Mededeling

Collapse
No announcement yet.

trojan.simda

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • trojan.simda

    Toch weer elke dag een melding van Mbam over de trojan.simda ( ook avg 2015 detecteert deze )

    Dus toch maar weer alle gevraagde logs...

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 5-11-2014
    Scantijd: 11:51:04
    Logbestand: mbamlog2.txt
    Beheerder: Ja

    Versie: 2.00.3.1025
    Malwaredatabase: v2014.11.05.04
    Rootkitdatabase: v2014.11.01.02
    Licentie: Gratis
    Malwarebescherming: Uitgeschakeld
    Kwaadaardige Website Bescherming: Uitgeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x86
    Bestandssysteem: NTFS
    Gebruiker: Gebruiker

    Scantype: Aangepaste Scan
    Resultaat: Voltooid
    Objecten Gescand: 426804
    Verstreken Tijd: 1 u, 44 m, 38 s

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Uitgeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerwaardes: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Mappen: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestanden: 1
    Trojan.Simda, C:\ProgramData\Microsoft\Secure\Icons\temp\tmpA1B0.exe, In Quarantaine, [69bf61d7f08cee489b20756812efa25e],

    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)

    # AdwCleaner v3.311 - Rapport aangemaakt 05/11/2014 op 13:49:56
    # Laatste Update 30/09/2014 door Xplode
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Gebruikersnaam : Gebruiker - VROMANS
    # Gestart vanuit : D:\documenten\Downloads\adwcleaner_3.311.exe
    # Optie : Verwijderen

    ***** [ Services ] *****


    ***** [ Bestanden / Mappen ] *****


    ***** [ Taken ] *****


    ***** [ Snelkoppelingen ] *****


    ***** [ Register ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17344


    -\\ Google Chrome v38.0.2125.111

    [ Bestand : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R7].txt - [5273 octets] - [27/10/2014 09:47:02]
    AdwCleaner[R8].txt - [891 octets] - [27/10/2014 10:23:30]
    AdwCleaner[R9].txt - [1076 octets] - [05/11/2014 13:46:31]
    AdwCleaner[S6].txt - [6031 octets] - [27/10/2014 09:56:09]
    AdwCleaner[S7].txt - [947 octets] - [27/10/2014 10:27:39]
    AdwCleaner[S8].txt - [1002 octets] - [05/11/2014 13:49:56]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [1062 octets] ##########


