Probleem nog niet voorbij.
Mijn probleem is blijkbaar nog niet opgelost,ik heb nu wel de naam van het virus kunnen achterhalen.Helaas kan mijn antivirussoftware het niet verwijderen.
De naam van het virus is win32:Agent-APTY.
Link: http://antivirus.startpagina.nl/prikbord/15880485/redirected-naar-niet-gevraagde-websites#msg-15880485
Hallo Ben,
bedankt voor je snele reactie. Hier de gevraagde logjes
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Databaseversie: v2012.09.19.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Koen Lenaers :: KOENLENAERS-PC
19/09/2012 18:17:49
mbam-log-2012-09-19 (18-17-49).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 224170
Verstreken tijd: 3 minuut/minuten, 32 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:23:54, on 19/09/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Koen Lenaers\AppData\Roaming\Spotify\spotify.exe
C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe
C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\Users\Koen Lenaers\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
C:\Users\Koen Lenaers\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blacksheep.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AVKWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AVKWebIE.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe” /startup
O4 - HKLM\..\Run: C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Program Files (x86)\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: “C:\Users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe” /c /nocrashserver
O4 - HKCU\..\Run: “C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Spotify.exe” /uri spotify:autostart
O4 - HKCU\..\Run: “C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe”
O4 - HKCU\..\Run: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - HKCU\..\Run: “C:\Users\Koen Lenaers\AppData\Local\Google\Update\GoogleUpdate.exe” /c
O4 - Startup: Dropbox.lnk = Koen Lenaers\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Facebook Messenger.lnk = Koen Lenaers\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra ‘Tools’ menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O15 - Trusted Zone: *.isabel.be
O15 - Trusted Zone: *.kbc.be
O15 - Trusted Zone: *.kbcgroup.eu
O15 - Trusted Zone: http://cbc-pdf.cbc.be (HKLM)
O15 - Trusted Zone: http://static.cbc.be (HKLM)
O15 - Trusted Zone: http://www.isabel.be (HKLM)
O15 - Trusted Zone: http://upgrade.isabel.eu (HKLM)
O15 - Trusted Zone: http://www.isabel.eu (HKLM)
O15 - Trusted Zone: http://kbc-pdf.kbc.be (HKLM)
O15 - Trusted Zone: http://static.kbc.be (HKLM)
O15 - Trusted Zone: http://www.kbcam.be (HKLM)
O15 - Trusted Zone: http://www.kbcam.com (HKLM)
O15 - Trusted Zone: http://www.kbcmerchantbanking.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
O23 - Service: AV Watch Service - Preventon Technologies Limited - C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Suite Service - Unknown owner - C:\Program Files (x86)\Fighters\FighterSuiteService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 15127 bytes
Oeps,vergat hjthis op te starten in admin mode,hier is het juiste logje :p
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:27:48, on 19/09/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Koen Lenaers\AppData\Roaming\Spotify\spotify.exe
C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe
C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\Users\Koen Lenaers\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
C:\Users\Koen Lenaers\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blacksheep.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AVKWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AVKWebIE.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe” /startup
O4 - HKLM\..\Run: C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Program Files (x86)\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: “C:\Users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe” /c /nocrashserver
O4 - HKCU\..\Run: “C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Spotify.exe” /uri spotify:autostart
O4 - HKCU\..\Run: “C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe”
O4 - HKCU\..\Run: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - HKCU\..\Run: “C:\Users\Koen Lenaers\AppData\Local\Google\Update\GoogleUpdate.exe” /c
O4 - Startup: Dropbox.lnk = Koen Lenaers\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Facebook Messenger.lnk = Koen Lenaers\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra ‘Tools’ menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O15 - Trusted Zone: *.isabel.be
O15 - Trusted Zone: *.kbc.be
O15 - Trusted Zone: *.kbcgroup.eu
O15 - Trusted Zone: http://cbc-pdf.cbc.be (HKLM)
O15 - Trusted Zone: http://static.cbc.be (HKLM)
O15 - Trusted Zone: http://www.isabel.be (HKLM)
O15 - Trusted Zone: http://upgrade.isabel.eu (HKLM)
O15 - Trusted Zone: http://www.isabel.eu (HKLM)
O15 - Trusted Zone: http://kbc-pdf.kbc.be (HKLM)
O15 - Trusted Zone: http://static.kbc.be (HKLM)
O15 - Trusted Zone: http://www.kbcam.be (HKLM)
O15 - Trusted Zone: http://www.kbcam.com (HKLM)
O15 - Trusted Zone: http://www.kbcmerchantbanking.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
O23 - Service: AV Watch Service - Preventon Technologies Limited - C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Suite Service - Unknown owner - C:\Program Files (x86)\Fighters\FighterSuiteService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 14872 bytes
Hallo,
Kan je kijken waar je virusscanner win32:Agent-APTY.vind?
Download TDSSKStarter naar het bureaublad.
"TDSSKStarter.exe" gebruiken:
Sluit nu eerst alle nog openstaande programmavensters!
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met TDSSKStarter.exe
(hier of hier) kan je lezen hoe je dat doet.
Windows Vista en Windows 7: start de tool middels rechtsklik op "TDSSKStarter.exe" en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.
