschakeld
        Opstarten: Ingeschakeld
        Bestandssysteem: Ingeschakeld
        Archieven: Ingeschakeld
        Rootkits: Uitgeschakeld
        Heuristics: Ingeschakeld
        POP: Waarschuwen
        POA: Ingeschakeld

        Processen: 0
        (No malicious items detected)

        Modules: 0
        (No malicious items detected)

        Registersleutels: 0
        (No malicious items detected)

        Registerwaardes: 0
        (No malicious items detected)

        Registerdata: 0
        (No malicious items detected)

        Mappen: 0
        (No malicious items detected)

        Bestanden: 0
        (No malicious items detected)

        Fysieke Sectoren: 0
        (No malicious items detected)


        (end)

        # AdwCleaner v3.305 - Rapport aangemaakt 15/08/2014 op 00:00:52
        # Laatste Update 14/08/2014 door Xplode
        # Besturingssysteem : Windows 7 Enterprise Service Pack 1 (32 bits)
        # Gebruikersnaam : Gebruiker - GEBRUIKER-PC
        # Gestart vanuit : C:\Users\Gebruiker\Desktop\adwcleaner_3.305.exe
        # Optie : Verwijderen

        ***** [ Services ] *****


        ***** [ Bestanden / Mappen ] *****


        ***** [ Taken ] *****


        ***** [ Snelkoppelingen ] *****


        ***** [ Register ] *****

        Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
        Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

        ***** [ Browsers ] *****

        -\\ Internet Explorer v11.0.9600.17239


        -\\ Google Chrome v36.0.1985.125

        [ Bestand : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\preferences ]


        *************************

        AdwCleaner[R0].txt - [1999 octets] - [14/08/2014 09:35:45]
        AdwCleaner[R1].txt - [1293 octets] - [15/08/2014 00:00:01]
        AdwCleaner[S0].txt - [2085 octets] - [14/08/2014 09:38:40]
        AdwCleaner[S1].txt - [1223 octets] - [15/08/2014 00:00:52]

        ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1283 octets] ##########

        DDS (Ver_2012-11-20.01) - NTFS_x86
        Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.67.2
        Run by Gebruiker at 0:06:43 on 2014-08-15
        Microsoft Windows 7 Enterprise 6.1.7601.1.1252.31.1043.18.1983.1098 [GMT 2:00]
        .
        AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
        SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
        .
        ============== Running Processes ================
        .
        C:\Windows\system32\wininit.exe
        C:\Windows\system32\lsm.exe
        C:\Windows\system32\nvvsvc.exe
        C:\Program Files\Microsoft Security Client\MsMpEng.exe
        C:\Windows\system32\rundll32.exe
        C:\Windows\System32\spoolsv.exe
        C:\Windows\system32\taskhost.exe
        C:\Windows\system32\Dwm.exe
        C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
        C:\Windows\Explorer.EXE
        C:\Windows\system32\taskeng.exe
        C:\Program Files\Google\Update\GoogleUpdate.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
        C:\Windows\system32\DRIVERS\xaudio.exe
        C:\Program Files\Microsoft Security Client\msseces.exe
        C:\Program Files\EMET 4.1\EMET_Agent.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
        C:\Program Files\Microsoft Security Client\NisSrv.exe
        C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
        C:\Windows\system32\CronJREScreenshot\CronJREScreenshot.exe
        C:\Windows\system32\sppsvc.exe
        C:\Program Files\Windows Media Player\wmpnetwk.exe
        C:\Windows\system32\wbem\wmiprvse.exe
        C:\Windows\system32\conhost.exe
        C:\Windows\system32\wbem\wmiprvse.exe
        \\?\C:\Windows\system32\wbem\WMIADAP.EXE
        C:\Windows\system32\svchost.exe -k DcomLaunch
        C:\Windows\system32\svchost.exe -k RPCSS
        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        C:\Windows\system32\svchost.exe -k LocalService
        C:\Windows\system32\svchost.exe -k netsvcs
        C:\Windows\system32\svchost.exe -k GPSvcGroup
        C:\Windows\system32\svchost.exe -k NetworkService
        C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
        C:\Windows\system32\svchost.exe -k imgsvc
        C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
        C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
        .
        ============== Pseudo HJT Report ===============
        .
        uStart Page = hxxps://www.google.nl/
        uSearch Bar = hxxp://www.google.com/ie
        uSearch Page = hxxp://www.google.com
        uDefault_Search_URL = hxxp://www.google.com/ie
        mStart Page = hxxp://www.google.com
        uProxyServer = hxxp=127.0.0.1:31217
        uProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
        uSearchAssistant = hxxp://www.google.com/ie
        uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
        BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
        BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
        BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
        BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
        BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
        BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
        BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\program files\adblock plus for ie\AdblockPlus32.dll
        TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
        TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
        mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
        mRun: [EMET 4.1 Update 1 Agent] "c:\program files\emet 4.1\EMET_agent.exe"
        mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
        mPolicies-System: ConsentPromptBehaviorUser = dword:3
        mPolicies-System: EnableUIADesktopToggle = dword:0
        IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
        IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
        IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
        TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58
        TCP: Interfaces\{964AB21D-612C-40D1-A2B3-080BB524FD53} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
        TCP: Interfaces\{964AB21D-612C-40D1-A2B3-080BB524FD53}\445654E636B634166656 : DHCPNameServer = 192.168.1.1 192.168.1.1
        TCP: Interfaces\{964AB21D-612C-40D1-A2B3-080BB524FD53}\458656164756270246560254E636B6 : DHCPNameServer = 192.168.1.1
        TCP: Interfaces\{964AB21D-612C-40D1-A2B3-080BB524FD53}\4586F6D637F6E6934323336463 : DHCPNameServer = 192.168.2.254
        TCP: Interfaces\{964AB21D-612C-40D1-A2B3-080BB524FD53}\550534135303331343 : DHCPNameServer = 213.46.228.196 62.179.104.196
        TCP: Interfaces\{964AB21D-612C-40D1-A2B3-080BB524FD53}\84232303E4836303145343 : DHCPNameServer = 192.168.2.254
        TCP: Interfaces\{964AB21D-612C-40D1-A2B3-080BB524FD53}\D4565637475627A71616C6 : DHCPNameServer = 192.168.1.1 192.168.1.1
        TCP: Interfaces\{D5C033A0-902B-48D5-81A5-21D395DF546F} : DHCPNameServer = 213.46.228.196 62.179.104.196
        Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
        AppInit_DLLs= \
        SSODL: WebCheck - <orphaned>
        SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
        mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
        mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
        .
        ============= SERVICES / DRIVERS ===============
        .
        R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
        R2 CronJREScreenshot;CronJREScreenshot;c:\windows\system32\cronjrescreenshot\CronJREScreenshot.exe [2014-7-31 60965]
        R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 104264]
        R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
        R3 RTL8192cu;NETGEAR WNA1000M N150 Wireless USB Micro Adapter;c:\windows\system32\drivers\WNA1000M.sys [2011-2-21 734824]
        S2 ADExchange;ArcSoft Exchange Service;c:\program files\common files\arcsoft\esinter\bin\eservutil.exe --> c:\program files\common files\arcsoft\esinter\bin\eservutil.exe [?]
        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
        S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
        S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2013-1-18 228408]
        S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-8-14 30976]
        S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-8-14 108032]
        S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-8-14 14848]
        S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
        S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
        S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
        S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
        S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-8-14 49152]
        S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2013-1-18 1343400]
        .
        =============== Created Last 30 ================
        .
        2014-08-14 10:20:18 6081224 -c--a-w- c:\program files\common files\windows live\.cache\58c262a01cfb7a901\onedrivesetup.exe
        2014-08-14 09:44:04 -------- d-----w- c:\program files\Adblock Plus for IE
        2014-08-14 09:15:42 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
        2014-08-14 09:15:42 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
