Tweet
onlangs een virus gehad die door avg is verwijderd.
Pc start niet meer door. Na het ingeven van het wachtwoord krijg ik de taakbalk en mijn pictogrammen niet meer terug.
via ctrl-alt-del kan ik explorer.exe starten en wordt alles weer hersteld.
graag jullie advies.
mbam
Malwarebytes Anti-Malware
Scandatum: 8-9-2014
Scantijd: 17:03:53
Logbestand:
Beheerder: Ja
Versie: 2.00.2.1012
Malwaredatabase: v2014.09.08.04
Rootkitdatabase: v2014.08.21.01
Licentie: Gratis
Malwarebescherming: Uitgeschakeld
Kwaadaardige Website Bescherming: Uitgeschakeld
Self-protection: Uitgeschakeld
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Administrator
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 408640
Verstreken Tijd: 15 m, 28 s
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Ingeschakeld
Heuristics: Ingeschakeld
POP: Waarschuwen
POA: Ingeschakeld
Processen: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registersleutels: 0
(No malicious items detected)
Registerwaardes: 0
(No malicious items detected)
Registerdata: 0
(No malicious items detected)
Mappen: 0
(No malicious items detected)
Bestanden: 0
(No malicious items detected)
Fysieke Sectoren: 0
(No malicious items detected)
(end)
DDS
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.51.2
Run by Administrator at 17:42:32 on 2014-09-08
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.31.1033.18.8123.6157 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\explorer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mysearch.avg.com?cid={9D6E00B4-6A4F-4464-99AA-00C319999402}&mid=56677dcf73a547d3932bd16a62c0d9a3-d6823adcc1dab734c6ab8b65f52cff357b1f14af&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-20 12:18:16&v=18.1.5.512&pid=safeguard&sg=&sap=hp
uSearch Bar = Preserve
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: PDFXChange 4.0 IE Plugin: {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 212.54.40.25 212.54.44.54
TCP: Interfaces\{67903594-62C0-4E2D-8F02-456A3E214947} : DHCPNameServer = 212.54.40.25 212.54.44.54
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: dinotify.exe - C:\Program Files (x86)\NetInst\dinotd64.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.cmd,
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: dinotify.exe - C:\Program Files (x86)\NetInst\dinotd64.exe
Hosts: 10.196.48.229 SG-WSUS.de.ina.com # local WSUS Server nl010008.emea.ina.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-9-8 63000]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-9-8 441144]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-5-14 4901888]
R3 e1kexpress;Intel(R) Network Connections Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2013-10-1 497424]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-8 56344]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-16 122584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 a320raid;a320raid;C:\Windows\System32\drivers\a320raid.sys [2010-4-10 377344]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-5 151936]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-22 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-22 787736]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-11-4 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-11-4 181248]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2011-11-7 72808]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-26 19456]
S3 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-4-2 101888]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-10-24 27136]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-10-26 29696]
S3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2012-8-22 136512]
S3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2012-8-22 411968]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-16 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-26 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-25 1255736]
SUnknown esiCore;esiCore; [x]
SUnknown Netreflect_Service;Netreflect_Service; [x]
SUnknown NIAIServ;NIAIServ; [x]
SUnknown NiExServ;NiExServ; [x]
.
=============== Created Last 30 ================
.
2014-09-08 15:12:14 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-08 15:11:28 -------- d-----w- C:\Users\Administrator\rootkit
2014-09-08 15:09:30 -------- d-----w- C:\ProgramData\Malwarebytes Anti-Exploit
2014-09-08 15:09:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-09-06 07:53:51 -------- d-----w- C:\Program Files (x86)\stinger
2014-08-21 17:52:16 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-21 17:51:51 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-21 17:51:51 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-21 17:51:36 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-21 17:51:36 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-21 17:51:36 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-21 17:51:36 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-14 17:06:22 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-14 17:06:22 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-14 17:06:22 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-14 17:06:22 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-14 17:06:19 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-14 17:06:19 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-14 17:06:02 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-14 17:06:02 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-14 15:58:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-14 15:58:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-14 15:58:29 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-08-14 15:58:29 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-08-14 15:58:28 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-08-14 15:58:28 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-08-14 15:58:28 1942016 ----a-w- C:\Windows\System32\authui.dll
2014-08-14 15:58:28 1806336 ----a-w- C:\Windows\SysWow64\authui.dll
2014-08-14 15:58:28 112576 ----a-w- C:\Windows\System32\consent.exe
2014-08-14 15:58:23 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
.