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 11.0.9600.17344
    Run by Gebruiker at 13:57:51 on 2014-11-05
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3455.1810 [GMT 1:00]
    .
    AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ================
    .
    c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
    C:\Program Files\AVG\AVG2015\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\AVG\AVG2015\avgidsagent.exe
    C:\Program Files\AVG\AVG2015\avgwdsvc.exe
    C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
    C:\Program Files\EnGenius\11n USB Wireless LAN Utility\RtlService.exe
    C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
    C:\Program Files\Edimax\Common\RaRegistry.exe
    C:\Program Files\EnGenius\11n USB Wireless LAN Utility\RtWlan.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\AVG\AVG2015\avgui.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\AVG\AVG2015\avgnsx.exe
    C:\Program Files\AVG\AVG2015\avgemcx.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.com
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office 15\root\office15\ochelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office 15\root\office15\grooveex.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\program files\microsoft office 15\root\office15\EXCEL.EXE/3000
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 15\root\office15\onbttnie.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office 15\root\office15\ochelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 15\root\office15\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 62.179.104.196 213.46.228.196
    TCP: Interfaces\{5EA22210-6468-403A-888D-FDBD341E4DFC} : DHCPNameServer = 62.179.104.196 213.46.228.196
    TCP: Interfaces\{5EA22210-6468-403A-888D-FDBD341E4DFC}\6727F6D616E6370223 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{5EA22210-6468-403A-888D-FDBD341E4DFC}\B405E40264F6E6 : DHCPNameServer = 194.151.228.2 194.151.228.18
    TCP: Interfaces\{DC4E46AD-AD2C-49C2-A4E5-9DEC2D95C640} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{DC4E46AD-AD2C-49C2-A4E5-9DEC2D95C640}\4505D2C494E4B4F5531363346414 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{DC4E46AD-AD2C-49C2-A4E5-9DEC2D95C640}\4656661657C647 : DHCPNameServer = 192.168.2.1
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office 15\root\office15\MSOSB.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-18 147736]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-10-5 98584]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
    R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-1 13560]
    R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-10-7 213272]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-28 192792]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-10-10 200984]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-10-16 3487248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-10-16 298080]
    R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
    R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
    R2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\microsoft office 15\clientx86\officeclicktorun.exe [2014-9-10 1669296]
    R2 EnGenius11nSU;EnGenius11nSU;c:\program files\engenius\11n usb wireless lan utility\RtlService.exe [2013-12-19 45056]
    R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\nitro\reader 3\NitroPDFReaderDriverService3.exe [2013-3-26 196624]
    R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\edimax\common\RaRegistry.exe [2012-1-7 185632]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-7-25 1326176]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-7-25 681056]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2014-9-10 413128]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-8-27 93072]
    R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2013-1-24 544688]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2014-1-14 211160]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2014-1-3 602216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
    S3 acsock;acsock;c:\windows\system32\drivers\acsock.sys [2013-1-24 92112]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 btmhsf;btmhsf;c:\windows\system32\drivers\btmhsf.sys [2011-7-19 225280]
    S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-9-5 43368]
    S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\drivers\iBtFltCoex.sys [2011-7-20 47104]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-10-16 108032]
    S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2012-3-2 21504]
    S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2012-1-7 746496]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-9-10 14848]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-5-10 49152]
    S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-27 1343400]
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=c:\windows\system32\WScript.exe "%1" %* [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2014-11-05 12:48:25 536576 ----a-w- c:\windows\system32\sqlite3.dll
    2014-10-31 15:54:45 -------- d-----w- c:\programdata\Licenses
    2014-10-31 15:54:40 -------- d-----w- c:\program files\SpywareBlaster
    2014-10-28 12:52:01 -------- d-----w- c:\users\gebruiker\appdata\local\Ebtion
    2014-10-28 12:45:25 -------- d-----w- c:\users\gebruiker\appdata\local\Ummedia
    2014-10-27 08:46:55 -------- d-----w- C:\AdwCleaner
    2014-10-26 00:29:32 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-10-26 00:28:16 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-10-26 00:28:16 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-10-26 00:28:16 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-10-26 00:28:15 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-10-26 00:26:16 -------- d-----w- c:\users\gebruiker\appdata\roaming\AVG2015
    2014-10-26 00:24:53 -------- d--h--w- C:\$AVG
    2014-10-26 00:24:53 -------- d-----w- c:\programdata\AVG2015
    2014-10-26 00:19:56 -------- d-----w- c:\users\gebruiker\appdata\local\Avg2015
    2014-10-23 19:15:27 1828352 ----a-w- c:\programdata\microsoft\secure\icons\IconsCacheHelper.dll
    2014-10-16 22:59:34 230912 ----a-w- c:\windows\system32\generaltel.dll
    2014-10-16 22:58:59 372736 ----a-w- c:\windows\system32\rastls.dll
    2014-10-10 13:13:58 200984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2014-10-07 19:39:28 213272 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    .
    ==================== Find3M ====================
    .
    2014-10-10 01:44:35 396288 ----a-w- c:\windows\system32\aepdu.dll
    2014-10-10 01:39:38 302592 ----a-w- c:\windows\system32\aeinv.dll
    2014-09-29 00:41:36 2379264 ----a-w- c:\windows\system32\win32k.sys
    2014-09-25 22:32:04 2017280 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-09-25 01:40:50 519680 ----a-w- c:\windows\system32\qdvd.dll
    2014-09-19 01:25:12 4201472 ----a-w- c:\windows\system32\jscript9.dll
    2014-09-19 01:14:57 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-09-19 01:14:44 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-09-19 01:02:07 454656 ----a-w- c:\windows\system32\vbscript.dll
    2014-09-19 01:01:47 61952 ----a-w- c:\windows\system32\iesetup.dll
    2014-09-19 01:01:03 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-09-19 00:59:40 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-09-19 00:50:16 112128 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-09-19 00:50:15 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-09-19 00:49:31 597504 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-09-19 00:44:23 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-09-19 00:36:23 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-09-19 00:18:55 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-09-18 23:59:11 1810944 ----a-w- c:\windows\system32\wininet.dll
    2014-09-18 01:32:52 2363904 ----a-w- c:\windows\system32\msi.dll
    2014-09-13 01:40:05 67072 ----a-w- c:\windows\system32\packager.dll
    2014-09-11 01:00:00 505416 ----a-w- c:\windows\system32\msvcp71.dll
    2014-09-11 01:00:00 353864 ----a-w- c:\windows\system32\msvcr71.dll
    2014-09-09 21:47:10 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-09-05 01:52:41 5703168 ----a-w- c:\windows\system32\mstscax.dll
    2014-08-29 01:44:52 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
    2014-08-28 19:43:36 192792 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
    2014-08-19 20:15:42 15296456 ----a-w- c:\windows\system32\nvcompiler.dll
    2014-08-19 20:15:38 68384 ----a-w- c:\windows\system32\nvapo32v.dll
    2014-08-19 20:15:36 2814656 ----a-w- c:\windows\system32\nvapi.dll
    2014-08-19 02:41:38 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
    2014-08-19 02:41:22 50688 ----a-w- c:\windows\system32\appidapi.dll
    2014-08-19 02:41:22 27648 ----a-w- c:\windows\system32\appidsvc.dll
    2014-08-19 02:40:49 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
    2014-08-19 02:40:49 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
    2014-08-19 01:48:34 50176 ----a-w- c:\windows\system32\drivers\appid.sys
    .
    ============= FINISH: 13:59:02,01 ===============


