Mededeling

Collapse
No announcement yet.

trojanen onder verschillende namen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • trojanen onder verschillende namen

    terugkerende foutmeldingen bij MBAM over trojans; bv trojan Ebtion, of Trojan FakeMS...
    het maakt mijn pc trager.
    ik stuur een hijackthis log in, maar niet nadat...
    AVG proefversies gezeur is vervangen en geupdate door AVG free 2015
    MBAM is vervangen door de nieuwste versie
    Zowel AVG als MBAM zijn verwijderd via Revo uninstaller, dus inclusief registeropschoning. En daarna heb ik een check gedaan.
    Bovenstaande is gedaan binnen ong. 6 minuutjes...
    bij voorbaat dank

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:14:30, on 26-10-2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17344)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVG\AVG2015\avgui.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
    O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
    O4 - Startup: find.lnk = Gebruiker\AppData\Roaming\Microsoft\Windows\IEUpdate\find.exe
    O4 - Startup: label.lnk = Gebruiker\AppData\Roaming\Microsoft\Windows\IEUpdate\label.exe
    O4 - Global Startup: Secunia PSI Tray.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
    O23 - Service: EnGenius11nSU - Realtek - C:\Program Files\EnGenius\11n USB Wireless LAN Utility\RtlService.exe
    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Edimax\Common\RaRegistry.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

    --
    End of file - 6164 bytes
    groetjes, Hein

  • #2
    Hoi Hendricus

    De eerste stap is het uitvoeren van deze richtlijn: !!! BELANGRIJK !!!: Lees dit eerst voor je een bericht plaatst!.
    Lees aandachtig de instructies daar, voer ze uit en plaats de logs.

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Malwarebytes Anti-Malware
      www.malwarebytes.org

      Scandatum: 27-10-2014
      Scantijd: 8:21:16
      Logbestand: mbamlog.txt
      Beheerder: Ja

      Versie: 0.00.0.0000
      Malwaredatabase: v2014.10.27.01
      Rootkitdatabase: v2014.10.22.01
      Licentie: Proef
      Malwarebescherming: Ingeschakeld
      Kwaadaardige Website Bescherming: Ingeschakeld
      Zelfbescherming: Uitgeschakeld

      Besturingssysteem: Windows 7 Service Pack 1
      Processor: x86
      Bestandssysteem: NTFS
      Gebruiker: Gebruiker

      Scantype: Aangepaste Scan
      Resultaat: Voltooid
      Objecten Gescand: 470098
      Verstreken Tijd: 3 u, 22 m, 59 s

      Geheugen: Ingeschakeld
      Opstarten: Ingeschakeld
      Bestandssysteem: Ingeschakeld
      Archieven: Ingeschakeld
      Rootkits: Ingeschakeld
      Heuristiek: Ingeschakeld
      POP: Ingeschakeld
      POA: Ingeschakeld

      Processen: 0
      (Geen kwaadaardige items gedetecteerd)

      Modules: 0
      (Geen kwaadaardige items gedetecteerd)

      Registersleutels: 0
      (Geen kwaadaardige items gedetecteerd)

      Registerwaardes: 0
      (Geen kwaadaardige items gedetecteerd)

      Registerdata: 0
      (Geen kwaadaardige items gedetecteerd)

      Mappen: 0
      (Geen kwaadaardige items gedetecteerd)

      Bestanden: 0
      (Geen kwaadaardige items gedetecteerd)

      Fysieke Sectoren: 0
      (Geen kwaadaardige items gedetecteerd)


      (end)

      # AdwCleaner v4.002 - Rapport aangemaakt 27/10/2014 op 10:23:30
      # Laatste Update 27/10/2014 door Xplode
      # Databank : 2014-10-26.6
      # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (32 bits)
      # Gebruikersnaam : Gebruiker - VROMANS
      # Gestart vanuit : D:\documenten\Downloads\adwcleaner_4.002.exe
      # Optie : Scannen

