redirected naar niet gevraagde websites

koenlenaers

04-09-2012 12:44

Hallo,
Sinds enkele weken worden mijn zoekresultaten uit google geredirect naar andere sites.Dit gebeurt zowel in explorer als in firefox.Mijn antivirusprogramma vond met een idle scan een trojan genaamd google_tool.zip. Deze werd zonder problemen verwijderd maar de problemen blijven.I dek dat de problemen begonnen zijn met het downloaded van een toolbar van google.nl.Het was niet de bedoeling deze te downloaden maar ik drukte te snel .Ik heb geen idee hoe ik het opgelost kan krijgen dus is het tijd voor de professionals. Het logje van hijackthis en MWB zijn begevoegd.
Hopelijk kunnen jullie me helpen.
Met dank,
Koen
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Databaseversie: v2012.09.04.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Koen Lenaers :: KOENLENAERS-PC
4/09/2012 12:14:14
mbam-log-2012-09-04 (12-14-14).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 216028
Verstreken tijd: 2 minuut/minuten, 54 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:01:36, on 4/09/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Koen Lenaers\AppData\Roaming\Spotify\spotify.exe
C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Overwolf\Overwolf.exe
C:\Users\Koen Lenaers\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Koen Lenaers\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe
C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AVKWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AVKWebIE.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe” /startup
O4 - HKLM\..\Run: C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe” /CHECKNOW
O4 - HKLM\..\Run: C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
O4 - HKLM\..\Run: H:\SPYWAREfighter\swprotray.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKLM\..\RunOnce: %WINDIR%\SMINST\VistaLauncher.exe
O4 - HKCU\..\Run: “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Program Files (x86)\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: “C:\Users\Koen Lenaers\AppData\Local\Google\Update\GoogleUpdate.exe” /c
O4 - HKCU\..\Run: C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: “C:\Users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe” /c /nocrashserver
O4 - HKCU\..\Run: “C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Spotify.exe” /uri spotify:autostart
O4 - HKCU\..\Run: “C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe”
O4 - HKCU\..\Run: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Startup: Dropbox.lnk = Koen Lenaers\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Facebook Messenger.lnk = Koen Lenaers\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra ‘Tools’ menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.isabel.be
O15 - Trusted Zone: *.kbc.be
O15 - Trusted Zone: *.kbcgroup.eu
O15 - Trusted Zone: http://cbc-pdf.cbc.be (HKLM)
O15 - Trusted Zone: http://static.cbc.be (HKLM)
O15 - Trusted Zone: http://www.isabel.be (HKLM)
O15 - Trusted Zone: http://upgrade.isabel.eu (HKLM)
O15 - Trusted Zone: http://www.isabel.eu (HKLM)
O15 - Trusted Zone: http://kbc-pdf.kbc.be (HKLM)
O15 - Trusted Zone: http://static.kbc.be (HKLM)
O15 - Trusted Zone: http://www.kbcam.be (HKLM)
O15 - Trusted Zone: http://www.kbcam.com (HKLM)
O15 - Trusted Zone: http://www.kbcmerchantbanking.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
O23 - Service: AV Watch Service - Preventon Technologies Limited - C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Drobo Dashboard Service (DDService) - Data Robotics, Inc. - C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Suite Service - Unknown owner - C:\Program Files (x86)\Fighters\FighterSuiteService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 17112 bytes
Ben

04-09-2012 13:27

Hallo,
Download AdwCleaner by Xplode naar je Bureaublad.
Sluit alle openstaande vensters
Start AdwCleaner
Windows 7 en Windows Vista gebruikers:
Rechtsklik op adwcleaner.exe -> Uitvoeren als Administrator om AdwCleaner te starten.
Klik vervolgens op Delete
Klik bij AdwCleaner – Information op OK
Klik bij AdwCleaner – Restart Required op OK
Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner.txt ) post de inhoud in een volgende bericht.
Als je Startpagina ook gehijackt was, stel deze dan opnieuw in ,deze wordt namelijk standaard door AdwCleaner terug gezet naar Google.
Gr.Ben
Antivirusprikbord.nl
koen lenaers

04-09-2012 15:07

Hallo Ben,heb je advies opgevolgd,enkel het logje kan ik niet meer plaatsten,ik deed ctrl a en ipv van ctr c deed ik control v.logje weg
Ik zag wel dat het progje 3 dingen heeft verwijdered.Alvast bedankt voor de hulp
Ben

04-09-2012 15:11

Hallo,
Staat hij hier ook niet meer C:\ AdwCleaner.txt ?
Gr.Ben
Antivirusprikbord.nl
koen lenaers

04-09-2012 15:30

Nee,door het terugopstarten was mijn virusscanner terug actief en verwijderde het progje,ik heb nog eens een scan gedaan maar hier ben je waarschijnlijk niet veel me.I explorer krijg ik wel nog altijd een alert van G DATA over unknown mallware
# AdwCleaner v2.000 - Verslag gemaakt op 09/04/2012 om 15:21:31
# Geactualiseerd op 30/08/2012 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : Koen Lenaers - KOENLENAERS-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\hijackthis\adwcleaner.exe
# Optie
***** *****
***** *****
***** *****
***** *****
-\\ Internet Explorer v8.0.7601.17514
Het register bevat geen enkele ongeoorloofde invoer.
-\\ Mozilla Firefox v13.0.1 (nl)
Profielnaam : default
File : C:\Users\Koen Lenaers\AppData\Roaming\Mozilla\Firefox\Profiles\srncyjai.default\prefs.js
De file bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
Ben

04-09-2012 16:02

Hallo,
Dan gaan we verder kijken:
Download TDSSKStarter naar het bureaublad.
"TDSSKStarter.exe" gebruiken:
Sluit nu eerst alle nog openstaande programmavensters!
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met TDSSKStarter.exe
(hier of hier) kan je lezen hoe je dat doet.
Windows 2000 en Windows XP: start de tool middels dubbelklik op "TDSSKStarter.exe".
Windows Vista en Windows 7: start de tool middels rechtsklik op "TDSSKStarter.exe" en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.
Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.
DDS is een diagnosetool en maakt gebruik van scripts.
Schakel je beveiligings software uit voordat je DDS uitvoert!
Dubbelklik op DDS om de tool te starten.
Let op!!! Windows Vista & 7 gebruikers dienen dds.scr als administrator uit te voeren "klik met rechtermuisknop : uitvoeren als"
DDS zal 2 logfiles openen:
* DDS.txt
* Attach.txt
Een scherm vraagt je om beide logjes op te slaan omdat de logjes weg zullen zijn als je ze sluit.
Sla de logjes op bijvoorbeeld op je bureaublad of een andere plaats waar je ze makkelijk terug vind.
Post het DDS.txt logje met je volgende antwoord. De Attach.txt post je alleen wanneer ik hier om vraag.
Gr.Ben
Antivirusprikbord.nl
koen lenaers