    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-11-05 14:18:00
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 SAMSUNG_HD103UJ rev.1AA01118 931,51GB
    Running: kik3iozt.exe; Driver: C:\Users\GEBRUI~1\AppData\Local\Temp\uxtdypoc.sys


    ---- System - GMER 2.1 ----

    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x924606E0]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x92460800]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x92460010]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x924604D0]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x92460300]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x924603E0]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x92460120]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x92460210]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x924605E0]

    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83444A35 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8347E392 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1357 8348583C 8 Bytes [E0, 06, 46, 92, 00, 08, 46, ...] {LOOPNZ 0x8; INC ESI; XCHG EDX, EAX; ADD [EAX], CL; INC ESI; XCHG EDX, EAX}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 139F 83485884 4 Bytes [10, 00, 46, 92] {ADC [EAX], AL; INC ESI; XCHG EDX, EAX}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 13BF 834858A4 4 Bytes [D0, 04, 46, 92] {ROL BYTE [ESI+EAX*2], 0x1; XCHG EDX, EAX}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 165F 83485B44 8 Bytes [00, 03, 46, 92, E0, 03, 46, ...] {ADD [EBX], AL; INC ESI; XCHG EDX, EAX; LOOPNZ 0x9; INC ESI; XCHG EDX, EAX}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 166F 83485B54 8 Bytes [20, 01, 46, 92, 10, 02, 46, ...] {AND [ECX], AL; INC ESI; XCHG EDX, EAX; ADC [EDX], AL; INC ESI; XCHG EDX, EAX}
    .text ...
    ? C:\Users\GEBRUI~1\AppData\Local\Temp\mbr.sys Het systeem kan het opgegeven pad niet vinden. !