Gr.Ben
het path is C:\WINDOWS\SysWOW64
18:57:39.0602 5956 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:57:40.0070 5956 ============================================================
18:57:40.0070 5956 Current date / time: 2012/09/19 18:57:40.0070
18:57:40.0070 5956 SystemInfo:
18:57:40.0070 5956
18:57:40.0070 5956 OS Version: 6.1.7601 ServicePack: 1.0
18:57:40.0070 5956 Product type: Workstation
18:57:40.0070 5956 ComputerName: KOENLENAERS-PC
18:57:40.0070 5956 UserName: Koen Lenaers
18:57:40.0070 5956 Windows directory: C:\Windows
18:57:40.0070 5956 System windows directory: C:\Windows
18:57:40.0070 5956 Running under WOW64
18:57:40.0070 5956 Processor architecture: Intel x64
18:57:40.0070 5956 Number of processors: 4
18:57:40.0070 5956 Page size: 0x1000
18:57:40.0070 5956 Boot type: Normal boot
18:57:40.0070 5956 ============================================================
18:57:43.0471 5956 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000040
18:57:43.0502 5956 ============================================================
18:57:43.0502 5956 \Device\Harddisk0\DR0:
18:57:43.0502 5956 MBR partitions:
18:57:43.0502 5956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE05A000
18:57:43.0502 5956 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE05A800, BlocksNum 0x19A5800
18:57:43.0534 5956 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xFA00800, BlocksNum 0x4F200000
18:57:43.0565 5956 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x5EC01000, BlocksNum 0x4FE86000
18:57:43.0565 5956 ============================================================
18:57:43.0612 5956 C: <-> \Device\Harddisk0\DR0\Partition1
18:57:43.0658 5956 D: <-> \Device\Harddisk0\DR0\Partition3
18:57:43.0768 5956 E: <-> \Device\Harddisk0\DR0\Partition4
18:57:43.0814 5956 F: <-> \Device\Harddisk0\DR0\Partition2
18:57:43.0814 5956 ============================================================
18:57:43.0814 5956 Initialize success
18:57:43.0814 5956 ============================================================
18:57:43.0908 4984 ============================================================
18:57:43.0908 4984 Scan started
18:57:43.0908 4984 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
18:57:43.0908 4984 ============================================================
18:57:46.0451 4984 ================ Scan system memory ========================
18:57:46.0451 4984 ================ Scan services =============================
18:57:46.0763 4984 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:57:47.0543 4984 ACPI C:\Windows\system32\drivers\ACPI.sys
18:57:47.0652 4984 AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:57:47.0839 4984 ACSSCR C:\Windows\system32\DRIVERS\a38usb.sys
18:57:48.0104 4984 AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:57:48.0307 4984 AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:57:48.0416 4984 adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:57:48.0479 4984 adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:57:48.0526 4984 adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:57:48.0588 4984 AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:57:48.0775 4984 AFD C:\Windows\system32\drivers\afd.sys
18:57:48.0900 4984 agp440 C:\Windows\system32\drivers\agp440.sys
18:57:48.0978 4984 aksdf C:\Windows\system32\drivers\aksdf.sys
18:57:49.0072 4984 aksfridge C:\Windows\system32\drivers\aksfridge.sys
18:57:49.0150 4984 akshasp C:\Windows\system32\DRIVERS\akshasp.sys
18:57:49.0274 4984 aksusb C:\Windows\system32\DRIVERS\aksusb.sys
18:57:49.0399 4984 ALG C:\Windows\System32\alg.exe
18:57:49.0493 4984 aliide C:\Windows\system32\drivers\aliide.sys
18:57:49.0540 4984 amdide C:\Windows\system32\drivers\amdide.sys
18:57:49.0602 4984 AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:57:49.0680 4984 AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:57:49.0742 4984 amdsata C:\Windows\system32\drivers\amdsata.sys
18:57:49.0789 4984 amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:57:49.0836 4984 amdxata C:\Windows\system32\drivers\amdxata.sys
18:57:49.0914 4984 AppID C:\Windows\system32\drivers\appid.sys
18:57:50.0117 4984 AppIDSvc C:\Windows\System32\appidsvc.dll
18:57:50.0257 4984 Appinfo C:\Windows\System32\appinfo.dll
18:57:50.0398 4984 Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:57:50.0476 4984 arc C:\Windows\system32\DRIVERS\arc.sys
18:57:50.0507 4984 arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:57:50.0569 4984 AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:57:50.0663 4984 atapi C:\Windows\system32\drivers\atapi.sys
18:57:50.0866 4984 AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:57:50.0959 4984 AudioSrv C:\Windows\System32\Audiosrv.dll
18:57:51.0069 4984 AV Engine Scanning Service C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
18:57:51.0178 4984 AV Watch Service C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe
18:57:51.0240 4984 AVFSFilter C:\Windows\system32\DRIVERS\avfsfilter.sys
18:57:51.0381 4984 AVKProxy C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
18:57:51.0521 4984 AVKService C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
18:57:51.0630 4984 AVKWCtl C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
18:57:51.0739 4984 AxInstSV C:\Windows\System32\AxInstSV.dll
18:57:51.0880 4984 b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:57:52.0005 4984 b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:57:52.0083 4984 BDESVC C:\Windows\System32\bdesvc.dll
18:57:52.0161 4984 Beep C:\Windows\system32\drivers\Beep.sys
18:57:52.0379 4984 BFE C:\Windows\System32\bfe.dll
18:57:52.0551 4984 BITS C:\Windows\system32\qmgr.dll