04-09-2012 16:40

Hier de gevraagde logjes,DDS geeft me wel niet de mogelijkheid in admin uit te voeren,TDSSKstarter wel.
16:23:39.0205 2428 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:23:39.0205 2428 ============================================================
16:23:39.0205 2428 Current date / time: 2012/09/04 16:23:39.0205
16:23:39.0205 2428 SystemInfo:
16:23:39.0205 2428
16:23:39.0205 2428 OS Version: 6.1.7601 ServicePack: 1.0
16:23:39.0205 2428 Product type: Workstation
16:23:39.0205 2428 ComputerName: KOENLENAERS-PC
16:23:39.0205 2428 UserName: Koen Lenaers
16:23:39.0205 2428 Windows directory: C:\Windows
16:23:39.0205 2428 System windows directory: C:\Windows
16:23:39.0205 2428 Running under WOW64
16:23:39.0205 2428 Processor architecture: Intel x64
16:23:39.0205 2428 Number of processors: 4
16:23:39.0205 2428 Page size: 0x1000
16:23:39.0205 2428 Boot type: Normal boot
16:23:39.0205 2428 ============================================================
16:23:40.0359 2428 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000040
16:23:40.0375 2428 ============================================================
16:23:40.0375 2428 \Device\Harddisk0\DR0:
16:23:40.0390 2428 MBR partitions:
16:23:40.0390 2428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE05A000
16:23:40.0390 2428 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE05A800, BlocksNum 0x19A5800
16:23:40.0406 2428 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xFA00800, BlocksNum 0x4F200000
16:23:40.0422 2428 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x5EC01000, BlocksNum 0x4FE86000
16:23:40.0422 2428 ============================================================
16:23:40.0484 2428 C: <-> \Device\Harddisk0\DR0\Partition1
16:23:40.0531 2428 D: <-> \Device\Harddisk0\DR0\Partition3
16:23:40.0593 2428 E: <-> \Device\Harddisk0\DR0\Partition4
16:23:40.0640 2428 F: <-> \Device\Harddisk0\DR0\Partition2
16:23:40.0640 2428 ============================================================
16:23:40.0640 2428 Initialize success
16:23:40.0640 2428 ============================================================
16:23:40.0702 0860 ============================================================
16:23:40.0702 0860 Scan started
16:23:40.0702 0860 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
16:23:40.0702 0860 ============================================================
16:23:42.0044 0860 ================ Scan system memory ========================
16:23:42.0044 0860 ================ Scan services =============================
16:23:42.0184 0860 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:23:42.0309 0860 ACPI C:\Windows\system32\drivers\ACPI.sys
16:23:42.0325 0860 AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:23:42.0450 0860 ACSSCR C:\Windows\system32\DRIVERS\a38usb.sys
16:23:42.0621 0860 AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:23:42.0777 0860 AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:23:42.0824 0860 adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:23:42.0871 0860 adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:23:42.0902 0860 adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:23:42.0964 0860 AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:23:43.0167 0860 AFD C:\Windows\system32\drivers\afd.sys
16:23:43.0261 0860 agp440 C:\Windows\system32\drivers\agp440.sys
16:23:43.0308 0860 aksdf C:\Windows\system32\drivers\aksdf.sys
16:23:43.0464 0860 aksfridge C:\Windows\system32\drivers\aksfridge.sys
16:23:43.0510 0860 akshasp C:\Windows\system32\DRIVERS\akshasp.sys
16:23:43.0588 0860 aksusb C:\Windows\system32\DRIVERS\aksusb.sys
16:23:43.0682 0860 ALG C:\Windows\System32\alg.exe
16:23:43.0729 0860 aliide C:\Windows\system32\drivers\aliide.sys
16:23:43.0744 0860 amdide C:\Windows\system32\drivers\amdide.sys
16:23:43.0791 0860 AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:23:43.0854 0860 AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:23:43.0885 0860 amdsata C:\Windows\system32\drivers\amdsata.sys
16:23:43.0932 0860 amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:23:43.0963 0860 amdxata C:\Windows\system32\drivers\amdxata.sys
16:23:44.0025 0860 AppID C:\Windows\system32\drivers\appid.sys
16:23:44.0197 0860 AppIDSvc C:\Windows\System32\appidsvc.dll
16:23:44.0275 0860 Appinfo C:\Windows\System32\appinfo.dll
16:23:44.0400 0860 Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:23:44.0431 0860 arc C:\Windows\system32\DRIVERS\arc.sys
16:23:44.0462 0860 arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:23:44.0509 0860 AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:23:44.0587 0860 atapi C:\Windows\system32\drivers\atapi.sys
16:23:44.0758 0860 AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:23:44.0852 0860 AudioSrv C:\Windows\System32\Audiosrv.dll
16:23:45.0008 0860 AV Engine Scanning Service C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
16:23:45.0055 0860 AV Watch Service C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe
16:23:45.0133 0860 AVFSFilter C:\Windows\system32\DRIVERS\avfsfilter.sys
16:23:45.0289 0860 AVKProxy C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
16:23:45.0398 0860 AVKService C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
16:23:45.0507 0860 AVKWCtl C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
16:23:45.0648 0860 AxInstSV C:\Windows\System32\AxInstSV.dll
16:23:45.0710 0860 b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:23:45.0788 0860 b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:23:45.0882 0860 BDESVC C:\Windows\System32\bdesvc.dll
16:23:45.0944 0860 Beep C:\Windows\system32\drivers\Beep.sys
16:23:46.0069 0860 BFE C:\Windows\System32\bfe.dll
16:23:46.0147 0860 BITS C:\Windows\System32\qmgr.dll
16:23:46.0256 0860 blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:23:46.0412 0860 Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:23:46.0459 0860 bowser C:\Windows\system32\DRIVERS\bowser.sys
16:23:46.0506 0860 BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:23:46.0584 0860 BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:23:46.0646 0860 Browser C:\Windows\System32\browser.dll
16:23:46.0693 0860 Brserid C:\Windows\System32\Drivers\Brserid.sys
16:23:46.0755 0860 BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:23:46.0802 0860 BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:23:46.0849 0860 BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:23:46.0911 0860 BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:23:46.0958 0860 bthserv C:\Windows\system32\bthserv.dll
16:23:47.0052 0860 cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:23:47.0130 0860 cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:23:47.0223 0860 CertPropSvc C:\Windows\System32\certprop.dll
16:23:47.0286 0860 circlass C:\Windows\system32\DRIVERS\circlass.sys
16:23:47.0348 0860 CLFS C:\Windows\system32\CLFS.sys
16:23:47.0442 0860 clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:23:47.0520 0860 clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:23:47.0644 0860 clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:23:47.0738 0860 clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:23:47.0769 0860 CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:23:47.0816 0860 cmdide C:\Windows\system32\drivers\cmdide.sys
16:23:47.0863 0860 CNG C:\Windows\system32\Drivers\cng.sys
16:23:47.0910 0860 Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:23:47.0941 0860 CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:23:48.0050 0860 crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:23:48.0112 0860 CryptSvc C:\Windows\system32\cryptsvc.dll
16:23:48.0222 0860 DcomLaunch C:\Windows\system32\rpcss.dll
16:23:48.0378 0860 DDService C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe
16:23:48.0456 0860 defragsvc C:\Windows\System32\defragsvc.dll
16:23:48.0596 0860 DfsC C:\Windows\system32\Drivers\dfsc.sys
16:23:48.0690 0860 DFUBTUSB C:\Windows\system32\Drivers\frmupgr.sys
16:23:48.0705 0860 Dhcp C:\Windows\system32\dhcpcore.dll
16:23:48.0814 0860 discache C:\Windows\system32\drivers\discache.sys
16:23:48.0892 0860 Disk C:\Windows\system32\DRIVERS\disk.sys
16:23:48.0924 0860 DLABMFSE C:\Windows\system32\DLA\DLABMFSE.SYS
16:23:48.0955 0860 DLABOIOE C:\Windows\system32\DLA\DLABOIOE.SYS
16:23:48.0970 0860 DLACDBHE C:\Windows\system32\Drivers\DLACDBHE.SYS
16:23:48.0986 0860 DLADResE C:\Windows\system32\DLA\DLADResE.SYS
16:23:49.0002 0860 DLAIFS_E C:\Windows\system32\DLA\DLAIFS_E.SYS
16:23:49.0017 0860 DLAOPIOE C:\Windows\system32\DLA\DLAOPIOE.SYS
16:23:49.0033 0860 DLAPoolE C:\Windows\system32\DLA\DLAPoolE.SYS
16:23:49.0048 0860 DLARTL_E C:\Windows\system32\Drivers\DLARTL_E.SYS
16:23:49.0095 0860 DLAUDFAE C:\Windows\system32\DLA\DLAUDFAE.SYS
16:23:49.0142 0860 DLAUDF_E C:\Windows\system32\DLA\DLAUDF_E.SYS
16:23:49.0189 0860 Dnscache C:\Windows\System32\dnsrslvr.dll
16:23:49.0267 0860 dot3svc C:\Windows\System32\dot3svc.dll
16:23:49.0360 0860 DPS C:\Windows\system32\dps.dll
16:23:49.0516 0860 drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:23:49.0563 0860 DRVECDB C:\Windows\system32\Drivers\DRVECDB.SYS
16:23:49.0594 0860 DRVEDDM C:\Windows\system32\Drivers\DRVEDDM.SYS
16:23:49.0672 0860 DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:23:49.0750 0860 e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
16:23:49.0797 0860 EapHost C:\Windows\System32\eapsvc.dll
16:23:49.0969 0860 ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:23:50.0203 0860 EFS C:\Windows\System32\lsass.exe
16:23:50.0343 0860 ehRecvr C:\Windows\ehome\ehRecvr.exe
16:23:50.0421 0860 ehSched C:\Windows\ehome\ehsched.exe
16:23:50.0468 0860 elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:23:50.0530 0860 ErrDev C:\Windows\system32\drivers\errdev.sys
16:23:50.0562 0860 EventSystem C:\Windows\system32\es.dll
16:23:50.0624 0860 exfat C:\Windows\system32\drivers\exfat.sys
16:23:50.0702 0860 fastfat C:\Windows\system32\drivers\fastfat.sys
16:23:50.0780 0860 Fax C:\Windows\system32\fxssvc.exe
16:23:50.0842 0860 fdc C:\Windows\system32\DRIVERS\fdc.sys
16:23:50.0874 0860 fdPHost C:\Windows\system32\fdPHost.dll
16:23:50.0920 0860 FDResPub C:\Windows\system32\fdrespub.dll
16:23:50.0967 0860 FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:23:50.0998 0860 Filetrace C:\Windows\system32\drivers\filetrace.sys
16:23:51.0061 0860 flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:23:51.0108 0860 FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:23:51.0170 0860 FontCache C:\Windows\system32\FntCache.dll
16:23:51.0248 0860 FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:23:51.0279 0860 FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:23:51.0326 0860 Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:23:51.0388 0860 fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:23:51.0435 0860 gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:23:51.0498 0860 GDBehave C:\Windows\system32\drivers\GDBehave.sys
16:23:51.0544 0860 GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
16:23:51.0607 0860 GdNetMon C:\Windows\system32\drivers\GdNetMon64.sys
16:23:51.0654 0860 GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
16:23:51.0716 0860 GDScan C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
16:23:51.0763 0860 gdwfpcd C:\Windows\system32\drivers\gdwfpcd64.sys
16:23:51.0794 0860 GearAspiWDM C:\Windows\system32\drivers\GEARAspiWDM.sys