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd50332e
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x32 0x15 0x17 0xBA ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x97 0x5D 0x88 0x65 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x38 0x05 0x9D 0x05 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xFC 0xB4 0xAA 0xD5 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x43 0x2C 0x0E 0x62 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ????r?????????????.?????????s?????(??????B??82???????????_??????????????????????Modem???USB\VID_046D &PID_C52E&REV_1500&MI_00?USB\VID_046D&PID_C52E&MI_00????DiskDrive???????ap?????????????????s59????p? ?????s??cl??bthmodem????????COM46???????????USBSTOR?????Port_#0002.Hub_#0004?v?????????????????????? ????????????????????????????USB\Class_03&SubClass_01&Prot_01?USB\Class_03&SubClass_01?USB\Class_03?? ?????????????????????l?????????k????????????????????????.NTx86???????????????????????????????????3?? :*[email protected],%generic.mfg%;(Standaard USB Host Controller)[email protected],%generic.mfg%;(Standaard USB Host Controller)[email protected],%usb\root_hub20.devicedesc%;USB-hoofdhub???????D???????????????USB\VID_046D&PID_C52E&REV_1500?USB\VID_046D&PID_C52E?????l?m?n??????? k???????k?k?k???9??????????????????USB Receiver??????N???????????D?????{a43d11e3-3e20-11e3-a498-a80fd3b891f2}???????????????????????t??????????????????????????????????????????????? ??????ij???????????4???????????????????y?
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ?????????????????????_??{0583c0cb-2b2c-583a-bf55-1a1a71263fed}?5C6??????????????????Vimicro USB Camera (Altair)?e????????????????????????????????????????S?????sNe????????d????????????e????????????????? ??????????????????????????????????????????????????????.NT?????????????????????????????????????Specif ieke module voor Microsoft multipadapparaat????????????v???e??????????PNP Filter??s????????????????????????????????????????????b??as??????????????????????????????????USBSTOR\ Disk?USBSTOR\RAW????????????? l?????????????????????????????t ??Schijfstation???? ???????i?????15|???????????????????????????????????????????????????????????????????7???7???????????? ???h??????????????????Standaard seri?le verbinding via [email protected]\DRIVERS\BthEnum.sys,#1;Bluetooth-randapparaat?16??? p???????????????????&??????????????????/??????????????None????Standaard Modem via Bluetooth-verbinding?_??????bthenum\{00001103-0000-1000-8000-00805f9b34fb}????????????? ????????????????????????????t??7-19-2011???Standaard Modem via
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0xB5 0x95 0x3E 0xC9 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd50332e (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x32 0x15 0x17 0xBA ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x97 0x5D 0x88 0x65 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x38 0x05 0x9D 0x05 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xFC 0xB4 0xAA 0xD5 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x43 0x2C 0x0E 0x62 ...
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???i?p??nvsmu????{???????????z??system32\drivers\modem.sys????????????????<??i?????????e????system32 \DRIVERS\mouhid.sys?\mouhid.sys?????System32\drivers\mpsdrv.sys??????????u??Microsoft??????????????? t????????}?????????????????????i?????n?p?n???????????0???????????????????????t?t?t?????????????????? ??????P??i????????h?????\SystemRoot\system32\DRIVERS\lsi_fc.sys??????????z???i???????i??????p???SCSI Miniport?????P??i???????????d??lsi_fc.inf_x86_neutral_a7088f3644ca646a??????i?i?i?i?i?i????????????? ???t?????????????????????????????????????????R??i????????h?????\SystemRoot\system32\DRIVERS\lsi_sas. sys?1???????i??????p???SCSI Miniport?????R??i???????????d??lsi_sas.inf_x86_neutral_a4d6780f72cbd5b4?????i?i?i?i?i?i?i??????"???? ??g????????????????t?????????????????????????????????????????T??i????????h?????\SystemRoot\system32\ DRIVERS\lsi_sas2.sys????????i??????p???SCSI Miniport?????T??i???????????d??lsi_sas2.inf_x86_neutral_e12a5c4cfbe49204????i?i?i?i?i?i????????????? ???t?????????????????????????????????????????T??i?
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ???i?????n?p?n???????????0???????????????????????t?t?t????????????????????????P??i????????h?????\Sys temRoot\system32\DRIVERS\lsi_fc.sys??????????z???i???????i??????p???SCSI Miniport?????P??i???????????d??lsi_fc.inf_x86_neutral_a7088f3644ca646a??????i?i?i?i?i?i????????????? ???t?????????????????????????????????????????R??i????????h?????\SystemRoot\system32\DRIVERS\lsi_sas. sys?1???????i??????p???SCSI Miniport?????R??i???????????d??lsi_sas.inf_x86_neutral_a4d6780f72cbd5b4?????i?i?i?i?i?i?i??????"???? ??g????????????????t?????????????????????????????????????????T??i????????h?????\SystemRoot\system32\ DRIVERS\lsi_sas2.sys????????i??????p???SCSI Miniport?????T??i???????????d??lsi_sas2.inf_x86_neutral_e12a5c4cfbe49204????i?i?i?i?i?i????????????? ???t?????????????????????????????????????????T??i????????h?????\SystemRoot\system32\DRIVERS\lsi_scsi .sys????????i??????p???SCSI Miniport?????T??i???????????d??lsi_scsi.inf_x86_neutral_cfbbf0b0b66ba280????i?i?i?i?i?i??????N??i??? ?????h??????????j??????p????????i??????????.NT????
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0xB5 0x95 0x3E 0xC9 ...