      ***** [ Services ] *****


      ***** [ Bestanden / Mappen ] *****


      ***** [ Taken ] *****


      ***** [ Snelkoppelingen ] *****


      ***** [ Register ] *****


      ***** [ Browsers ] *****

      -\\ Internet Explorer v11.0.9600.17344


      -\\ Google Chrome v38.0.2125.104


      *************************

      AdwCleaner[R7].txt - [5273 octets] - [27/10/2014 09:47:02]
      AdwCleaner[R8].txt - [693 octets] - [27/10/2014 10:23:30]
      AdwCleaner[S6].txt - [6031 octets] - [27/10/2014 09:56:09]

      ########## EOF - C:\AdwCleaner\AdwCleaner[R8].txt - [812 octets] ##########


      DDS (Ver_2012-11-05.02) - NTFS_x86
      Internet Explorer: 11.0.9600.17344
      Run by Gebruiker at 10:31:50 on 2014-10-27
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3455.2200 [GMT 1:00]
      .
      AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
      SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
      .
      ============== Running Processes ================
      .
      c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
      C:\Program Files\AVG\AVG2015\avgcsrvx.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\nvvsvc.exe
      C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
      C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
      C:\Windows\system32\nvvsvc.exe
      C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
      C:\Windows\System32\spoolsv.exe
      C:\Program Files\AVG\AVG2015\avgidsagent.exe
      C:\Program Files\AVG\AVG2015\avgwdsvc.exe
      C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
      C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
      C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
      C:\Program Files\EnGenius\11n USB Wireless LAN Utility\RtlService.exe
      C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
      C:\Windows\system32\taskhost.exe
      C:\Program Files\EnGenius\11n USB Wireless LAN Utility\RtWlan.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
      C:\Program Files\Edimax\Common\RaRegistry.exe
      C:\Program Files\Secunia\PSI\PSIA.exe
      C:\Program Files\AVG\AVG2015\avgui.exe
      C:\Program Files\Secunia\PSI\psi_tray.exe
      C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      C:\Windows\system32\NOTEPAD.EXE
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      C:\Windows\system32\ctfmon.exe
      C:\Program Files\AVG\AVG2015\avgnsx.exe
      C:\Program Files\AVG\AVG2015\avgemcx.exe
      C:\Program Files\Secunia\PSI\sua.exe
      C:\Program Files\Google\Chrome\Application\chrome.exe
      C:\Program Files\Google\Chrome\Application\chrome.exe
      C:\Program Files\Google\Chrome\Application\chrome.exe
      C:\Windows\system32\sppsvc.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Windows\system32\conhost.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k GPSvcGroup
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Windows\System32\svchost.exe -k LocalServicePeerNet
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = www.google.com
      BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office 15\root\office15\ochelper.dll
      BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
      BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
      BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office 15\root\office15\grooveex.dll
      TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
      EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
      mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
      StartupFolder: c:\users\gebrui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\find.lnk - c:\users\gebruiker\appdata\roaming\microsoft\windows\ieupdate\find.exe
      StartupFolder: c:\users\gebrui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\label.lnk - c:\users\gebruiker\appdata\roaming\microsoft\windows\ieupdate\label.exe
      StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
      uPolicies-Explorer: NoDrives = dword:0
      mPolicies-Explorer: NoDrives = dword:0
      mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
      mPolicies-System: ConsentPromptBehaviorUser = dword:3
      mPolicies-System: EnableUIADesktopToggle = dword:0
      IE: E&xport to Microsoft Excel - c:\program files\microsoft office 15\root\office15\EXCEL.EXE/3000
      IE: E&xporteren naar Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
      IE: Se&nd to OneNote - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll/105
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 15\root\office15\onbttnie.dll
      IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office 15\root\office15\ochelper.dll
      IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 15\root\office15\ONBttnIELinkedNotes.dll
      IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
      TCP: NameServer = 62.179.104.196 213.46.228.196
      TCP: Interfaces\{5EA22210-6468-403A-888D-FDBD341E4DFC} : DHCPNameServer = 62.179.104.196 213.46.228.196
      TCP: Interfaces\{5EA22210-6468-403A-888D-FDBD341E4DFC}\6727F6D616E6370223 : DHCPNameServer = 192.168.1.1
      TCP: Interfaces\{5EA22210-6468-403A-888D-FDBD341E4DFC}\B405E40264F6E6 : DHCPNameServer = 194.151.228.2 194.151.228.18
      TCP: Interfaces\{DC4E46AD-AD2C-49C2-A4E5-9DEC2D95C640} : DHCPNameServer = 192.168.1.1
      TCP: Interfaces\{DC4E46AD-AD2C-49C2-A4E5-9DEC2D95C640}\4505D2C494E4B4F5531363346414 : DHCPNameServer = 192.168.1.1
      TCP: Interfaces\{DC4E46AD-AD2C-49C2-A4E5-9DEC2D95C640}\4656661657C647 : DHCPNameServer = 192.168.2.1
      Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office 15\root\office15\MSOSB.DLL
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
      mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.104\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-18 147736]
      R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
      R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-10-5 98584]
      R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
      R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-1 13560]
      R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
      R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-10-7 213272]
      R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
      R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-28 192792]
      R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-10-10 200984]
      R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
      R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-10-16 3487248]
      R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-10-16 298080]
      R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
      R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