        2014-08-14 09:05:41 -------- d-----w- c:\windows\system32\drivers\en-US
        2014-08-14 09:03:02 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
        2014-08-14 09:02:51 221184 ----a-w- c:\windows\system32\rdpudd.dll
        2014-08-14 09:02:51 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
        2014-08-14 08:57:15 -------- d-----w- c:\program files\Synaptics
        2014-08-14 08:54:09 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
        2014-08-14 08:54:04 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
        2014-08-14 08:54:02 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
        2014-08-14 08:54:00 17920 ----a-w- c:\windows\system32\wksprtPS.dll
        2014-08-14 08:54:00 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
        2014-08-14 08:53:59 53248 ----a-w- c:\windows\system32\tsgqec.dll
        2014-08-14 08:53:59 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
        2014-08-14 08:53:58 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
        2014-08-14 08:53:58 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
        2014-08-14 08:53:58 350208 ----a-w- c:\windows\system32\wksprt.exe
        2014-08-14 08:53:57 5698048 ----a-w- c:\windows\system32\mstscax.dll
        2014-08-14 08:53:57 1068544 ----a-w- c:\windows\system32\mstsc.exe
        2014-08-14 08:53:14 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{56149d31-797d-4388-859c-ae2ca7e601d7}\mpengine.dll
        2014-08-14 08:49:57 99480 ----a-w- c:\windows\system32\infocardapi.dll
        2014-08-14 08:49:48 8856 ----a-w- c:\windows\system32\icardres.dll
        2014-08-14 08:49:34 619672 ----a-w- c:\windows\system32\icardagt.exe
        2014-08-14 08:49:20 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
        2014-08-14 08:47:49 -------- d-----w- c:\program files\CONEXANT
        2014-08-14 08:39:31 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
        2014-08-14 08:39:23 514560 ----a-w- c:\windows\system32\qdvd.dll
        2014-08-14 08:10:45 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
        2014-08-14 08:00:35 -------- d-----w- c:\programdata\HitmanPro
        2014-08-14 07:36:23 2352640 ----a-w- c:\windows\system32\win32k.sys
        2014-08-14 07:36:22 305152 ----a-w- c:\windows\system32\gdi32.dll
        2014-08-14 07:36:08 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
        2014-08-14 07:36:08 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
        2014-08-14 07:35:50 2363392 ----a-w- c:\windows\system32\msi.dll
        2014-08-14 07:35:50 1805824 ----a-w- c:\windows\system32\authui.dll
        2014-08-14 07:35:48 337408 ----a-w- c:\windows\system32\msihnd.dll
        2014-08-14 07:35:48 101824 ----a-w- c:\windows\system32\consent.exe
        2014-08-14 07:35:30 -------- d-----w- C:\AdwCleaner
        2014-08-14 07:34:30 412160 ----a-w- c:\windows\system32\aepdu.dll
        2014-08-14 07:34:26 302592 ----a-w- c:\windows\system32\aeinv.dll
        2014-08-14 07:34:20 2048 ----a-w- c:\windows\system32\tzres.dll
        2014-08-13 16:11:11 -------- d-----w- c:\program files\EMET 4.1
        2014-08-13 15:59:46 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
        2014-08-13 15:08:07 536576 ----a-w- c:\windows\system32\sqlite3.dll
        2014-08-13 14:56:23 -------- d-----w- c:\windows\ERUNT
        2014-08-13 14:48:44 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{30788d79-fee1-4793-aeb1-1fddb07a0d7e}\gapaengine.dll
        2014-08-13 12:20:06 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
        2014-08-13 12:19:38 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
        2014-08-13 12:19:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
        2014-08-13 12:19:37 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
        2014-08-12 23:00:10 4575232 ----a-w- c:\windows\system32\GPhotos.scr
        2014-08-08 14:38:19 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
        2014-07-31 20:33:19 -------- d-----w- c:\users\gebruiker\appdata\local\StormAlerts
        2014-07-31 10:15:06 -------- d-----w- c:\programdata\teopbauyeer
        2014-07-31 09:45:34 -------- d-----w- c:\users\gebruiker\Nieuwe map
        2014-07-31 09:45:09 -------- d-----w- c:\users\gebruiker\7-zip
        2014-07-31 09:09:21 -------- d-----w- c:\windows\system32\CronJREScreenshot
        2014-07-31 09:08:29 -------- d-----w- c:\programdata\2ebf5fabd336352
        2014-07-16 05:50:48 -------- d-----w- c:\program files\iPod
        2014-07-16 05:50:46 -------- d-----w- c:\program files\iTunes
        .
        ==================== Find3M ====================
        .
        2014-07-25 13:04:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
        2014-07-25 13:03:54 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
        2014-07-25 12:34:49 61952 ----a-w- c:\windows\system32\iesetup.dll
        2014-07-25 12:34:03 455168 ----a-w- c:\windows\system32\vbscript.dll
        2014-07-25 12:33:08 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
        2014-07-25 12:30:32 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
        2014-07-25 12:10:15 112128 ----a-w- c:\windows\system32\ieUnatt.exe
        2014-07-25 12:10:12 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
        2014-07-25 12:08:47 597504 ----a-w- c:\windows\system32\jscript9diag.dll
        2014-07-25 12:06:47 4204032 ----a-w- c:\windows\system32\jscript9.dll
        2014-07-25 11:59:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
        2014-07-25 11:43:16 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
        2014-07-25 11:07:49 2001920 ----a-w- c:\windows\system32\inetcpl.cpl
        2014-07-25 11:07:10 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
        2014-07-25 10:05:23 1792512 ----a-w- c:\windows\system32\wininet.dll
        2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
        2014-07-10 16:17:22 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
        2014-07-10 16:17:21 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
        2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
        2014-06-16 01:44:49 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
        2014-06-16 01:44:49 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
        2014-06-16 01:40:20 107520 ----a-w- c:\windows\system32\cdd.dll
        2014-06-06 09:44:17 509440 ----a-w- c:\windows\system32\qedit.dll
        2014-06-05 14:26:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
        2014-05-30 07:52:51 172032 ----a-w- c:\windows\system32\wdigest.dll
        2014-05-30 07:52:49 65536 ----a-w- c:\windows\system32\TSpkg.dll
        2014-05-30 07:52:45 247808 ----a-w- c:\windows\system32\schannel.dll
        2014-05-30 07:52:41 220160 ----a-w- c:\windows\system32\ncrypt.dll
        2014-05-30 07:52:40 259584 ----a-w- c:\windows\system32\msv1_0.dll
        2014-05-30 07:52:36 550912 ----a-w- c:\windows\system32\kerberos.dll
        2014-05-30 07:52:30 17408 ----a-w- c:\windows\system32\credssp.dll
        2014-05-30 06:36:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
        2014-05-28 14:23:32 559312 ----a-w- c:\windows\apppatch\EMET.dll
        2014-05-28 14:23:30 160464 ----a-w- c:\windows\apppatch\apppatch64\EMET64.dll
        2013-11-11 13:59:29 10137600 ----a-w- c:\program files\GUTFF46.tmp
        .
        ============= FINISH: 0:09:02,00 ===============