    ---- EOF - GMER 2.1 ----



    alvast dank!
    groetjes, Hein

  • #2
    Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
    Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
    (hier en hier) kan je lezen hoe je dat doet.

    Download Zoek.exe naar het bureaublad (klik hier voor meer informatie over hoe zoek.exe te gebruiken)
    • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
    • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkwaardig probleem.
      Code:
      emptyclsid;
      emptyfolderscheck;
      firefoxlook; 
      Chromelook; 
      CHRdefaults;
      autoclean; 
      iedefaults; 
      filesrcm;  
      startupall;
    • Klik nu op de knop "Run script".
    • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
    • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
    • Post het geopende logje in het volgende bericht als bijlage.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      hier het zoek log


      Zoek.exe v5.0.0.0 Updated 05-November-2014
      Tool run by Gebruiker on do 06-11-2014 at 0:55:18,80.
      Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
      Running in: Normal Mode Internet Access Detected
      Launched: D:\documenten\Downloads\zoek.exe [Scan all users] [Script inserted]

      ==== System Restore Info ======================

      6-11-2014 0:57:25 Zoek.exe System Restore Point Created Succesfully.

      ==== Empty Folders Check ======================

      C:\Program Files\CyberLink
      C:\Program Files\Futuremark
      C:\Program Files\Java
      C:\PROGRA~2\CanonEPP
      C:\PROGRA~2\CanonIJEPPEX2
      C:\Users\Gebruiker\AppData\Roaming\Malwarebytes
      C:\Users\Gebruiker\AppData\Roaming\Media Player Classic
      C:\Users\Gebruiker\AppData\Local\Screentime
      C:\Users\Gebruiker\AppData\Local\Secunia PSI
      C:\Users\Gebruiker\AppData\Local\Torrents Downloader
      C:\Users\Gebruiker\AppData\Local\uTorrent

      ==== Deleting CLSID Registry Keys ======================

      HKEY_USERS\S-1-5-21-1278309641-2164528218-3882550065-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DEF6F6BA-47AD-4862-A307-A5A140EF1F5B} deleted successfully

      ==== Deleting CLSID Registry Values ======================


      ==== Deleting Services ======================


      ==== Deleting Files \ Folders ======================

      C:\Users\Gebruiker\AppData\Roaming\WB.CFG deleted
      C:\Users\Gebruiker\AppData\Roaming\sparta111 deleted
      C:\PROGRA~2\ProductData deleted
      C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
      C:\Windows\system32\tasks\0814avUpdateInfo deleted
      C:\Windows\system32\config\systemprofile\Searches deleted
      C:\Windows\System32\AI_RecycleBin deleted