      R2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\microsoft office 15\clientx86\officeclicktorun.exe [2014-9-10 1669296]
      R2 EnGenius11nSU;EnGenius11nSU;c:\program files\engenius\11n usb wireless lan utility\RtlService.exe [2013-12-19 45056]
      R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-10-26 1871160]
      R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\nitro\reader 3\NitroPDFReaderDriverService3.exe [2013-3-26 196624]
      R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\edimax\common\RaRegistry.exe [2012-1-7 185632]
      R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-7-25 1326176]
      R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-7-25 681056]
      R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2014-9-10 413128]
      R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-8-27 93072]
      R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2013-1-24 544688]
      R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-10-26 23256]
      R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
      R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2014-1-14 211160]
      R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2014-1-3 602216]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
      S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-10-26 968504]
      S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
      S3 acsock;acsock;c:\windows\system32\drivers\acsock.sys [2013-1-24 92112]
      S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
      S3 btmhsf;btmhsf;c:\windows\system32\drivers\btmhsf.sys [2011-7-19 225280]
      S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-9-5 43368]
      S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\drivers\iBtFltCoex.sys [2011-7-20 47104]
      S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-10-16 108032]
      S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2012-3-2 21504]
      S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-10-26 114904]
      S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-10-26 51928]
      S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2012-1-7 746496]
      S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-9-10 14848]
      S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-5-10 49152]
      S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-27 1343400]
      .
      =============== File Associations ===============
      .
      FileExt: .js: JSFile=c:\windows\system32\WScript.exe "%1" %* [UserChoice]
      .
      =============== Created Last 30 ================
      .
      2014-10-27 08:46:55 -------- d-----w- C:\AdwCleaner
      2014-10-26 00:29:32 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
      2014-10-26 00:28:16 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
      2014-10-26 00:28:16 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
      2014-10-26 00:28:16 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
      2014-10-26 00:28:15 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
      2014-10-26 00:26:16 -------- d-----w- c:\users\gebruiker\appdata\roaming\AVG2015
      2014-10-26 00:24:53 -------- d--h--w- C:\$AVG
      2014-10-26 00:24:53 -------- d-----w- c:\programdata\AVG2015
      2014-10-26 00:19:56 -------- d-----w- c:\users\gebruiker\appdata\local\Avg2015
      2014-10-23 19:15:27 1828352 ----a-w- c:\programdata\microsoft\secure\icons\IconsCacheHelper.dll
      2014-10-16 22:59:34 230912 ----a-w- c:\windows\system32\generaltel.dll
      2014-10-16 22:58:59 372736 ----a-w- c:\windows\system32\rastls.dll
      2014-10-10 13:13:58 200984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
      2014-10-07 19:39:28 213272 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
      2014-10-01 09:49:58 519680 ----a-w- c:\windows\system32\qdvd.dll
      .
      ==================== Find3M ====================
      .
      2014-10-10 01:44:35 396288 ----a-w- c:\windows\system32\aepdu.dll
      2014-10-10 01:39:38 302592 ----a-w- c:\windows\system32\aeinv.dll
      2014-09-29 00:41:36 2379264 ----a-w- c:\windows\system32\win32k.sys
      2014-09-25 22:32:04 2017280 ----a-w- c:\windows\system32\inetcpl.cpl
      2014-09-19 01:25:12 4201472 ----a-w- c:\windows\system32\jscript9.dll
      2014-09-19 01:14:57 2724864 ----a-w- c:\windows\system32\mshtml.tlb
      2014-09-19 01:14:44 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
      2014-09-19 01:02:07 454656 ----a-w- c:\windows\system32\vbscript.dll
      2014-09-19 01:01:47 61952 ----a-w- c:\windows\system32\iesetup.dll
      2014-09-19 01:01:03 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
      2014-09-19 00:59:40 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
      2014-09-19 00:50:16 112128 ----a-w- c:\windows\system32\ieUnatt.exe
      2014-09-19 00:50:15 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
      2014-09-19 00:49:31 597504 ----a-w- c:\windows\system32\jscript9diag.dll
      2014-09-19 00:44:23 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
      2014-09-19 00:36:23 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
      2014-09-19 00:18:55 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
      2014-09-18 23:59:11 1810944 ----a-w- c:\windows\system32\wininet.dll
      2014-09-18 01:32:52 2363904 ----a-w- c:\windows\system32\msi.dll
      2014-09-13 01:40:05 67072 ----a-w- c:\windows\system32\packager.dll
      2014-09-11 01:00:00 505416 ----a-w- c:\windows\system32\msvcp71.dll
      2014-09-11 01:00:00 353864 ----a-w- c:\windows\system32\msvcr71.dll
      2014-09-09 21:47:10 2048 ----a-w- c:\windows\system32\tzres.dll
      2014-09-05 01:52:41 5703168 ----a-w- c:\windows\system32\mstscax.dll
      2014-08-29 01:44:52 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
      2014-08-28 19:43:36 192792 ----a-w- c:\windows\system32\drivers\avgldx86.sys
      2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
      2014-08-19 20:15:42 15296456 ----a-w- c:\windows\system32\nvcompiler.dll
      2014-08-19 20:15:38 68384 ----a-w- c:\windows\system32\nvapo32v.dll
      2014-08-19 20:15:36 2814656 ----a-w- c:\windows\system32\nvapi.dll
      2014-08-19 02:41:38 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
      2014-08-19 02:41:22 50688 ----a-w- c:\windows\system32\appidapi.dll
      2014-08-19 02:41:22 27648 ----a-w- c:\windows\system32\appidsvc.dll
      2014-08-19 02:40:49 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
      2014-08-19 02:40:49 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
      2014-08-19 01:48:34 50176 ----a-w- c:\windows\system32\drivers\appid.sys
      2014-08-01 11:35:06 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
      .
      ============= FINISH: 10:35:12,31 ===============