        Results of screen317's Security Check version 0.99.87
        Windows 7 Service Pack 1 x86 (UAC is enabled)
        Internet Explorer 11
        ``````````````Antivirus/Firewall Check:``````````````
        Microsoft Security Essentials
        Antivirus up to date!
        `````````Anti-malware/Other Utilities Check:`````````
        CCleaner
        Java 7 Update 67
        Adobe Reader XI
        Google Chrome 35.0.1916.153
        Google Chrome 36.0.1985.125
        ````````Process Check: objlist.exe by Laurent````````
        Microsoft Security Essentials MSMpEng.exe
        Microsoft Security Essentials msseces.exe
        `````````````````System Health check`````````````````
        Total Fragmentation on Drive C:
        ````````````````````End of Log``````````````````````

        Comment


        • #5
          Ik had om een aangepaste scan met MBAM 2.0 gevraagd, staat zelfs in het groot.

          Doe de MBAM scan dus opnieuw, maar deze maal de correcte scan, post deze log en tevens een verse DDS log.
          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

          Comment


          • #6
            MBAM vindt geen enkele infectie maar creëert aan het eind ook geen logboek, wel van de update overigens.

            Comment


            • #7
              Oorspronkelijk geplaatst door PH-RVG Bekijk Berichten
              MBAM vindt geen enkele infectie maar creëert aan het eind ook geen logboek, wel van de update overigens.
              MBAM geeft steeds een log.

              Klik de Historie knop bovenaan in het menu.
              Klik vervolgens op de optie programmalogboeken en selecteer het Scanlogboek wat u wilt exporteren. Dit is de laatste scan die je hebt gedaan (kan je zien aan de datum en tijd).
              Selecteer deze om te bekijken.
              In een nieuw venster dat zal openen zal je de resultaten van je scan zien.