      ==== Files Recently Created / Modified ======================

      ====== C:\Windows ====
      ====== C:\Users\GEBRUI~1\AppData\Local\Temp ====
      2014-11-05 12:44:20 C17103AE9072A06DA581DEC998343FC1 11264 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\nsc282A.tmp\System.dll
      2014-11-05 12:44:20 7579ADE7AE1747A31960A228CE02E666 4096 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\nsc282A.tmp\UserInfo.dll
      ====== Java Cache =====
      ====== C:\Windows\system32 =====
      2014-11-05 12:48:25 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\System32\sqlite3.dll
      ====== C:\Windows\system32\drivers =====
      2014-10-26 00:29:32 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
      2014-10-26 00:28:16 E89B115E1DD297DCB694B22CFA90BF61 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
      2014-10-26 00:28:16 D2DED3C333A5D9CB3F4C244B0F0DD877 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
      2014-10-26 00:28:16 7A6526C8BD114DB7CA8930AB22D52A0B 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys
      2014-10-17 01:49:10 344D1FA0438A967F1A2BAA42C86D6E19 593920 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
      2014-10-17 01:49:04 E499E422412EF37576092A52648DB2B4 50176 ----a-w- C:\Windows\System32\drivers\appid.sys
      2014-10-16 22:58:36 CD9214A6AE17D188D17C3CF8CB9CC693 184320 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
      2014-10-16 22:58:36 6C5139E4283249518F7743D7043775B3 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
      2014-10-10 13:13:58 5A22A7A67BFB67D3223B7A339FC97780 200984 ----a-w- C:\Windows\System32\drivers\avgtdix.sys
      2014-10-07 19:39:28 0530FFFE9162A3637A0404ECCCB7E739 213272 ----a-w- C:\Windows\System32\drivers\avgidsdriverx.sys
      ====== C:\Windows\Tasks ======
      ====== C:\Windows\Temp ======
      ======= C:\Program Files =====
      2014-10-31 15:54:40 -------- d-----w- C:\Program Files\SpywareBlaster
      ======= C: =====
      ====== C:\Users\Gebruiker\AppData\Roaming ======
      2014-10-28 12:52:01 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Ebtion
      2014-10-28 12:45:25 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Ummedia
      2014-10-26 00:26:16 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\AVG2015
      2014-10-26 00:26:06 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG2015
      2014-10-26 00:24:19 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Avg2015
      2014-10-26 00:19:56 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Avg2015
      2014-10-19 01:03:13 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Avg
      ====== C:\Users\Gebruiker ======
      2014-11-05 10:46:23 F7C5B5C74D69EEA3549E3C6A8FD859B0 20 ----a-w- C:\Users\Gebruiker\defogger_reenable
      2014-10-31 15:54:45 -------- d-----w- C:\ProgramData\Licenses
      2014-10-31 15:54:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
      2014-10-31 11:41:22 -------- d-----w- C:\Users\Gebruiker\Start Menu
      2014-10-26 00:25:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
      2014-10-26 00:24:53 -------- d-----w- C:\ProgramData\AVG2015

      ====== C: exe-files ==
      2014-10-31 15:54:40 BE2EE9C219B016AEC95F604FBFFEE171 2115192 ----a-w- C:\Program Files\SpywareBlaster\sbautoupdate.exe
      2014-10-31 15:54:40 AE13FB6BD8086465217F6A063EC3FCC3 715038 ----a-w- C:\Program Files\SpywareBlaster\unins000.exe
      2014-10-31 15:54:40 1BE8001D5C4EEE56A97980CD6987EB40 2557544 ----a-w- C:\Program Files\SpywareBlaster\spywareblaster.exe
      2014-10-31 15:54:40 0EED9CD892F88435BFD1AE41EF6ED60D 119976 ----a-w- C:\Program Files\SpywareBlaster\sburlhelper.exe
      2014-10-31 00:52:45 697D1E5E6452171F0B9FE3849889BC90 1385808 ----a-w- C:\Users\Gebruiker\AppData\Roaming\uTorrent\updates\3.4.2_34944.exe
      === C: other files ==

      ==== Startup Registry Enabled ======================

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "AVG_UI"="C:\Program Files\AVG\AVG2015\avgui.exe /TRAYONLY"

      ==== Startup Registry Disabled ======================

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]
      "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
      "item"="TomTomHOME.exe"
      "hkey"="HKCU"
      "command"="\"C:\\Program Files\\TomTom HOME 2\\TomTomHOMERunner.exe\""


      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
      "ConnectionCenter"="\"C:\\Program Files\\Citrix\\ICA Client\\concentr.exe\" /startup"


      ==== Startup Folders ======================

      2013-09-05 21:05:55 824 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

      ==== Task Scheduler Jobs ======================

      C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08-03-2013 02:16]
      C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08-03-2013 02:16]