18:57:52.0831 4984 blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:57:53.0003 4984 Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:57:53.0081 4984 bowser C:\Windows\system32\DRIVERS\bowser.sys
18:57:53.0159 4984 BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:57:53.0237 4984 BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:57:53.0299 4984 BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:57:53.0393 4984 Browser C:\Windows\System32\browser.dll
18:57:53.0471 4984 Brserid C:\Windows\System32\Drivers\Brserid.sys
18:57:53.0549 4984 BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:57:53.0611 4984 BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:57:53.0658 4984 BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:57:53.0752 4984 BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:57:53.0877 4984 bthserv C:\Windows\system32\bthserv.dll
18:57:53.0986 4984 cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:57:54.0095 4984 cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:57:54.0204 4984 CertPropSvc C:\Windows\System32\certprop.dll
18:57:54.0267 4984 circlass C:\Windows\system32\DRIVERS\circlass.sys
18:57:54.0345 4984 CLFS C:\Windows\system32\CLFS.sys
18:57:54.0438 4984 clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:57:54.0532 4984 clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:57:54.0672 4984 clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:57:54.0735 4984 clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:57:54.0781 4984 CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:57:54.0844 4984 cmdide C:\Windows\system32\drivers\cmdide.sys
18:57:54.0906 4984 CNG C:\Windows\system32\Drivers\cng.sys
18:57:55.0047 4984 Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:57:55.0078 4984 CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:57:55.0156 4984 crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:57:55.0203 4984 CryptSvc C:\Windows\system32\cryptsvc.dll
18:57:55.0312 4984 DcomLaunch C:\Windows\system32\rpcss.dll
18:57:55.0499 4984 defragsvc C:\Windows\System32\defragsvc.dll
18:57:55.0593 4984 DfsC C:\Windows\system32\Drivers\dfsc.sys
18:57:55.0671 4984 DFUBTUSB C:\Windows\system32\Drivers\frmupgr.sys
18:57:55.0717 4984 Dhcp C:\Windows\system32\dhcpcore.dll
18:57:55.0795 4984 discache C:\Windows\system32\drivers\discache.sys
18:57:55.0858 4984 Disk C:\Windows\system32\DRIVERS\disk.sys
18:57:55.0936 4984 DLABMFSE C:\Windows\system32\DLA\DLABMFSE.SYS
18:57:55.0998 4984 DLABOIOE C:\Windows\system32\DLA\DLABOIOE.SYS
18:57:56.0014 4984 DLACDBHE C:\Windows\system32\Drivers\DLACDBHE.SYS
18:57:56.0045 4984 DLADResE C:\Windows\system32\DLA\DLADResE.SYS
18:57:56.0076 4984 DLAIFS_E C:\Windows\system32\DLA\DLAIFS_E.SYS
18:57:56.0107 4984 DLAOPIOE C:\Windows\system32\DLA\DLAOPIOE.SYS
18:57:56.0139 4984 DLAPoolE C:\Windows\system32\DLA\DLAPoolE.SYS
18:57:56.0154 4984 DLARTL_E C:\Windows\system32\Drivers\DLARTL_E.SYS
18:57:56.0185 4984 DLAUDFAE C:\Windows\system32\DLA\DLAUDFAE.SYS
18:57:56.0217 4984 DLAUDF_E C:\Windows\system32\DLA\DLAUDF_E.SYS
18:57:56.0263 4984 Dnscache C:\Windows\System32\dnsrslvr.dll
18:57:56.0419 4984 dot3svc C:\Windows\System32\dot3svc.dll
18:57:56.0529 4984 DPS C:\Windows\system32\dps.dll
18:57:56.0622 4984 drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:57:56.0653 4984 DRVECDB C:\Windows\system32\Drivers\DRVECDB.SYS
18:57:56.0685 4984 DRVEDDM C:\Windows\system32\Drivers\DRVEDDM.SYS
18:57:56.0763 4984 DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:57:56.0872 4984 e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
18:57:56.0934 4984 EapHost C:\Windows\System32\eapsvc.dll
18:57:57.0121 4984 ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:57:57.0231 4984 EFS C:\Windows\System32\lsass.exe
18:57:57.0340 4984 ehRecvr C:\Windows\ehome\ehRecvr.exe
18:57:57.0449 4984 ehSched C:\Windows\ehome\ehsched.exe
18:57:57.0558 4984 elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:57:57.0636 4984 ErrDev C:\Windows\system32\drivers\errdev.sys
18:57:57.0699 4984 EventSystem C:\Windows\system32\es.dll
18:57:57.0761 4984 exfat C:\Windows\system32\drivers\exfat.sys
18:57:57.0808 4984 fastfat C:\Windows\system32\drivers\fastfat.sys
18:57:57.0948 4984 Fax C:\Windows\system32\fxssvc.exe
18:57:58.0042 4984 fdc C:\Windows\system32\DRIVERS\fdc.sys
18:57:58.0104 4984 fdPHost C:\Windows\system32\fdPHost.dll
18:57:58.0167 4984 FDResPub C:\Windows\system32\fdrespub.dll
18:57:58.0229 4984 FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:57:58.0245 4984 Filetrace C:\Windows\system32\drivers\filetrace.sys
18:57:58.0323 4984 flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:57:58.0369 4984 FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:57:58.0432 4984 FontCache C:\Windows\system32\FntCache.dll
18:57:58.0525 4984 FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:57:58.0572 4984 FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:57:58.0635 4984 Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:57:58.0666 4984 fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:57:58.0713 4984 gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:57:58.0806 4984 GDBehave C:\Windows\system32\drivers\GDBehave.sys
18:57:58.0884 4984 GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
18:57:58.0978 4984 GdNetMon C:\Windows\system32\drivers\GdNetMon64.sys
18:57:59.0056 4984 GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
18:57:59.0149 4984 GDScan C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
18:57:59.0212 4984 gdwfpcd C:\Windows\system32\drivers\gdwfpcd64.sys
18:57:59.0274 4984 GearAspiWDM C:\Windows\system32\drivers\GEARAspiWDM.sys
18:57:59.0337 4984 ghsmdm C:\Windows\system32\DRIVERS\ghsmdm.sys
18:57:59.0399 4984 gpsvc C:\Windows\System32\gpsvc.dll