      Gmer laat zich niet volledig draaien, ik krijg de melding p4fhl7ed.exe (als voorbeeld) werkt niet meer. programma afsluiten.

      Ook geen half logje dus
      groetjes, Hein

      Comment


      • #4
        Ik zie niets abnormaals in je logs.
        Zijn er nog problemen?
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Sinds ik gistern mbam en avg2015 ververst heb niet meer.
          Dank je voor je hulp.
          groetjes, Hein

          Comment


          • #6
            Download of Update Ccleaner

            Start CCleaner op.
            • Run Ccleaner en klik in de linkse kolom op Opties
            • Selecteer het tabblad Geavanceerd
            • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
            • Selecteer het tabblad Instellingen
            • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
            • Klik in de linkse kolom op Cleaner.
            • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
            • Klik vervolgens in de linkse kolom op Register
            • Klik op Scan naar problemen.
            • Op de vraag of je een backup wil maken van het register, klik je "Ja".
            • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK



            1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

            2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

            Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

            3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

            4) Allerlei tips en hints kan je hier raadplegen.


            Ik zet het topic op opgelost.

            Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
            naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
            Dit is gedaan om het forum netjes en overzichtelijk te houden.

            Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



            Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

            Emphyrio
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment

            Sorry, you are not authorized to view this page
            Working...
            X