==================== Find3M ====================
.
2014-09-08 15:41:03 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-08 15:11:45 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:33 3166720 ----a-w- C:\Windows\System32\win32k.sys
2014-08-06 08:50:04 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-21 19:03:12 244504 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-06-30 10:43:02 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-17 14:21:34 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-06-17 14:07:12 328984 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-06-17 14:06:58 269080 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-06-17 14:06:24 190744 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-06-17 14:06:06 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 17:43:13,76 ===============
GMER
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-08 18:21:17
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721025CLA382 rev.JP1OA3GH 232,89GB
Running: 9wg78egr.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1856] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076e71465 2 bytes [E7, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1856] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076e714bb 2 bytes [E7, 76]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e71465 2 bytes [E7, 76]
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e714bb 2 bytes [E7, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [3756] entry point in ".rdata" section 00000000709a71e6
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1364:1952] 000007fef978bd88
Thread C:\Windows\system32\svchost.exe [1364:2548] 000007fef7dd83d8
Thread C:\Windows\system32\svchost.exe [1364:2552] 000007fef7dd83d8
Thread C:\Windows\system32\svchost.exe [1364:2676] 000007fef7163f1c
Thread C:\Windows\system32\svchost.exe [1364:2680] 000007fef7131a38
Thread C:\Windows\system32\svchost.exe [1364:2692] 000007fef7085388
Thread C:\Windows\system32\svchost.exe [1364:2696] 000007fef7067738
Thread C:\Windows\system32\svchost.exe [1364:2712] 000007fef7051f90
Thread C:\Windows\system32\svchost.exe [1364:3236] 000007fef8a55124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3108:3356] 000007fef6182bf8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3108:3364] 000007fef23c4830
---- EOF - GMER 2.1 ----
Pc start niet meer door. Na het ingeven van het wachtwoord krijg ik de taakbalk en mijn pictogrammen niet meer terug.
via ctrl-alt-del kan ik explorer.exe starten en wordt alles weer hersteld.
graag jullie advies.
mbam
Malwarebytes Anti-Malware
Scandatum: 8-9-2014
Scantijd: 17:03:53
Logbestand:
Beheerder: Ja
Versie: 2.00.2.1012
Malwaredatabase: v2014.09.08.04
Rootkitdatabase: v2014.08.21.01
Licentie: Gratis
Malwarebescherming: Uitgeschakeld
Kwaadaardige Website Bescherming: Uitgeschakeld
Self-protection: Uitgeschakeld
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Administrator
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 408640
Verstreken Tijd: 15 m, 28 s
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Ingeschakeld
Heuristics: Ingeschakeld
POP: Waarschuwen
POA: Ingeschakeld
Processen: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registersleutels: 0
(No malicious items detected)
Registerwaardes: 0
(No malicious items detected)
Registerdata: 0
(No malicious items detected)
Mappen: 0
(No malicious items detected)
Bestanden: 0
(No malicious items detected)
Fysieke Sectoren: 0
(No malicious items detected)
(end)
DDS
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.51.2
Run by Administrator at 17:42:32 on 2014-09-08
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.31.1033.18.8123.6157 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\explorer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mysearch.avg.com?cid={9D6E00B4-6A4F-4464-99AA-00C319999402}&mid=56677dcf73a547d3932bd16a62c0d9a3-d6823adcc1dab734c6ab8b65f52cff357b1f14af&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-20 12:18:16&v=18.1.5.512&pid=safeguard&sg=&sap=hp
uSearch Bar = Preserve
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: PDFXChange 4.0 IE Plugin: {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 212.54.40.25 212.54.44.54
TCP: Interfaces\{67903594-62C0-4E2D-8F02-456A3E214947} : DHCPNameServer = 212.54.40.25 212.54.44.54
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: dinotify.exe - C:\Program Files (x86)\NetInst\dinotd64.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.cmd,
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: dinotify.exe - C:\Program Files (x86)\NetInst\dinotd64.exe
Hosts: 10.196.48.229 SG-WSUS.de.ina.com # local WSUS Server nl010008.emea.ina.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-9-8 63000]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-9-8 441144]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-5-14 4901888]
R3 e1kexpress;Intel(R) Network Connections Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2013-10-1 497424]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-8 56344]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-16 122584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 a320raid;a320raid;C:\Windows\System32\drivers\a320raid.sys [2010-4-10 377344]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-5 151936]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-22 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-22 787736]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-11-4 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-11-4 181248]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2011-11-7 72808]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-26 19456]
S3 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-4-2 101888]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-10-24 27136]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-10-26 29696]
S3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2012-8-22 136512]
S3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2012-8-22 411968]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-16 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-26 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-25 1255736]
SUnknown esiCore;esiCore; [x]
SUnknown Netreflect_Service;Netreflect_Service; [x]
SUnknown NIAIServ;NIAIServ; [x]
SUnknown NiExServ;NiExServ; [x]
.