16:23:51.0841 0860 ghsmdm C:\Windows\system32\DRIVERS\ghsmdm.sys
16:23:51.0903 0860 gpsvc C:\Windows\System32\gpsvc.dll
16:23:52.0012 0860 GRD C:\Windows\system32\drivers\GRD.sys
16:23:52.0106 0860 gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:23:52.0122 0860 gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:23:52.0168 0860 hardlock C:\Windows\system32\drivers\hardlock.sys
16:23:52.0200 0860 hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:23:52.0262 0860 HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:23:52.0340 0860 HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:23:52.0402 0860 HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:23:52.0449 0860 HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:23:52.0527 0860 HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:23:52.0574 0860 hidserv C:\Windows\system32\hidserv.dll
16:23:52.0636 0860 HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:23:52.0730 0860 hkmsvc C:\Windows\system32\kmsvc.dll
16:23:52.0839 0860 HomeGroupListener C:\Windows\system32\ListSvc.dll
16:23:52.0886 0860 HomeGroupProvider C:\Windows\system32\provsvc.dll
16:23:52.0964 0860 HookCentre C:\Windows\system32\drivers\HookCentre.sys
16:23:53.0011 0860 HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:23:53.0104 0860 HPSIService C:\Windows\system32\HPSIsvc.exe
16:23:53.0182 0860 HTTP C:\Windows\system32\drivers\HTTP.sys
16:23:53.0276 0860 hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:23:53.0307 0860 i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:23:53.0354 0860 iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:23:53.0432 0860 IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:23:53.0432 0860 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:23:53.0432 0860 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:23:53.0494 0860 idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:23:53.0541 0860 iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:23:53.0588 0860 IKEEXT C:\Windows\System32\ikeext.dll
16:23:53.0635 0860 intelide C:\Windows\system32\drivers\intelide.sys
16:23:53.0666 0860 intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:23:53.0728 0860 IPBusEnum C:\Windows\system32\ipbusenum.dll
16:23:53.0822 0860 IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:23:53.0931 0860 iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:23:54.0009 0860 IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:23:54.0056 0860 IPNAT C:\Windows\system32\drivers\ipnat.sys
16:23:54.0150 0860 iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:23:54.0212 0860 IRENUM C:\Windows\system32\drivers\irenum.sys
16:23:54.0228 0860 isapnp C:\Windows\system32\drivers\isapnp.sys
16:23:54.0259 0860 iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:23:54.0290 0860 kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:23:54.0321 0860 kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:23:54.0352 0860 KeyIso C:\Windows\system32\lsass.exe
16:23:54.0399 0860 KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:23:54.0430 0860 KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:23:54.0446 0860 ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:23:54.0508 0860 KtmRm C:\Windows\system32\msdtckrm.dll
16:23:54.0586 0860 LanmanServer C:\Windows\system32\srvsvc.dll
16:23:54.0680 0860 LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:23:54.0805 0860 LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:23:54.0820 0860 lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:23:54.0898 0860 lltdsvc C:\Windows\System32\lltdsvc.dll
16:23:54.0945 0860 lmhosts C:\Windows\System32\lmhsvc.dll
16:23:54.0992 0860 LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:23:55.0023 0860 LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:23:55.0070 0860 LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:23:55.0086 0860 LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:23:55.0117 0860 LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:23:55.0132 0860 luafv C:\Windows\system32\drivers\luafv.sys
16:23:55.0226 0860 massfilter_hs C:\Windows\system32\drivers\massfilter_hs.sys
16:23:55.0351 0860 Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:23:55.0398 0860 megasas C:\Windows\system32\DRIVERS\megasas.sys
16:23:55.0444 0860 MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:23:55.0538 0860 Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:23:55.0585 0860 MMCSS C:\Windows\system32\mmcss.dll
16:23:55.0647 0860 Modem C:\Windows\system32\drivers\modem.sys
16:23:55.0756 0860 monitor C:\Windows\system32\DRIVERS\monitor.sys
16:23:55.0819 0860 mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:23:55.0850 0860 mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:23:55.0928 0860 mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:23:55.0990 0860 MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:23:56.0037 0860 mpio C:\Windows\system32\drivers\mpio.sys
16:23:56.0068 0860 mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:23:56.0146 0860 MpsSvc C:\Windows\system32\mpssvc.dll
16:23:56.0224 0860 MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:23:56.0256 0860 mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:23:56.0318 0860 mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:23:56.0365 0860 mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:23:56.0412 0860 msahci C:\Windows\system32\drivers\msahci.sys
16:23:56.0427 0860 msdsm C:\Windows\system32\drivers\msdsm.sys
16:23:56.0474 0860 MSDTC C:\Windows\System32\msdtc.exe
16:23:56.0521 0860 Msfs C:\Windows\system32\drivers\Msfs.sys
16:23:56.0583 0860 mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:23:56.0677 0860 msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:23:56.0708 0860 MSiSCSI C:\Windows\system32\iscsiexe.dll
16:23:56.0755 0860 MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:23:56.0833 0860 MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:23:56.0895 0860 MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:23:56.0989 0860 MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:23:57.0020 0860 mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:23:57.0051 0860 MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:23:57.0145 0860 MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:23:57.0192 0860 Mup C:\Windows\system32\Drivers\mup.sys
16:23:57.0223 0860 napagent C:\Windows\system32\qagentRT.dll
16:23:57.0301 0860 NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:23:57.0348 0860 NDIS C:\Windows\system32\drivers\ndis.sys
16:23:57.0410 0860 NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:23:57.0488 0860 NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:23:57.0582 0860 Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:23:57.0644 0860 NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:23:57.0738 0860 NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:23:57.0800 0860 NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:23:57.0878 0860 NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:23:57.0909 0860 Netlogon C:\Windows\system32\lsass.exe
16:23:57.0972 0860 Netman C:\Windows\System32\netman.dll
16:23:58.0065 0860 netprofm C:\Windows\System32\netprofm.dll
16:23:58.0112 0860 NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:23:58.0143 0860 nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:23:58.0174 0860 NlaSvc C:\Windows\System32\nlasvc.dll
16:23:58.0252 0860 Npfs C:\Windows\system32\drivers\Npfs.sys
16:23:58.0299 0860 nsi C:\Windows\system32\nsisvc.dll
16:23:58.0362 0860 nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:23:58.0455 0860 Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:23:58.0518 0860 Null C:\Windows\system32\drivers\Null.sys
16:23:58.0736 0860 nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:23:58.0970 0860 nvraid C:\Windows\system32\drivers\nvraid.sys
16:23:59.0017 0860 nvstor C:\Windows\system32\drivers\nvstor.sys
16:23:59.0079 0860 nvsvc C:\Windows\system32\nvvsvc.exe
16:23:59.0142 0860 nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:23:59.0235 0860 odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:23:59.0282 0860 ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:23:59.0329 0860 ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:23:59.0407 0860 OverwolfUpdaterService C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
16:23:59.0454 0860 p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:23:59.0516 0860 p2psvc C:\Windows\system32\p2psvc.dll
16:23:59.0578 0860 Parport C:\Windows\system32\DRIVERS\parport.sys
16:23:59.0641 0860 partmgr C:\Windows\system32\drivers\partmgr.sys
16:23:59.0672 0860 PcaSvc C:\Windows\System32\pcasvc.dll
16:23:59.0719 0860 pci C:\Windows\system32\drivers\pci.sys
16:23:59.0781 0860 pciide C:\Windows\system32\drivers\pciide.sys
16:23:59.0812 0860 pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:23:59.0859 0860 pcw C:\Windows\system32\drivers\pcw.sys
16:23:59.0890 0860 PEAUTH C:\Windows\system32\drivers\peauth.sys
16:24:00.0031 0860 PerfHost C:\Windows\SysWow64\perfhost.exe
16:24:00.0093 0860 pla C:\Windows\system32\pla.dll
16:24:00.0202 0860 PlugPlay C:\Windows\system32\umpnpmgr.dll
16:24:00.0234 0860 PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:24:00.0265 0860 PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:24:00.0296 0860 PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:24:00.0390 0860 Power C:\Windows\system32\umpo.dll
16:24:00.0452 0860 PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:24:00.0483 0860 Processor C:\Windows\system32\DRIVERS\processr.sys
16:24:00.0530 0860 ProfSvc C:\Windows\system32\profsvc.dll
16:24:00.0546 0860 ProtectedStorage C:\Windows\system32\lsass.exe
16:24:00.0592 0860 Psched C:\Windows\system32\DRIVERS\pacer.sys
16:24:00.0686 0860 PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:24:00.0733 0860 ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:24:00.0795 0860 ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:24:00.0842 0860 QWAVE C:\Windows\system32\qwave.dll
16:24:00.0889 0860 QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:24:00.0951 0860 RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:24:01.0029 0860 RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:24:01.0092 0860 RasAuto C:\Windows\System32\rasauto.dll
16:24:01.0138 0860 Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:24:01.0185 0860 RasMan C:\Windows\System32\rasmans.dll
16:24:01.0279 0860 RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:24:01.0310 0860 RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:24:01.0341 0860 rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:24:01.0388 0860 rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:24:01.0450 0860 RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:24:01.0466 0860 RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:24:01.0513 0860 RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:24:01.0575 0860 RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:24:01.0653 0860 rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:24:01.0716 0860 RemoteAccess C:\Windows\System32\mprdim.dll
16:24:01.0809 0860 RemoteRegistry C:\Windows\system32\regsvc.dll
16:24:01.0934 0860 Roxio UPnP Renderer 9 C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
16:24:01.0950 0860 Roxio Upnp Server 9 C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe
16:24:02.0028 0860 RoxLiveShare9 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
16:24:02.0059 0860 RoxLiveShare9 ( UnsignedFile.Multi.Generic ) - warning
16:24:02.0059 0860 RoxLiveShare9 - detected UnsignedFile.Multi.Generic (1)
16:24:02.0090 0860 RoxMediaDB9 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
16:24:02.0106 0860 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
16:24:02.0106 0860 RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
16:24:02.0121 0860 RoxWatch9 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
16:24:02.0121 0860 RoxWatch9 ( UnsignedFile.Multi.Generic ) - warning
16:24:02.0121 0860 RoxWatch9 - detected UnsignedFile.Multi.Generic (1)
16:24:02.0137 0860 RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:24:02.0184 0860 RpcLocator C:\Windows\system32\locator.exe
16:24:02.0230 0860 RpcSs C:\Windows\system32\rpcss.dll
16:24:02.0324 0860 rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:24:02.0402 0860 RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:24:02.0433 0860 RxFilter C:\Windows\system32\DRIVERS\RxFilter.sys
16:24:02.0449 0860 RxFilter ( UnsignedFile.Multi.Generic ) - warning
16:24:02.0449 0860 RxFilter - detected UnsignedFile.Multi.Generic (1)
16:24:02.0464 0860 SamSs C:\Windows\system32\lsass.exe
16:24:02.0511 0860 sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:24:02.0542 0860 SCardSvr C:\Windows\System32\SCardSvr.dll
16:24:02.0636 0860 scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:24:02.0745 0860 Schedule C:\Windows\system32\schedsvc.dll
16:24:02.0839 0860 SCPolicySvc C:\Windows\System32\certprop.dll
16:24:02.0901 0860 ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
16:24:02.0964 0860 SDRSVC C:\Windows\System32\SDRSVC.dll
16:24:03.0010 0860 secdrv C:\Windows\system32\drivers\secdrv.sys
16:24:03.0104 0860 seclogon C:\Windows\system32\seclogon.dll
16:24:03.0166 0860 SENS C:\Windows\System32\sens.dll
16:24:03.0213 0860 SensrSvc C:\Windows\system32\sensrsvc.dll
16:24:03.0276 0860 Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:24:03.0322 0860 Serial C:\Windows\system32\DRIVERS\serial.sys
16:24:03.0369 0860 sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:24:03.0416 0860 SessionEnv C:\Windows\system32\sessenv.dll
16:24:03.0478 0860 sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:24:03.0510 0860 sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:24:03.0712 0860 sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:24:03.0915 0860 sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:24:03.0962 0860 SharedAccess C:\Windows\System32\ipnathlp.dll
16:24:04.0009 0860 ShellHWDetection C:\Windows\System32\shsvcs.dll
16:24:04.0056 0860 SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:24:04.0102 0860 SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:24:04.0180 0860 SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:24:04.0227 0860 Smb C:\Windows\system32\DRIVERS\smb.sys
16:24:04.0321 0860 SNMPTRAP C:\Windows\System32\snmptrap.exe
16:24:04.0383 0860 spldr C:\Windows\system32\drivers\spldr.sys
16:24:04.0461 0860 Spooler C:\Windows\System32\spoolsv.exe
16:24:04.0617 0860 sppsvc C:\Windows\system32\sppsvc.exe
16:24:04.0711 0860 sppuinotify C:\Windows\system32\sppuinotify.dll
16:24:04.0804 0860 srv C:\Windows\system32\DRIVERS\srv.sys
16:24:04.0914 0860 srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:24:04.0976 0860 srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:24:05.0054 0860 SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:24:05.0116 0860 SstpSvc C:\Windows\system32\sstpsvc.dll
16:24:05.0257 0860 Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:24:05.0304 0860 stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:24:05.0366 0860 stisvc C:\Windows\System32\wiaservc.dll
16:24:05.0475 0860 stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
16:24:05.0475 0860 stllssvr ( UnsignedFile.Multi.Generic ) - warning
16:24:05.0475 0860 stllssvr - detected UnsignedFile.Multi.Generic (1)
16:24:05.0538 0860 swenum C:\Windows\system32\drivers\swenum.sys
16:24:05.0584 0860 swprv C:\Windows\System32\swprv.dll
16:24:05.0709 0860 SysMain C:\Windows\system32\sysmain.dll
16:24:05.0803 0860 TabletInputService C:\Windows\System32\TabSvc.dll
16:24:05.0834 0860 TapiSrv C:\Windows\System32\tapisrv.dll
16:24:05.0943 0860 TBS C:\Windows\System32\tbssvc.dll
16:24:06.0084 0860 Tcpip C:\Windows\system32\drivers\tcpip.sys
16:24:06.0193 0860 TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:24:06.0271 0860 tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:24:06.0380 0860 TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:24:06.0442 0860 TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:24:06.0505 0860 tdx C:\Windows\system32\DRIVERS\tdx.sys
16:24:06.0567 0860 TermDD C:\Windows\system32\drivers\termdd.sys
16:24:06.0598 0860 TermService C:\Windows\System32\termsrv.dll
16:24:06.0645 0860 Themes C:\Windows\system32\themeservice.dll
16:24:06.0692 0860 THREADORDER C:\Windows\system32\mmcss.dll
16:24:06.0723 0860 TrkWks C:\Windows\System32\trkwks.dll
16:24:06.0848 0860 TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:24:06.0973 0860 tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:24:07.0051 0860 TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:24:07.0160 0860 tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:24:07.0238 0860 uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:24:07.0269 0860 udfs C:\Windows\system32\DRIVERS\udfs.sys
16:24:07.0316 0860 UI0Detect C:\Windows\system32\UI0Detect.exe
16:24:07.0378 0860 uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:24:07.0441 0860 umbus C:\Windows\system32\DRIVERS\umbus.sys
16:24:07.0566 0860 UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:24:07.0612 0860 upnphost C:\Windows\System32\upnphost.dll
16:24:07.0722 0860 USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:24:07.0784 0860 usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:24:07.0893 0860 usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:24:07.0924 0860 usbcir C:\Windows\system32\drivers\usbcir.sys
16:24:07.0987 0860 usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:24:08.0065 0860 usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:24:08.0143 0860 usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:24:08.0190 0860 usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:24:08.0252 0860 USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:24:08.0299 0860 usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:24:08.0346 0860 UxSms C:\Windows\System32\uxsms.dll
16:24:08.0455 0860 VaultSvc C:\Windows\system32\lsass.exe
16:24:08.0517 0860 VCSVADHWSer C:\Windows\system32\DRIVERS\vcsvad.sys
16:24:08.0611 0860 vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:24:08.0673 0860 vds C:\Windows\System32\vds.exe
16:24:08.0782 0860 vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:24:08.0829 0860 VgaSave C:\Windows\System32\drivers\vga.sys
16:24:08.0876 0860 vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:24:08.0923 0860 viaide C:\Windows\system32\drivers\viaide.sys
16:24:08.0985 0860 volmgr C:\Windows\system32\drivers\volmgr.sys
16:24:09.0157 0860 volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:24:09.0297 0860 volsnap C:\Windows\system32\drivers\volsnap.sys
16:24:09.0422 0860 vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:24:09.0500 0860 VSS C:\Windows\system32\vssvc.exe
16:24:09.0625 0860 vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:24:09.0703 0860 W32Time C:\Windows\system32\w32time.dll
16:24:09.0781 0860 WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:24:09.0843 0860 WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:24:09.0921 0860 Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:24:10.0030 0860 WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:24:10.0124 0860 wbengine C:\Windows\system32\wbengine.exe
16:24:10.0186 0860 WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:24:10.0249 0860 wcncsvc C:\Windows\System32\wcncsvc.dll
16:24:10.0327 0860 WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:24:10.0374 0860 Wd C:\Windows\system32\DRIVERS\wd.sys
16:24:10.0420 0860 Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:24:10.0467 0860 WdiServiceHost C:\Windows\system32\wdi.dll
16:24:10.0483 0860 WdiSystemHost C:\Windows\system32\wdi.dll
16:24:10.0545 0860 WebClient C:\Windows\System32\webclnt.dll
16:24:10.0592 0860 Wecsvc C:\Windows\system32\wecsvc.dll
16:24:10.0654 0860 wercplsupport C:\Windows\System32\wercplsupport.dll
16:24:10.0701 0860 WerSvc C:\Windows\System32\WerSvc.dll
16:24:10.0748 0860 WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:24:10.0842 0860 WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
16:24:10.0857 0860 WIMMount C:\Windows\system32\drivers\wimmount.sys
16:24:10.0951 0860 Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:24:11.0060 0860 WinRM C:\Windows\system32\WsmSvc.dll
16:24:11.0200 0860 WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:24:11.0263 0860 Wlansvc C:\Windows\System32\wlansvc.dll
16:24:11.0434 0860 wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:24:11.0512 0860 WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:24:11.0559 0860 wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:24:11.0590 0860 WPCSvc C:\Windows\System32\wpcsvc.dll
16:24:11.0653 0860 WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:24:11.0700 0860 ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:24:11.0793 0860 wscsvc C:\Windows\System32\wscsvc.dll
16:24:11.0856 0860 WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
16:24:11.0980 0860 wuauserv C:\Windows\system32\wuaueng.dll
16:24:12.0074 0860 WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:24:12.0183 0860 WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:24:12.0277 0860 wudfsvc C:\Windows\System32\WUDFSvc.dll
16:24:12.0355 0860 WwanSvc C:\Windows\System32\wwansvc.dll
16:24:12.0448 0860 ================ Scan global ===============================
16:24:12.0480 0860 C:\Windows\system32\basesrv.dll
16:24:12.0558 0860 C:\Windows\system32\winsrv.dll
16:24:12.0573 0860 C:\Windows\system32\winsrv.dll
16:24:12.0651 0860 C:\Windows\system32\sxssrv.dll
16:24:12.0667 0860 C:\Windows\system32\services.exe
16:24:12.0682 0860 ================ Scan MBR ==================================
16:24:12.0682 0860 \Device\Harddisk0\DR0
16:24:13.0119 0860 ================ Scan VBR ==================================
16:24:13.0119 0860 \Device\Harddisk0\DR0\Partition1
16:24:13.0166 0860 \Device\Harddisk0\DR0\Partition2
16:24:13.0197 0860 \Device\Harddisk0\DR0\Partition3
16:24:13.0228 0860 \Device\Harddisk0\DR0\Partition4
16:24:13.0228 0860 ================ Scan UEFI extensions ======================
16:24:13.0228 0860 ================ Scan active images ========================
16:24:13.0228 0860 ============================================================
16:24:13.0228 0860 Scan finished
16:24:13.0228 0860 ============================================================
16:24:14.0118 1144 Deinitialize success
.
==============================================
System Restore Point Check:
.
TDSSKiller Starter Restore Point Created Succesfully
==============================================
Registry Export
.
==============================================
EOF
.
DDS scan in volgend berichtje,was te groot voor 1 bericht
koen lenaers