18:57:59.0539 4984 GRD C:\Windows\system32\drivers\GRD.sys
18:57:59.0649 4984 gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:57:59.0695 4984 gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:57:59.0742 4984 hardlock C:\Windows\system32\drivers\hardlock.sys
18:57:59.0805 4984 hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:57:59.0883 4984 HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:57:59.0992 4984 HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:58:00.0117 4984 HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:58:00.0195 4984 HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:58:00.0273 4984 HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:58:00.0335 4984 hidserv C:\Windows\System32\hidserv.dll
18:58:00.0413 4984 HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:58:00.0460 4984 hkmsvc C:\Windows\system32\kmsvc.dll
18:58:00.0569 4984 HomeGroupListener C:\Windows\system32\ListSvc.dll
18:58:00.0678 4984 HomeGroupProvider C:\Windows\system32\provsvc.dll
18:58:00.0772 4984 HookCentre C:\Windows\system32\drivers\HookCentre.sys
18:58:00.0865 4984 HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:58:00.0943 4984 HPSIService C:\Windows\system32\HPSIsvc.exe
18:58:01.0021 4984 HTTP C:\Windows\system32\drivers\HTTP.sys
18:58:01.0115 4984 hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:58:01.0177 4984 i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:58:01.0240 4984 iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:58:01.0333 4984 IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:58:01.0349 4984 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:58:01.0349 4984 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:58:01.0380 4984 idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:58:01.0443 4984 iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:58:01.0474 4984 IKEEXT C:\Windows\System32\ikeext.dll
18:58:01.0536 4984 intelide C:\Windows\system32\drivers\intelide.sys
18:58:01.0567 4984 intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:58:01.0630 4984 IPBusEnum C:\Windows\system32\ipbusenum.dll
18:58:01.0739 4984 IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:58:01.0879 4984 iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:58:01.0989 4984 IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:58:02.0051 4984 IPNAT C:\Windows\system32\drivers\ipnat.sys
18:58:02.0145 4984 iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:58:02.0223 4984 IRENUM C:\Windows\system32\drivers\irenum.sys
18:58:02.0301 4984 isapnp C:\Windows\system32\drivers\isapnp.sys
18:58:02.0332 4984 iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:58:02.0379 4984 kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:58:02.0425 4984 kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:58:02.0519 4984 KeyIso C:\Windows\system32\lsass.exe
18:58:02.0566 4984 KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:58:02.0644 4984 KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:58:02.0691 4984 ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:58:02.0769 4984 KtmRm C:\Windows\system32\msdtckrm.dll
18:58:02.0862 4984 LanmanServer C:\Windows\System32\srvsvc.dll
18:58:02.0956 4984 LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:58:03.0065 4984 LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:58:03.0127 4984 lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:58:03.0221 4984 lltdsvc C:\Windows\System32\lltdsvc.dll
18:58:03.0283 4984 lmhosts C:\Windows\System32\lmhsvc.dll
18:58:03.0346 4984 LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:58:03.0393 4984 LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:58:03.0439 4984 LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:58:03.0471 4984 LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:58:03.0502 4984 LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:58:03.0549 4984 luafv C:\Windows\system32\drivers\luafv.sys
18:58:03.0627 4984 massfilter_hs C:\Windows\system32\drivers\massfilter_hs.sys
18:58:03.0689 4984 Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:58:03.0736 4984 megasas C:\Windows\system32\DRIVERS\megasas.sys
18:58:03.0798 4984 MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:58:03.0892 4984 Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:58:04.0001 4984 MMCSS C:\Windows\system32\mmcss.dll
18:58:04.0063 4984 Modem C:\Windows\system32\drivers\modem.sys
18:58:04.0141 4984 monitor C:\Windows\system32\DRIVERS\monitor.sys
18:58:04.0251 4984 mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:58:04.0313 4984 mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:58:04.0391 4984 mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:58:04.0469 4984 MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:58:04.0531 4984 mpio C:\Windows\system32\drivers\mpio.sys
18:58:04.0578 4984 mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:58:04.0656 4984 MpsSvc C:\Windows\system32\mpssvc.dll
18:58:04.0765 4984 MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:58:04.0828 4984 mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:58:04.0921 4984 mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:58:04.0968 4984 mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:58:04.0999 4984 msahci C:\Windows\system32\drivers\msahci.sys
18:58:05.0046 4984 msdsm C:\Windows\system32\drivers\msdsm.sys
18:58:05.0077 4984 MSDTC C:\Windows\System32\msdtc.exe
18:58:05.0155 4984 Msfs C:\Windows\system32\drivers\Msfs.sys
18:58:05.0202 4984 mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:58:05.0296 4984 msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:58:05.0327 4984 MSiSCSI C:\Windows\system32\iscsiexe.dll