=============== Created Last 30 ================
.
2014-09-08 15:12:14 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-08 15:11:28 -------- d-----w- C:\Users\Administrator\rootkit
2014-09-08 15:09:30 -------- d-----w- C:\ProgramData\Malwarebytes Anti-Exploit
2014-09-08 15:09:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-09-06 07:53:51 -------- d-----w- C:\Program Files (x86)\stinger
2014-08-21 17:52:16 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-21 17:51:51 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-21 17:51:51 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-21 17:51:36 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-21 17:51:36 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-21 17:51:36 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-21 17:51:36 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-14 17:06:22 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-14 17:06:22 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-14 17:06:22 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-14 17:06:22 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-14 17:06:19 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-14 17:06:19 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-14 17:06:02 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-14 17:06:02 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-14 15:58:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-14 15:58:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-14 15:58:29 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-08-14 15:58:29 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-08-14 15:58:28 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-08-14 15:58:28 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-08-14 15:58:28 1942016 ----a-w- C:\Windows\System32\authui.dll
2014-08-14 15:58:28 1806336 ----a-w- C:\Windows\SysWow64\authui.dll
2014-08-14 15:58:28 112576 ----a-w- C:\Windows\System32\consent.exe
2014-08-14 15:58:23 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
.
==================== Find3M ====================
.
2014-09-08 15:41:03 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-08 15:11:45 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:33 3166720 ----a-w- C:\Windows\System32\win32k.sys
2014-08-06 08:50:04 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-21 19:03:12 244504 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-06-30 10:43:02 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-17 14:21:34 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-06-17 14:07:12 328984 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-06-17 14:06:58 269080 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-06-17 14:06:24 190744 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-06-17 14:06:06 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 17:43:13,76 ===============
GMER
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-08 18:21:17
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721025CLA382 rev.JP1OA3GH 232,89GB
Running: 9wg78egr.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1856] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076e71465 2 bytes [E7, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1856] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076e714bb 2 bytes [E7, 76]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e71465 2 bytes [E7, 76]
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e714bb 2 bytes [E7, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [3756] entry point in ".rdata" section 00000000709a71e6
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1364:1952] 000007fef978bd88
Thread C:\Windows\system32\svchost.exe [1364:2548] 000007fef7dd83d8
Thread C:\Windows\system32\svchost.exe [1364:2552] 000007fef7dd83d8
Thread C:\Windows\system32\svchost.exe [1364:2676] 000007fef7163f1c
Thread C:\Windows\system32\svchost.exe [1364:2680] 000007fef7131a38
Thread C:\Windows\system32\svchost.exe [1364:2692] 000007fef7085388
Thread C:\Windows\system32\svchost.exe [1364:2696] 000007fef7067738
Thread C:\Windows\system32\svchost.exe [1364:2712] 000007fef7051f90
Thread C:\Windows\system32\svchost.exe [1364:3236] 000007fef8a55124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3108:3356] 000007fef6182bf8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3108:3364] 000007fef23c4830
---- EOF - GMER 2.1 ----
Comment