04-09-2012 16:41

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_34
Run by Koen Lenaers at 16:25:27 on 2012-09-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4086.2405
.
AV: G Data AntiVirus 2012 *Enabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
SP: G Data AntiVirus 2012 *Enabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe
C:\Windows\system32\hasplms.exe
C:\Windows\system32\HPSIsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Koen Lenaers\AppData\Roaming\Spotify\spotify.exe
C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Overwolf\Overwolf.exe
C:\Users\Koen Lenaers\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Koen Lenaers\AppData\Local\Facebook\Messenger\2.1.4623.0\FacebookMessenger.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe
C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AVKWebIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: G Data BankGuard: {ba3295cf-17ed-4f49-9e95-d999a0adbfdc} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AVKWebIE.dll
TB: {87775FDB-6972-41F9-AE51-8326E38CB206} - No File
uRun: “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
uRun: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: C:\Program Files (x86)\Valve\Steam\\Steam.exe -silent
uRun: “C:\Users\Koen Lenaers\AppData\Local\Google\Update\GoogleUpdate.exe” /c
uRun: C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
uRun: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: “C:\Users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe” /c /nocrashserver
uRun: “C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Spotify.exe” /uri spotify:autostart
uRun: “C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe”
uRun: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
mRun:
mRun: “C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
mRun: “C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe”
mRun: “C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe”
mRun: “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
mRun: “C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe” /startup
mRun: C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
mRun: “C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe” /CHECKNOW
mRun: C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
mRun: C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
mRun: H:\SPYWAREfighter\swprotray.exe
mRun: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
mRun: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
mRun: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
mRun: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
mRun: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
mRunOnce: %WINDIR%\SMINST\VistaLauncher.exe
StartupFolder: C:\Users\KOENLE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Koen Lenaers\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\KOENLE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Koen Lenaers\AppData\Local\Facebook\Messenger\2.1.4623.0\FacebookMessenger.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
Trusted Zone: isabel.be
Trusted Zone: kbc.be
Trusted Zone: kbcgroup.eu
Trusted Zone: cbc.be\cbc-pdf
Trusted Zone: cbc.be\cbconline
Trusted Zone: cbc.be\static
Trusted Zone: cbc.be\www
Trusted Zone: cbc.eu\www
Trusted Zone: isabel.be\*.IBS6
Trusted Zone: isabel.be\gotoIBS6
Trusted Zone: isabel.be\pki
Trusted Zone: isabel.be\www
Trusted Zone: isabel.eu\upgrade
Trusted Zone: isabel.eu\www
Trusted Zone: kbc.be\kbc-pdf
Trusted Zone: kbc.be\kbconline
Trusted Zone: kbc.be\static
Trusted Zone: kbc.be\www
Trusted Zone: kbc.com\www
Trusted Zone: kbc.eu\www
Trusted Zone: kbcam.be\www
Trusted Zone: kbcam.com\www
Trusted Zone: kbcbankingforbusiness.com\www
Trusted Zone: kbcgroup.eu\multimediafiles
Trusted Zone: kbcgroup.eu\www
Trusted Zone: kbcmerchantbanking.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 195.130.130.131 195.130.131.131
TCP: Interfaces\{5CDBEBE9-5CE5-4E18-8828-D8C115FBDEE0} : DhcpNameServer = 195.130.130.131 195.130.131.131
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SecurityProviders: credssp.dll, schannel.dll
{0124123D-61B4-456f-AF86-78C53A0790C5}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{326E768D-4182-46FD-9C16-1449A49795F4}
{593DDEC6-7468-4cdd-90E1-42DADAA222E9}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{0124123D-61B4-456f-AF86-78C53A0790C5}
TB-X64: {87775FDB-6972-41F9-AE51-8326E38CB206} - No File
mRun-x64:
mRun-x64: “C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
mRun-x64: “C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe”
mRun-x64: “C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe”
mRun-x64: “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
mRun-x64: “C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe” /startup
mRun-x64: C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
mRun-x64: “C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe” /CHECKNOW
mRun-x64: C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
mRun-x64: C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
mRun-x64: H:\SPYWAREfighter\swprotray.exe
mRun-x64: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
mRun-x64: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
mRun-x64: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
mRun-x64: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
mRun-x64: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
mRunOnce-x64: %WINDIR%\SMINST\VistaLauncher.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Koen Lenaers\AppData\Roaming\Mozilla\Firefox\Profiles\srncyjai.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Users\Koen Lenaers\AppData\Local\Facebook\Messenger\2.1.4623.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Koen Lenaers\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Koen Lenaers\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Koen Lenaers\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: D:\vlc\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DRVECDB;DRVECDB;C:\Windows\system32\Drivers\DRVECDB.SYS –> C:\Windows\system32\Drivers\DRVECDB.SYS
R0 GDBehave;GDBehave;C:\Windows\system32\drivers\GDBehave.sys –> C:\Windows\system32\drivers\GDBehave.sys
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys –> C:\Windows\system32\Drivers\PxHlpa64.sys
R1 DLACDBHE;DLACDBHE;C:\Windows\system32\Drivers\DLACDBHE.SYS –> C:\Windows\system32\Drivers\DLACDBHE.SYS
R1 DLARTL_E;DLARTL_E;C:\Windows\system32\Drivers\DLARTL_E.SYS –> C:\Windows\system32\Drivers\DLARTL_E.SYS
R1 GDMnIcpt;GDMnIcpt;\??\C:\Windows\system32\drivers\MiniIcpt.sys –> C:\Windows\system32\drivers\MiniIcpt.sys
R1 gdwfpcd;G DATA WFP CD;C:\Windows\system32\drivers\gdwfpcd64.sys –> C:\Windows\system32\drivers\gdwfpcd64.sys
R1 GRD;G Data Rootkit Detector Driver;C:\Windows\System32\drivers\GRD.sys
R1 HookCentre;HookCentre;\??\C:\Windows\system32\drivers\HookCentre.sys –> C:\Windows\system32\drivers\HookCentre.sys
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 aksdf;aksdf;\??\C:\Windows\system32\drivers\aksdf.sys –> C:\Windows\system32\drivers\aksdf.sys
R2 AV Engine Scanning Service;AV Engine Scanning Service;C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
R2 AV Watch Service;AV Watch Service;C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
R2 AVKProxy;G Data AntiVirus Proxy;C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
R2 AVKService;G Data Scheduler;C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
R2 AVKWCtl;G Data Bestandssysteembewaker;C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe
R2 DDService;Drobo Dashboard Service;C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe
R2 DLABMFSE;DLABMFSE;C:\Windows\system32\DLA\DLABMFSE.SYS –> C:\Windows\system32\DLA\DLABMFSE.SYS
R2 DLABOIOE;DLABOIOE;C:\Windows\system32\DLA\DLABOIOE.SYS –> C:\Windows\system32\DLA\DLABOIOE.SYS
R2 DLADResE;DLADResE;C:\Windows\system32\DLA\DLADResE.SYS –> C:\Windows\system32\DLA\DLADResE.SYS
R2 DLAIFS_E;DLAIFS_E;C:\Windows\system32\DLA\DLAIFS_E.SYS –> C:\Windows\system32\DLA\DLAIFS_E.SYS
R2 DLAOPIOE;DLAOPIOE;C:\Windows\system32\DLA\DLAOPIOE.SYS –> C:\Windows\system32\DLA\DLAOPIOE.SYS
R2 DLAPoolE;DLAPoolE;C:\Windows\system32\DLA\DLAPoolE.SYS –> C:\Windows\system32\DLA\DLAPoolE.SYS
R2 DLAUDF_E;DLAUDF_E;C:\Windows\system32\DLA\DLAUDF_E.SYS –> C:\Windows\system32\DLA\DLAUDF_E.SYS
R2 DLAUDFAE;DLAUDFAE;C:\Windows\system32\DLA\DLAUDFAE.SYS –> C:\Windows\system32\DLA\DLAUDFAE.SYS
R2 DRVEDDM;DRVEDDM;C:\Windows\system32\Drivers\DRVEDDM.SYS –> C:\Windows\system32\Drivers\DRVEDDM.SYS
R2 hasplms;HASP License Manager;C:\Windows\system32\hasplms.exe -run –> C:\Windows\system32\hasplms.exe -run
R2 HPSIService;HP SI Service;C:\Windows\system32\HPSIsvc.exe –> C:\Windows\system32\HPSIsvc.exe
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys –> C:\Windows\system32\DRIVERS\e1k62x64.sys
R3 GDScan;G Data Scanner;C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\system32\DRIVERS\vcsvad.sys –> C:\Windows\system32\DRIVERS\vcsvad.sys
R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys –> C:\Windows\system32\DRIVERS\WSDPrint.sys
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Update-service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe
S2 Suite Service;Suite Service;C:\Program Files (x86)\Fighters\FighterSuiteService.exe –> C:\Program Files (x86)\Fighters\FighterSuiteService.exe
S3 ACSSCR;ACR38 Smart Card Reader;C:\Windows\system32\DRIVERS\a38usb.sys –> C:\Windows\system32\DRIVERS\a38usb.sys
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 AVFSFilter;AVFSFilter;C:\Windows\system32\DRIVERS\avfsfilter.sys –> C:\Windows\system32\DRIVERS\avfsfilter.sys
S3 GdNetMon;G Data Network Monitor;\??\C:\Windows\system32\drivers\GdNetMon64.sys –> C:\Windows\system32\drivers\GdNetMon64.sys
S3 GDPkIcpt;GDPkIcpt;\??\C:\Windows\system32\drivers\PktIcpt.sys –> C:\Windows\system32\drivers\PktIcpt.sys
S3 ghsmdm;Handset USB Modem;C:\Windows\system32\DRIVERS\ghsmdm.sys –> C:\Windows\system32\DRIVERS\ghsmdm.sys
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;\??\C:\Windows\system32\drivers\massfilter_hs.sys –> C:\Windows\system32\drivers\massfilter_hs.sys
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys –> C:\Windows\system32\DRIVERS\Rt64win7.sys
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys –> C:\Windows\system32\drivers\ScreamingBAudio64.sys
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys –> C:\Windows\system32\drivers\tsusbflt.sys
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys –> C:\Windows\system32\Drivers\usbaapl64.sys
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe –> C:\Windows\system32\Wat\WatAdminSvc.exe
.
=============== Created Last 30 ================
.
2012-09-04 14:23:38 ——– d—–w- C:\TDSSStarter
2012-09-04 08:53:16 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{D55F5FA6-C537-415D-AF6C-3C287FE328FC}
2012-09-03 12:30:28 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{901B360D-A9D3-4842-8AB2-A44EEB4A4AE0}
2012-09-02 20:53:57 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{7A2905B4-5DF1-4321-A1EB-485E3F787AD5}
2012-09-02 14:33:21 ——– d—–w- C:\hijackthis
2012-09-02 13:04:44 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\G DATA
2012-09-02 08:53:31 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{5FDCED10-7091-45E6-B12D-19E4AF70CADF}
2012-09-01 13:48:45 73696 —-a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-01 12:07:34 ——– d—–w- C:\Program Files (x86)\Overwolf
2012-09-01 12:07:34 ——– d—–w- C:\Program Files (x86)\Common Files\Overwolf
2012-09-01 12:06:49 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\Overwolf
2012-09-01 08:18:53 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{68ED4AD4-1E55-4314-BF5C-9DE88C490D06}
2012-08-31 11:17:31 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{B8BEBF8C-1D29-41D7-84E3-60E9E503A9B1}
2012-08-30 13:43:45 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{429A7C1F-ED0A-47C1-8B3C-86BF7BA063D3}
2012-08-27 20:55:23 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{FAD9253F-FF1E-4794-9F03-759EF59124EE}
2012-08-27 08:54:40 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{47C28A0B-7290-4803-BC74-81119AD6ECC8}
2012-08-26 07:30:27 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{9248BD7A-5950-4756-8BF1-D677112BAD36}
2012-08-25 07:13:08 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{2D32522A-E238-4434-B01C-0B35387F241D}
2012-08-24 12:26:08 118784 –sha-r- C:\Windows\SysWow64\rpcnsht.dll
2012-08-24 11:39:14 9309624 —-a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A667B630-2170-4175-A190-9E977B549203}\mpengine.dll
2012-08-24 11:35:15 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{81A336FC-CA55-4D28-A308-DA51FA852E21}
2012-08-23 13:42:52 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{1556C1C8-F25C-4186-ABF3-6AE76081CE16}
2012-08-22 14:51:02 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{2E36C131-086B-47C6-9955-BB812FEB2117}
2012-08-21 15:57:54 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{ECD9D8A0-B81C-459F-B19C-7C89DFF6E87D}
2012-08-21 15:12:42 768848 —-a-w- C:\Windows\SysWow64\msvcr100.dll
2012-08-21 15:12:30 421200 —-a-w- C:\Windows\SysWow64\msvcp100.dll
2012-08-20 16:01:11 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{253DD847-CAA3-428C-9825-8E7D6D44FEFB}
2012-08-19 09:52:19 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{E0A02910-85B0-4D8D-BA2A-810063BB5DE8}
2012-08-17 17:05:39 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{1EAAC746-2050-40E6-B533-3683163FBA99}
2012-08-17 17:05:29 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{E078A106-B54E-4D2E-840B-12A2F1548D16}
2012-08-17 05:05:02 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{E4120292-EC34-476B-8D87-ECD875EC062E}
2012-08-17 05:04:51 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{87053D73-10D2-4E0A-89A7-477AEC80ADA9}
2012-08-16 15:09:13 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{0EFAE47B-991D-4028-89CF-F428E997EB04}
2012-08-16 15:09:01 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{BC08BA92-BC13-46B3-B464-7F4FE827C1AB}
2012-08-15 20:36:37 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{40C824B0-8D7B-4480-87E9-034DA6AB8E83}
2012-08-15 08:36:13 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{71A798DE-E263-45CC-A63B-335B82522CD4}
2012-08-15 08:35:14 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{2F5A32FF-A343-4368-9639-2B641DE7AFEB}
2012-08-14 13:36:53 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{D8F79589-DD08-4E4E-B646-D110DC3971A4}
2012-08-14 13:36:15 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{51F87653-D2EE-4C3B-9D9A-8F328A462C49}
2012-08-13 14:14:34 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{F3575139-5032-4D40-9E2E-58A12F57CD49}
2012-08-13 14:14:22 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{AA4CCACD-7FBE-48B3-894E-CCBBB86D6D97}
2012-08-12 21:24:14 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{931EB388-C9C7-45DF-BD76-623F12E8F201}
2012-08-12 21:24:04 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{F7B2D61D-9E0A-4DCE-8302-A9D24E2AA85C}
2012-08-12 09:23:37 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{76705BB4-9A82-40AB-B615-2CB3D9010EED}
2012-08-12 09:23:25 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{C40B29C9-8B48-4E10-99A6-FD5E27E61A06}
2012-08-11 21:22:44 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{C7012986-1082-4676-983A-E54E192F42B5}
2012-08-11 09:22:02 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{EAC6BCA9-7439-4A69-8461-8C1C00F967C4}
2012-08-11 09:21:45 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{1C3A6E9F-F7F3-46C5-86CB-667B50FC8EC0}
2012-08-10 13:59:30 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{5B7C7E8E-9B3C-47C2-A425-0228DFDAA3D6}
2012-08-10 13:59:17 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{A109FD12-C88D-44B6-BFA8-FC9A5C831742}
2012-08-09 21:27:34 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{9E2D07AE-2747-4DAA-A36F-DE64C4172655}
2012-08-09 21:27:24 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{ABD17B99-2390-4EBD-AFB3-FA4CAC62304D}
2012-08-09 09:26:53 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{EC94F000-1409-4CB9-B0AE-403617BE14C8}
2012-08-09 09:25:57 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{58619F51-151E-4BEF-89FE-45668037B7F9}
2012-08-08 14:46:53 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{F45FB1FF-4FB4-448B-8186-8D9C093DDFC1}
2012-08-08 14:46:41 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{D013C567-35A0-41F0-8D0E-1DD0DB7B8D20}
2012-08-07 14:55:17 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{124241FF-80A8-464C-A722-6628A7966AD6}
2012-08-07 14:54:24 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{8BD483F4-C31F-4D39-8FD4-107873A406E2}
2012-08-06 15:49:02 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{DDFEBB66-48D8-4348-8666-B4C621BBB927}
2012-08-06 15:49:00 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{4C7E7E7A-0A9E-4091-A8F8-0EB1C18D16DB}
2012-08-05 22:01:19 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{C17D782C-BFA5-4201-90FA-F1FF5D065422}
2012-08-05 22:01:17 ——– d—–w- C:\Users\Koen Lenaers\AppData\Local\{70FCC0DE-DDB8-4406-A7CB-0FCA41C6ED19}
.
==================== Find3M ====================
.
2012-09-04 08:56:10 786915 —-a-w- C:\Windows\SysWow64\sig.bin
2012-09-01 14:24:24 106488 —-a-w- C:\Windows\System32\drivers\GRD.sys
2012-08-25 07:18:11 73416 —-a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-25 07:18:11 696520 —-a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-19 01:31:20 477168 —-a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-19 01:31:15 473072 —-a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-18 18:15:06 3148800 —-a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 —-a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 —-a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 —-a-w- C:\Windows\SysWow64\browcli.dll
2012-07-03 11:46:44 24904 —-a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-27 07:06:53 1188864 —-a-w- C:\Windows\System32\wininet.dll
2012-06-27 05:53:07 981504 —-a-w- C:\Windows\SysWow64\wininet.dll
2012-06-27 04:53:10 1638912 —-a-w- C:\Windows\System32\mshtml.tlb
2012-06-27 04:10:55 1638912 —-a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-16 05:16:04 609792 —-a-w- C:\Windows\System32\vbscript.dll
2012-06-16 04:26:57 428032 —-a-w- C:\Windows\SysWow64\vbscript.dll
2012-06-06 18:59:42 1070152 —-a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 16:25:55,09 ===============
Ben