18:58:05.0389 4984 MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:58:05.0467 4984 MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:58:05.0530 4984 MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:58:05.0639 4984 MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:58:05.0701 4984 mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:58:05.0717 4984 MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:58:05.0779 4984 MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:58:05.0826 4984 Mup C:\Windows\system32\Drivers\mup.sys
18:58:05.0873 4984 napagent C:\Windows\system32\qagentRT.dll
18:58:05.0951 4984 NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:58:06.0045 4984 NDIS C:\Windows\system32\drivers\ndis.sys
18:58:06.0107 4984 NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:58:06.0185 4984 NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:58:06.0279 4984 Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:58:06.0341 4984 NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:58:06.0435 4984 NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:58:06.0481 4984 NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:58:06.0559 4984 NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:58:06.0637 4984 Netlogon C:\Windows\system32\lsass.exe
18:58:06.0684 4984 Netman C:\Windows\System32\netman.dll
18:58:06.0731 4984 netprofm C:\Windows\System32\netprofm.dll
18:58:06.0809 4984 NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:58:06.0856 4984 nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:58:06.0903 4984 NlaSvc C:\Windows\System32\nlasvc.dll
18:58:06.0965 4984 Npfs C:\Windows\system32\drivers\Npfs.sys
18:58:07.0027 4984 nsi C:\Windows\system32\nsisvc.dll
18:58:07.0074 4984 nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:58:07.0183 4984 Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:58:07.0261 4984 Null C:\Windows\system32\drivers\Null.sys
18:58:07.0480 4984 nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:58:07.0714 4984 nvraid C:\Windows\system32\drivers\nvraid.sys
18:58:07.0776 4984 nvstor C:\Windows\system32\drivers\nvstor.sys
18:58:07.0870 4984 nvsvc C:\Windows\system32\nvvsvc.exe
18:58:07.0948 4984 nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:58:08.0057 4984 odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:58:08.0119 4984 ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:58:08.0166 4984 ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:58:08.0229 4984 p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:58:08.0307 4984 p2psvc C:\Windows\system32\p2psvc.dll
18:58:08.0369 4984 Parport C:\Windows\system32\DRIVERS\parport.sys
18:58:08.0416 4984 partmgr C:\Windows\system32\drivers\partmgr.sys
18:58:08.0447 4984 PcaSvc C:\Windows\System32\pcasvc.dll
18:58:08.0494 4984 pci C:\Windows\system32\drivers\pci.sys
18:58:08.0541 4984 pciide C:\Windows\system32\drivers\pciide.sys
18:58:08.0572 4984 pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:58:08.0619 4984 pcw C:\Windows\system32\drivers\pcw.sys
18:58:08.0650 4984 PEAUTH C:\Windows\system32\drivers\peauth.sys
18:58:08.0775 4984 PerfHost C:\Windows\SysWow64\perfhost.exe
18:58:08.0884 4984 pla C:\Windows\system32\pla.dll
18:58:09.0024 4984 PlugPlay C:\Windows\system32\umpnpmgr.dll
18:58:09.0087 4984 PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:58:09.0133 4984 PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:58:09.0196 4984 PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:58:09.0258 4984 Power C:\Windows\system32\umpo.dll
18:58:09.0321 4984 PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:58:09.0383 4984 Processor C:\Windows\system32\DRIVERS\processr.sys
18:58:09.0430 4984 ProfSvc C:\Windows\system32\profsvc.dll
18:58:09.0492 4984 ProtectedStorage C:\Windows\system32\lsass.exe
18:58:09.0570 4984 Psched C:\Windows\system32\DRIVERS\pacer.sys
18:58:09.0695 4984 PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:58:09.0804 4984 ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:58:09.0882 4984 ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:58:09.0913 4984 QWAVE C:\Windows\system32\qwave.dll
18:58:09.0960 4984 QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:58:10.0023 4984 RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:58:10.0147 4984 RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:58:10.0210 4984 RasAuto C:\Windows\System32\rasauto.dll
18:58:10.0257 4984 Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:58:10.0366 4984 RasMan C:\Windows\System32\rasmans.dll
18:58:10.0428 4984 RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:58:10.0475 4984 RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:58:10.0522 4984 rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:58:10.0584 4984 rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:58:10.0631 4984 RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:58:10.0678 4984 RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:58:10.0725 4984 RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:58:10.0771 4984 RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:58:10.0865 4984 rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:58:10.0927 4984 RemoteAccess C:\Windows\System32\mprdim.dll
18:58:10.0990 4984 RemoteRegistry C:\Windows\system32\regsvc.dll
18:58:11.0130 4984 Roxio UPnP Renderer 9 C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
18:58:11.0193 4984 Roxio Upnp Server 9 C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe
18:58:11.0271 4984 RoxLiveShare9 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
18:58:11.0286 4984 RoxLiveShare9 ( UnsignedFile.Multi.Generic ) - warning
18:58:11.0286 4984 RoxLiveShare9 - detected UnsignedFile.Multi.Generic (1)