      ==== Other Scheduled Tasks ======================

      "C:\Windows\system32\tasks\Ad-Aware Antivirus Scheduled Scan" [C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe]
      "C:\Windows\system32\tasks\Ad-Aware Update (Weekly)" [C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe]
      "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
      "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
      "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
      "C:\Windows\system32\tasks\Real Player-online actualiseringsprogramma" [c:\program files\real\realplayer\Update\realsched.exe]
      "C:\Windows\system32\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1278309641-2164528218-3882550065-1000" [C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe]
      "C:\Windows\system32\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1278309641-2164528218-3882550065-1000" [C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe]
      "C:\Windows\system32\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1278309641-2164528218-3882550065-1000" [C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe]
      "C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1278309641-2164528218-3882550065-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
      "C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1278309641-2164528218-3882550065-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
      "C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-1278309641-2164528218-3882550065-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
      "C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-1278309641-2164528218-3882550065-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
      "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
      "C:\Windows\system32\tasks\{13BBD8F6-0EA0-4B56-A58D-BCD6F1F04801}" [C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareDesktop.exe]
      "C:\Windows\system32\tasks\{22F3B14C-937B-490C-8893-ED761AFA8AC1}" [C:\Program Files\AppieSoft\AsKlaver\AsKlaver.EXE]
      "C:\Windows\system32\tasks\{3042EC54-3CF7-4E19-B6AE-233C9F5C5CBD}" [C:\Program Files\MRU-Blaster\mrublaster.exe]
      "C:\Windows\system32\tasks\{9D38323C-9EF3-4FDA-A250-846FFB5FBA60}" [C:\Program Files\MRU-Blaster\mrublaster.exe]
      "C:\Windows\system32\tasks\NCH Swift Sound\switchShakeIcon" [C:\Program Files\NCH Swift Sound\Switch\Switch.exe]
      "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

      ==== Firefox Extensions ======================

      ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\TomTom\HOME\Profiles\ccsnpc22.default
      - Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\[email protected]
      - TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\[email protected]
      - Emulator - %ProfilePath%\extensions\[email protected]
      - Emulator - %ProfilePath%\extensions\[email protected]

      ==== Firefox Plugins ======================


      ==== Chromium Look ======================

      HTTPS Everywhere - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp
      Google Wallet - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

      ==== Set IE to Default ======================

      Old Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      No DefaultScope Set For HKCU

      New Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

      ==== All HKCU SearchScopes ======================

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
      {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
      {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
      {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}"

      ==== Reset Google Chrome ======================

      C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
      C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

      ==== Deleting Registry Keys ======================

      HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully

      ==== Empty IE Cache ======================

      C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
      C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

      ==== Empty FireFox Cache ======================

      No FireFox Profiles found

      ==== Empty Chrome Cache ======================

      C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

      ==== Empty All Flash Cache ======================

      Flash Cache Emptied Successfully

      ==== Empty All Java Cache ======================

      Java Cache cleared successfully

      ==== C:\zoek_backup content ======================

      C:\zoek_backup (files=8 folders=12 19205 bytes)

      ==== Empty Temp Folders ======================

      C:\Users\Default\AppData\Local\temp emptied successfully
      C:\Users\Default User\AppData\Local\temp emptied successfully
      C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot
      C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
      C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
      C:\Windows\Temp will be emptied at reboot

      ==== After Reboot ======================

      ==== Empty Temp Folders ======================

      C:\Windows\Temp successfully emptied
      C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied

      ==== Empty Recycle Bin ======================

      C:\$RECYCLE.BIN successfully emptied

      ==== Deleting Files / Folders ======================

      "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

      ==== EOF on do 06-11-2014 at 1:36:53,70 ======================


      Dit is volgens mij niet als bijlage, maar waar vind ik die knop?
      groetjes, Hein

      Comment


      • #4
        Dan moet je op de antwoord knop drukken geavanceerd, dan krijg je opties.

        Vertel even hoe het nu gaat.

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          AVG 2015 vond Unknown c\program data\microsoft\secure\icons\temp\tmp 62A2.exe

          Ben MBAM aan het draaien maar dat duurt nogal lang
          groetjes, Hein

          Comment


          • #6
            MBAM is schoon ( 1 uur en 48 minuten voor de aangepaste scan).
            Ik sluit de sessie af en draai morgen na het opstarten (lees: straks) nogmaals MBAM...het gaat de goeie kant op
            groetjes, Hein

            Comment


            • #7
              prima.

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                Na het opstarten vanmiddag MBAM opnieuw gedraaid (aangepaste scan), nog altijd schoon.
                In elk geval dank je Juisterr.
                groetjes, Hein

                Comment


                • #9
                  Graag gedaan.

                  Windows 10 opstarten in Veilige Modus

                  Comment

                  Sorry, you are not authorized to view this page
                  Working...
                  X