04-09-2012 18:26

Hallo,
“zoek.exe” gebruiken
Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens gebruik soms als trojan aangezien.
(hier of hier) kan je lezen hoe je dat doet.
Download daarna zoek.exe naar het bureaublad.
Windows 2000 en Windows XP: start de tool middels dubbelklik op “zoek.exe”.
Windows Vista en Windows 7: start de tool middels rechtsklik op “zoek.exe” en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande Vet gedrukte en plak die in het grote invulvenster:
filesrcm;
emptyclsid;
emptyjava;
emptyflash;
startupall;
Sluit nu eerst alle nog openstaande programmavensters!
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht en vertel hoe het nu gaat.
Gr.Ben
Antivirusprikbord.nl
koen lenaers

04-09-2012 18:56

Zoek.exe Version 3.0.0.3 Updated 04-SEPT-2012
Tool run by Koen Lenaers on di 04/09/2012 at 18:40:30,51.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running from: C:\Users\Koen Lenaers\AppData\Local\Temp\zoek.exe
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2012-08-15 10:39:38 127AA81343A7C6F665C22CB1293B0A90 67072 —-a-w- C:\Windows\splwow64.exe
====== C:\Users\KOENLE~1\AppData\Local\Temp ====
2012-09-02 14:53:21 73406FA9287B36CA4163797C73A2CD04 4451144 —-a-w- C:\Users\KOENLE~1\AppData\Local\Temp\tbuTo0.dll
2012-09-01 12:07:23 67332A9A299FDF65A369BB9996FC2A07 41229824 —-a-w- C:\Users\KOENLE~1\AppData\Local\Temp\OverwolfSetup.msi
====== C:\Windows\SysWOW64 =====
2012-08-24 12:26:08 !HASH: COULD NOT OPEN FILE !!!!! 118784 –sha-r- C:\Windows\SysWOW64\rpcnsht.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
2012-08-24 12:26:08 2130D5599E93AC800B59DC9EE82AB7BA 326 —-a-w- C:\Windows\Tasks\asxextu.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2012-09-01 12:07:34 ——– d—–w- C:\Program Files (x86)\Overwolf
2012-09-01 12:07:34 ——– d—–w- C:\Program Files (x86)\Common Files\Overwolf
======= C: =====
2012-09-04 13:21:31 F2F43A8AFF58652E2F6CD371CD6A9F4A 1046 —-a-w- C:\AdwCleaner.txt
2012-09-04 13:01:21 EEDB3DED27306DC1BF30EC2C3AE88813 987 —-a-w- C:\AdwCleaner.txt
2012-09-04 12:50:54 9FEB88C1823F1682DEC48C096617613D 1076 —-a-w- C:\AdwCleaner.txt
====== C:\Users\Koen Lenaers\AppData\Roaming ======
2012-09-02 14:19:05 2E56FFFCAB0A638F4F0B25E13206D747 855959 —-a-w- C:\users\Koen Lenaers\AppData\Local\census.cache
2012-09-02 14:18:24 1B17BF8B552310C81578339B60B5321E 129728 —-a-w- C:\users\Koen Lenaers\AppData\Local\ars.cache
2012-09-02 14:09:10 431584BB17C7687E1250BAF225B2AD2D 36 —-a-w- C:\users\Koen Lenaers\AppData\Local\housecall.guid.cache
2012-09-02 13:04:44 ——– d—–w- C:\users\Koen Lenaers\AppData\Local\G DATA
2012-09-01 12:06:49 ——– d—–w- C:\users\Koen Lenaers\AppData\Local\Overwolf
2012-09-01 09:18:15 ——– d—–w- C:\users\Koen Lenaers\AppData\Roaming\dvdcss
====== C:\Users\Koen Lenaers ======
====== C: exe-files ==
2012-09-04 14:21:42 7AD347718319D488FD9FE6D15DF8DCD6 93184 —-a-w- C:\Users\Koen Lenaers\Desktop\TDSSKStarter.exe
2012-09-04 12:50:49 E13C61806CBA8D5176B32F9A46912CF8 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2851071923-2195716729-3770204004-1001\$IAH02TI.exe
2012-09-04 12:47:58 02961D44C635A12BD6E39793D36C06A9 511265 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5Q9HF448\adwcleaner.exe
2012-09-04 12:42:43 02961D44C635A12BD6E39793D36C06A9 511265 —-a-w- C:\$Recycle.Bin\S-1-5-21-2851071923-2195716729-3770204004-1001\$RAH02TI.exe
2012-09-02 15:15:48 E4EDC2143D7206ACA9EC0E0D1ED32935 352984 —-a-w- C:\Users\Koen Lenaers\Downloads\SoftonicDownloader_voor_internet-explorer-10.exe
2012-09-02 14:33:32 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\hijackthis\HijackThis.exe
2012-09-02 14:28:50 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Users\Koen Lenaers\Downloads\HijackThis(1).exe
2012-09-02 14:27:55 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Users\Koen Lenaers\Downloads\HijackThis.exe
2012-09-02 14:19:51 B3F52C1F402613B110EE66F5A3604063 10652120 —-a-w- C:\Users\Koen Lenaers\Downloads\mbam-setup-1.62.0.1300.exe
2012-09-02 14:10:25 1FBB338FD54A8E1697488658705BAE05 2406064 —-a-w- C:\Users\Koen Lenaers\Downloads\HousecallLauncher64(1).exe
2012-09-02 14:09:13 FD35BD83DCD48338931442B47644719A 192512 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Temp\HouseCall\bspatch.exe
2012-09-02 14:09:10 D53C8E3487CA0FF26F96C67F35ADA162 2674152 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Temp\HCBackup\hcpackage64.exe
2012-09-02 14:08:59 1FBB338FD54A8E1697488658705BAE05 2406064 —-a-w- C:\Users\Koen Lenaers\Downloads\HousecallLauncher64.exe
2012-09-01 12:07:44 6AE06FE0573272255F71C1D3DB6FEB21 362424 —-a-w- C:\Program Files (x86)\Overwolf\owUpdater.exe
2012-09-01 12:07:43 01B14F4D64BC70E93734211C3D324099 18360 —-a-w- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
2012-09-01 11:45:02 D802EB72CD1809F5981B518EF4E8AA99 529744 —-a-w- C:\Program Files (x86)\Common Files\Steam\SteamServiceTmp.exe
=== C: other files ==
2012-09-04 14:22:31 2E84724E785214F625E16D1E89519DA2 607260 ——r- C:\Users\Koen Lenaers\Desktop\dds.com
2012-09-04 08:56:11 E2D37F405E21BE2534FF4A84F5032ECA 297176 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12090400\aswRep.dll
2012-09-04 08:56:11 D1401FD82CF64D9043336CB9EB5E5B65 1806336 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12090400\algo.dll
2012-09-04 08:56:11 CFB3EEDF620E7F32464A3091BA76D5E8 13400 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12090400\exts.dll
2012-09-04 08:56:11 CEBE7C43277E5CC8120A0E99C27CFEC6 40712 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12090400\fwAux.dll
2012-09-04 08:56:11 C1374A6B8C2F16B72A6F7C34111DB904 113312 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12090400\aswCmnOS.dll
2012-09-04 08:56:11 BAA6A071C57F9F2451C6F078781750FC 358440 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12090400\aswCmnBS.dll
2012-09-04 08:56:11 BA385285D418CB8198AADC9026622C29 1289560 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12090400\aswEngin.dll
2012-09-04 08:56:11 B9EC91DF46FDB681A7B6FC42821EAE17 41736 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12090400\uiext.dll
2012-09-04 08:56:11 ACEADB9CE3FD47F59B2CAED6619A9A6F 396032 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12090400\aswFiDb.dll
2012-09-04 08:56:11 87F664BF0B8728382D03B2126127DC98 185912 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12090400\aswAR.dll
2012-09-04 08:56:11 72A7C1EC4D3BF38CB115395AD721AE3C 46880 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12090400\ArPot.dll
2012-09-04 08:56:11 4C10850D160D452CA8A2600FAF92882E 1637712 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12090400\aswBoot.dll
2012-09-04 08:56:11 2B612ED9A81D28636CF0E2461252DCED 109168 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12090400\aswScan.dll
2012-09-04 08:56:11 2935740E9E6B71C6D28CDA78E2ECDABD 243592 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12090400\aswCmnIS.dll
2012-09-04 08:56:11 0D0FA4434A9434641AB0A6332AC5560A 424872 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12090400\aswRawFS.dll
2012-09-04 08:56:11 07BB9F5D0BCB2E9D4534C2FA8ADABC6E 450688 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12090400\aswCleanerDLL.dll