18:58:11.0317 4984 RoxMediaDB9 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
18:58:11.0349 4984 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
18:58:11.0349 4984 RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
18:58:11.0364 4984 RoxWatch9 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
18:58:11.0380 4984 RoxWatch9 ( UnsignedFile.Multi.Generic ) - warning
18:58:11.0380 4984 RoxWatch9 - detected UnsignedFile.Multi.Generic (1)
18:58:11.0395 4984 RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:58:11.0489 4984 RpcLocator C:\Windows\system32\locator.exe
18:58:11.0629 4984 RpcSs C:\Windows\system32\rpcss.dll
18:58:11.0739 4984 rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:58:11.0863 4984 RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:58:11.0910 4984 RxFilter C:\Windows\system32\DRIVERS\RxFilter.sys
18:58:11.0926 4984 RxFilter ( UnsignedFile.Multi.Generic ) - warning
18:58:11.0926 4984 RxFilter - detected UnsignedFile.Multi.Generic (1)
18:58:11.0941 4984 SamSs C:\Windows\system32\lsass.exe
18:58:12.0004 4984 sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:58:12.0066 4984 SCardSvr C:\Windows\System32\SCardSvr.dll
18:58:12.0144 4984 scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:58:12.0253 4984 Schedule C:\Windows\system32\schedsvc.dll
18:58:12.0378 4984 SCPolicySvc C:\Windows\System32\certprop.dll
18:58:12.0441 4984 ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
18:58:12.0519 4984 SDRSVC C:\Windows\System32\SDRSVC.dll
18:58:12.0581 4984 secdrv C:\Windows\system32\drivers\secdrv.sys
18:58:12.0690 4984 seclogon C:\Windows\system32\seclogon.dll
18:58:12.0737 4984 SENS C:\Windows\system32\sens.dll
18:58:12.0831 4984 SensrSvc C:\Windows\system32\sensrsvc.dll
18:58:12.0924 4984 Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:58:12.0987 4984 Serial C:\Windows\system32\DRIVERS\serial.sys
18:58:13.0018 4984 sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:58:13.0096 4984 SessionEnv C:\Windows\system32\sessenv.dll
18:58:13.0205 4984 sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:58:13.0252 4984 sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:58:13.0361 4984 sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:58:13.0408 4984 sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:58:13.0470 4984 SharedAccess C:\Windows\System32\ipnathlp.dll
18:58:13.0564 4984 ShellHWDetection C:\Windows\System32\shsvcs.dll
18:58:13.0626 4984 SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:58:13.0673 4984 SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:58:13.0735 4984 SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:58:13.0767 4984 Smb C:\Windows\system32\DRIVERS\smb.sys
18:58:13.0845 4984 SNMPTRAP C:\Windows\System32\snmptrap.exe
18:58:13.0907 4984 spldr C:\Windows\system32\drivers\spldr.sys
18:58:14.0001 4984 Spooler C:\Windows\System32\spoolsv.exe
18:58:14.0188 4984 sppsvc C:\Windows\system32\sppsvc.exe
18:58:14.0297 4984 sppuinotify C:\Windows\system32\sppuinotify.dll
18:58:14.0391 4984 srv C:\Windows\system32\DRIVERS\srv.sys
18:58:14.0500 4984 srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:58:14.0578 4984 srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:58:14.0640 4984 SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:58:14.0703 4984 SstpSvc C:\Windows\system32\sstpsvc.dll
18:58:14.0843 4984 Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:58:14.0905 4984 stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:58:14.0968 4984 stisvc C:\Windows\System32\wiaservc.dll
18:58:15.0061 4984 stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
18:58:15.0061 4984 stllssvr ( UnsignedFile.Multi.Generic ) - warning
18:58:15.0061 4984 stllssvr - detected UnsignedFile.Multi.Generic (1)
18:58:15.0124 4984 swenum C:\Windows\system32\drivers\swenum.sys
18:58:15.0171 4984 swprv C:\Windows\System32\swprv.dll
18:58:15.0295 4984 SysMain C:\Windows\system32\sysmain.dll
18:58:15.0405 4984 TabletInputService C:\Windows\System32\TabSvc.dll
18:58:15.0467 4984 TapiSrv C:\Windows\System32\tapisrv.dll
18:58:15.0576 4984 TBS C:\Windows\System32\tbssvc.dll
18:58:15.0748 4984 Tcpip C:\Windows\system32\drivers\tcpip.sys
18:58:15.0841 4984 TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:58:15.0888 4984 tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:58:15.0966 4984 TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:58:16.0044 4984 TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:58:16.0122 4984 tdx C:\Windows\system32\DRIVERS\tdx.sys
18:58:16.0185 4984 TermDD C:\Windows\system32\drivers\termdd.sys
18:58:16.0231 4984 TermService C:\Windows\System32\termsrv.dll
18:58:16.0309 4984 Themes C:\Windows\system32\themeservice.dll
18:58:16.0356 4984 THREADORDER C:\Windows\system32\mmcss.dll
18:58:16.0419 4984 TrkWks C:\Windows\System32\trkwks.dll
18:58:16.0512 4984 TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:58:16.0621 4984 tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:58:16.0684 4984 TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:58:16.0777 4984 tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:58:16.0871 4984 uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:58:16.0918 4984 udfs C:\Windows\system32\DRIVERS\udfs.sys
18:58:16.0980 4984 UI0Detect C:\Windows\system32\UI0Detect.exe
18:58:17.0027 4984 uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:58:17.0105 4984 umbus C:\Windows\system32\DRIVERS\umbus.sys
18:58:17.0183 4984 UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:58:17.0245 4984 upnphost C:\Windows\System32\upnphost.dll
18:58:17.0355 4984 USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:58:17.0370 4984 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