              Onderaan, selecteer ofwel om te exporteren als tekstbestand en geef het tekstbestand een naam, bijvoorbeeld mbamlog.
              Ofwel kan je selecteren om te kopieren naar het klembord, zodat de inhoud van de log naar je klembord wordt gekopieerd en je die zo in je volgende post kan plakken.
              Post deze log zoals gevraag is aub.
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                Oorspronkelijk geplaatst door Emphyrio Bekijk Berichten
                MBAM geeft steeds een log.


                Post deze log zoals gevraag is aub.
                Geloof me nu alsjeblieft: er kwam het scherm dat er geen infecties waren en daarna werd er geen log gemaakt. Ik zal MBAM deinstalleren en opnieuw installeren en kijken of het dan wel werkt zoals je verwacht.

                Comment


                • #9
                  Je moet MBAM niet desinstalleren.
                  Enkel de log posten. Je kunt deze vinden als je de instructies die ik eerder gepost heb volgt.

                  Click image for larger version

Name:	Naamloos.png
Views:	1
Size:	73,3 KB
ID:	1067840

                  Click image for larger version

Name:	scanlog.png
Views:	1
Size:	43,3 KB
ID:	1067841
                  Last edited by Emphyrio; 15-08-14, 15:09.
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment


                  • #10
                    Oorspronkelijk geplaatst door Emphyrio Bekijk Berichten
                    Je moet MBAM niet desinstalleren.
                    Enkel de log posten. Je kunt deze vinden als je de instructies die ik eerder gepost heb volgt.
                    Echt, Emphyrio, ik wil best doen wat je zegt, maar geloof me nu, MBAM heeft echt geen logboek gemaakt.
                    Hoe dan ook, ik heb MBAM opnieuw geinstalleerd en de scan draait nu weer (duurt 1 1/2 uur) daarna probeer ik je instructies te volgen.

                    Comment


                    • #11
                      Ik geloof je hoor
                      Maar dat betekend dat de MBAM instellingen niet juist stonden. Voor de zekerheid, kijk dit eens na:


                      Click image for larger version

Name:	Logboek instellingen.png
Views:	1
Size:	91,8 KB
ID:	1067842
                      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                      Comment


                      • #12
                        Oorspronkelijk geplaatst door Emphyrio Bekijk Berichten
                        Ik geloof je hoor
                        Maar dat betekend dat de MBAM instellingen niet juist stonden. Voor de zekerheid, kijk dit eens na:


                        [ATTACH=CONFIG]13174[/ATTACH]
                        JA, dat stond inderdaad verkeerd. Hersteld en zodra de huidige scan klaar is komt er dan een mooi schoon logje....

                        Comment


                        • #13
                          Prima
                          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                          Comment


                          • #14
                            Ik word hier een beetje moedeloos van. Behalve dat ik continue de proxy moet afzetten heb ik nu vandaag 4x de complete scan van MBAM doorlopen maar nog steeds geen log. De enig log die ik heb gekregen is die van de update:
                            Click image for larger version

Name:	k1.PNG
Views:	1
Size:	104,9 KB
ID:	1067843
                            Click image for larger version

Name:	k-2.PNG
Views:	1
Size:	45,1 KB
ID:	1067844
                            Click image for larger version

Name:	k-3.PNG
Views:	1
Size:	70,3 KB
ID:	1067845
                            Click image for larger version

Name:	k-4.PNG
Views:	1
Size:	75,1 KB
ID:	1067846

                            Ik draai de aangepaste scan (duurt 1 1/2 uur); MBAM meldt dat er geen infecties zijn maar er komt geen log.
                            Wat kan ik verder nog verkeerd doen?
                            Last edited by PH-RVG; 15-08-14, 16:55.

                            Comment


                            • #15
                              Download Combofix naar je bureaublad.
                              (Dus niet naar een download map of temp map)

                              Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
                              Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

                              Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

                              Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                              Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                              Als Combofix vraagt om een update, dan staat je dit toe.

                              Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                              Deze kan je vinden als C:\combofix.txt.

                              Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                              * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                              • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                              • Illegal operation attempted on a registry key that has been marked for deletion.
                              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X