2012-09-02 14:54:00 2B3B64FDB3CB5F1CFC8B6931D9414A03 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2851071923-2195716729-3770204004-1001\$IUT3NFC.dll
2012-09-02 14:53:21 73406FA9287B36CA4163797C73A2CD04 4451144 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Temp\tbuTo0.dll
2012-09-02 14:09:20 E2E4134DE6D4190CC09927BDAF695209 2753552 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Temp\HouseCall\vsapi64.dll
2012-09-02 14:09:20 DE65E95A0C4F9ECC78DD4BB8090D292D 2579472 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Temp\HouseCall\tscdll64.dll
2012-09-02 14:09:20 BDE21EC1618633A32EE2ED984B3FEDD8 93008 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Temp\HouseCall\BPMNT.dll
2012-09-02 14:09:14 8D1B6E71C4F138D17E17EE9C9A11DC48 2381 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip
2012-09-02 14:09:13 EE14A00D9640EABA7F5FC9ADBEB13107 1290256 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Temp\HouseCall\ICRCHdler.dll
2012-09-02 14:09:13 EDD40000A5B4E0DC51DC64D3340A0DA3 709120 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Temp\HouseCall\libcurl.dll
2012-09-02 14:09:13 DCFC19032C60CCC660D4346295DA42B9 45320 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Temp\HouseCall\utilClientLoader.dll
2012-09-02 14:09:13 CDA170DE62078B673D554C73335CB4D5 1835520 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Temp\HouseCall\libeay32.dll
2012-09-02 14:09:13 6B5F1D789B3550B0023C80423B8C2F4C 2181680 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Temp\HouseCall\hc_core.dll
2012-09-02 14:09:13 56CA40F5BA609B9AE0C2880FD20B467E 401920 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Temp\HouseCall\ssleay32.dll
2012-09-02 14:09:13 56476990887DDD7932E7325FED702305 233488 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Temp\HouseCall\perfiCrcPerfMonMgr.dll
2012-09-02 14:09:13 3469A5064D39DF2F1F29C437263434ED 647184 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Temp\HouseCall\tmfbeng.dll
2012-09-02 14:09:13 227AAAE2B6E60ADD679F632C3BF51A61 148992 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Temp\HouseCall\libexpatw.dll
2012-09-02 14:09:13 030ABA06C7DC9FAB49ED0EB5A8DAE325 1120080 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Temp\HouseCall\tmufeng.dll
2012-09-01 13:48:45 CAA74322D786E112DCC199A7BB5FBA66 73696 —-a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-01 12:08:07 6E19C7B9DF2E2BB780AEAEDFC1FBAE5E 16312 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Overwolf\Apps\AddInSideAdapters\ODK.AddIns.V1.AddInSideAdapter.dll
2012-09-01 12:08:07 2FBF54305741EC5528A537A33C9EFF14 16312 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Overwolf\Apps\HostSideAdapters\ODK.AddIns.V1.HostSideAdapter.dll
2012-09-01 12:08:07 0E5AFBBF20FE6C88E8F6AB60315CC484 14264 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Overwolf\Apps\Contracts\ODK.AddIns.V1.Contract.dll
2012-09-01 12:08:07 03119F3AB709EBE2F438AB4BAE36F1E5 14264 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Overwolf\Apps\AddInViews\ODK.AddIns.V1.AddInView.dll
2012-09-01 12:06:49 672C4158F5A62FA41F46A2FB8D91B90B 418304 —-a-w- C:\Users\Koen Lenaers\AppData\Local\Overwolf\InstallerCache\OWResources.dll
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“msnmsgr”=“C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background”
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“Steam”=“C:\Program Files (x86)\Valve\Steam\\Steam.exe -silent”
“Google Update”=“C:\Users\Koen Lenaers\AppData\Local\Google\Update\GoogleUpdate.exe /c”
“DDAssist”=“C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe”
“MobileDocuments”=“C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe”
“Facebook Update”=“C:\Users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver”
“Spotify”=“C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart ”
“Spotify Web Helper”=“C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ”
“iCloudServices”=“C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe”
“ApplePhotoStreams”=“C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe”
“Overwolf”=“C:\Program Files (x86)\Overwolf\Overwolf.exe -silent”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“RoxWatchTray”=“C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
“DMXLauncher”=“C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe”
“RoxioDragToDisc”=“C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe”
“GrooveMonitor”=“C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
“beid”=“C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup”
“G Data AntiVirus Tray Application”=“C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe”
“DivXUpdate”=“C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW”
“Razer Imperator Driver”=“C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe”
“CommonToolkitTray”=“C:\Program Files (x86)\Fighters\Tray\FightersTray.exe”
“SWPROguard”=“H:\SPYWAREfighter\swprotray.exe”
“Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“APSDaemon”=“C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“QuickTime Task”=“C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime”
“SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
“iTunesHelper”=“C:\Program Files (x86)\iTunes\iTunesHelper.exe”
“ST Recovery Launcher”=“%WINDIR%\SMINST\VistaLauncher.exe ”
“msnmsgr”=“C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background”
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“Steam”=“C:\Program Files (x86)\Valve\Steam\\Steam.exe -silent”
“Google Update”=“C:\Users\Koen Lenaers\AppData\Local\Google\Update\GoogleUpdate.exe /c”
“DDAssist”=“C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe”
“MobileDocuments”=“C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe”
“Facebook Update”=“C:\Users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver”
“Spotify”=“C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart ”
“Spotify Web Helper”=“C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ”
“iCloudServices”=“C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe”
“ApplePhotoStreams”=“C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe”
“Overwolf”=“C:\Program Files (x86)\Overwolf\Overwolf.exe -silent”
==== Startup Folders ======================
2012-07-13 17:56:19 1062 —-a-w- C:\users\Koen Lenaers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-06-07 19:07:01 1349 —-a-w- C:\users\Koen Lenaers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\asxextu.job –a—— C:\Windows\system32\rundll32.exe
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001Core.job –a—— C:\Users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001UA.job –a—— C:\Users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001Core.job –a—— C:\Users\Koen Lenaers\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001UA.job –a—— C:\Users\Koen Lenaers\AppData\Local\Google\Update\GoogleUpdate.exe
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
rijg nog steeds een popup van mijn virusscanner van een unknown malware.Dit gebeurd enkel in explorer/ik zie wel eeg redirecting meer

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

redirected naar niet gevraagde websites

koenlenaers

Ben

koen lenaers

Ben

koen lenaers

Ben

koen lenaers

koen lenaers

Ben

koen lenaers