18:58:17.0370 4984 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
18:58:17.0401 4984 usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:58:17.0495 4984 usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:58:17.0573 4984 usbcir C:\Windows\system32\drivers\usbcir.sys
18:58:17.0667 4984 usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:58:17.0760 4984 usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:58:17.0901 4984 usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:58:17.0963 4984 usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:58:18.0025 4984 USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:58:18.0072 4984 usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:58:18.0135 4984 UxSms C:\Windows\System32\uxsms.dll
18:58:18.0213 4984 VaultSvc C:\Windows\system32\lsass.exe
18:58:18.0259 4984 VCSVADHWSer C:\Windows\system32\DRIVERS\vcsvad.sys
18:58:18.0322 4984 vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:58:18.0384 4984 vds C:\Windows\System32\vds.exe
18:58:18.0493 4984 vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:58:18.0525 4984 VgaSave C:\Windows\System32\drivers\vga.sys
18:58:18.0587 4984 vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:58:18.0634 4984 viaide C:\Windows\system32\drivers\viaide.sys
18:58:18.0665 4984 volmgr C:\Windows\system32\drivers\volmgr.sys
18:58:18.0727 4984 volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:58:18.0790 4984 volsnap C:\Windows\system32\drivers\volsnap.sys
18:58:18.0837 4984 vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:58:18.0946 4984 VSS C:\Windows\system32\vssvc.exe
18:58:19.0039 4984 vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:58:19.0102 4984 W32Time C:\Windows\system32\w32time.dll
18:58:19.0195 4984 WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:58:19.0273 4984 WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:58:19.0320 4984 Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:58:19.0429 4984 WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:58:19.0523 4984 wbengine C:\Windows\system32\wbengine.exe
18:58:19.0601 4984 WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:58:19.0663 4984 wcncsvc C:\Windows\System32\wcncsvc.dll
18:58:19.0710 4984 WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:58:19.0788 4984 Wd C:\Windows\system32\DRIVERS\wd.sys
18:58:19.0835 4984 Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:58:19.0866 4984 WdiServiceHost C:\Windows\system32\wdi.dll
18:58:19.0975 4984 WdiSystemHost C:\Windows\system32\wdi.dll
18:58:20.0038 4984 WebClient C:\Windows\System32\webclnt.dll
18:58:20.0163 4984 Wecsvc C:\Windows\system32\wecsvc.dll
18:58:20.0241 4984 wercplsupport C:\Windows\System32\wercplsupport.dll
18:58:20.0303 4984 WerSvc C:\Windows\System32\WerSvc.dll
18:58:20.0365 4984 WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:58:20.0459 4984 WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
18:58:20.0490 4984 WIMMount C:\Windows\system32\drivers\wimmount.sys
18:58:20.0568 4984 Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:58:20.0677 4984 WinRM C:\Windows\system32\WsmSvc.dll
18:58:20.0787 4984 WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:58:20.0849 4984 Wlansvc C:\Windows\System32\wlansvc.dll
18:58:20.0989 4984 wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:58:21.0067 4984 WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:58:21.0114 4984 wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:58:21.0161 4984 WPCSvc C:\Windows\System32\wpcsvc.dll
18:58:21.0223 4984 WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:58:21.0286 4984 ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:58:21.0411 4984 wscsvc C:\Windows\system32\wscsvc.dll
18:58:21.0473 4984 WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
18:58:21.0613 4984 wuauserv C:\Windows\system32\wuaueng.dll
18:58:21.0691 4984 WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:58:21.0769 4984 WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:58:21.0863 4984 wudfsvc C:\Windows\System32\WUDFSvc.dll
18:58:21.0972 4984 WwanSvc C:\Windows\System32\wwansvc.dll
18:58:22.0035 4984 ================ Scan global ===============================
18:58:22.0066 4984 C:\Windows\system32\basesrv.dll
18:58:22.0113 4984 C:\Windows\system32\winsrv.dll
18:58:22.0128 4984 C:\Windows\system32\winsrv.dll
18:58:22.0144 4984 C:\Windows\system32\sxssrv.dll
18:58:22.0175 4984 C:\Windows\system32\services.exe
18:58:22.0175 4984 ================ Scan MBR ==================================
18:58:22.0191 4984 \Device\Harddisk0\DR0
18:58:22.0549 4984 ================ Scan VBR ==================================
18:58:22.0549 4984 \Device\Harddisk0\DR0\Partition1
18:58:22.0596 4984 \Device\Harddisk0\DR0\Partition2
18:58:22.0612 4984 \Device\Harddisk0\DR0\Partition3
18:58:22.0659 4984 \Device\Harddisk0\DR0\Partition4
18:58:22.0659 4984 ================ Scan UEFI extensions ======================
18:58:22.0659 4984 ================ Scan active images ========================
18:58:22.0659 4984 ============================================================
18:58:22.0659 4984 Scan finished
18:58:22.0659 4984 ============================================================
18:58:23.0485 4084 Deinitialize success
.
==============================================
System Restore Point Check:
.
TDSSKiller Starter Restore Point Created Succesfully
==============================================
.
==============================================
C:\TDSSStarter\Report_20120409_1624_.log
==============================================
Registry Export
.
==============================================
EOF
Hallo,
We gaan verder kijken.
Download ComboFix van >>Hier<<, tevens kunt u daar lezen hoe u Combofix dient te gebruiken.
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
*. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
Hier is een handleiding over hoe je ze kan uitschakelen: hier of hier
*. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
*. Dubbelklik op “Combofix.exe” om de tool te starten.
*. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de ‘tool’ vastlopen.
* Noot !!! Als er een error wordt getoond met de melding “Illegal operation attempted on a registery key that has been marked for deletion”, herstart dan de computer.
*. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Gr.Ben
ComboFix 12-09-18.07 - Koen Lenaers 19/09/2012 19:31:09.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4086.2746
Gestart vanuit: c:\users\Koen Lenaers\Downloads\ComboFix.exe
AV: G Data AntiVirus 2012 *Enabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
SP: G Data AntiVirus 2012 *Enabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
c:\windows\TEMP\4s0x6ky8.vbt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-08-19 to 2012-09-19 ))))))))))))))))))))))))))))))
.
.
2012-09-19 17:36 . 2012-09-19 17:36 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-09-19 17:36 . 2012-09-19 17:36 ——– d—–w- c:\users\Administrator\AppData\Local\temp
2012-09-18 17:34 . 2012-09-18 17:34 ——– d—–w- c:\program files (x86)\ESET
2012-09-18 17:04 . 2012-08-21 11:01 33240 —-a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-18 17:03 . 2012-09-18 17:04 ——– d—–w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-18 17:03 . 2012-09-18 17:04 ——– d—–w- c:\program files\iTunes
2012-09-18 17:03 . 2012-09-18 17:04 ——– d—–w- c:\program files (x86)\iTunes
2012-09-18 17:03 . 2012-09-18 17:03 ——– d—–w- c:\program files\iPod
2012-09-15 08:16 . 2012-09-16 09:19 ——– d—–w- c:\program files (x86)\Common Files\Overwolf
2012-09-13 15:24 . 2012-09-13 15:24 ——– d—–w- c:\programdata\Overwolf
2012-09-12 15:31 . 2012-08-22 18:12 950128 —-a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 15:31 . 2012-07-04 20:26 41472 —-a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 15:31 . 2012-08-02 17:58 574464 —-a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 15:31 . 2012-08-22 18:12 1913200 —-a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 15:31 . 2012-08-22 18:12 376688 —-a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 15:31 . 2012-08-22 18:12 288624 —-a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 15:31 . 2012-08-02 16:57 490496 —-a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-06 14:12 . 2012-09-19 17:39 ——– d—–w- c:\users\Koen Lenaers\AppData\Local\Temp
2012-09-05 09:42 . 2012-09-05 09:42 ——– d—–w- c:\windows\SysWow64\wbem\en-US
2012-09-05 09:42 . 2012-09-05 09:42 ——– d—–w- c:\windows\system32\wbem\en-US
2012-09-04 19:52 . 2012-09-04 19:53 ——– d—–w- c:\programdata\Battle.net
2012-09-04 14:23 . 2012-09-19 17:16 ——– d—–w- C:\TDSSStarter
2012-09-02 14:33 . 2012-09-19 16:27 ——– d—–w- C:\hijackthis
2012-09-02 13:04 . 2012-09-02 13:04 ——– d—–w- c:\users\Koen Lenaers\AppData\Local\G DATA
2012-09-01 13:48 . 2012-09-07 22:12 73696 —-a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-01 12:06 . 2012-09-12 15:26 ——– d—–w- c:\users\Koen Lenaers\AppData\Local\Overwolf
2012-09-01 09:18 . 2012-09-01 09:18 ——– d—–w- c:\users\Koen Lenaers\AppData\Roaming\dvdcss
2012-08-24 11:39 . 2012-08-01 22:58 9309624 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A667B630-2170-4175-A190-9E977B549203}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-18 17:32 . 2010-01-19 09:02 106488 —-a-w- c:\windows\system32\drivers\GRD.sys
2012-09-12 22:25 . 2010-01-20 10:28 64462936 —-a-w- c:\windows\system32\MRT.exe
2012-09-07 15:04 . 2011-10-02 07:49 25928 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 18:24 . 2012-06-16 09:41 477168 —-a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-28 18:24 . 2010-05-03 07:27 473072 —-a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-25 07:18 . 2012-04-02 16:05 696520 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-25 07:18 . 2011-05-14 08:56 73416 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 11:01 . 2010-01-23 14:56 125872 —-a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2010-01-23 14:56 106928 —-a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-23 14:15 . 2010-01-20 13:41 704136 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-18 18:15 . 2012-08-15 10:39 3148800 —-a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 10:39 73216 —-a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 10:39 59392 —-a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 10:39 136704 —-a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 10:39 41984 —-a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 94208 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 94208 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 94208 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“Steam”=“c:\program files (x86)\Valve\Steam\\Steam.exe”
“DDAssist”=“c:\program files (x86)\Drobo\Drobo Dashboard\DDAssist.exe”
“MobileDocuments”=“c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe”
“Facebook Update”=“c:\users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe”
“Spotify”=“c:\users\Koen Lenaers\AppData\Roaming\Spotify\Spotify.exe”
“Spotify Web Helper”=“c:\users\Koen Lenaers\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe”
“iCloudServices”=“c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe”
“ApplePhotoStreams”=“c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe”
.
“RoxWatchTray”=“c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
“DMXLauncher”=“c:\program files (x86)\Roxio\Media Experience\DMXLauncher.exe”
“RoxioDragToDisc”=“c:\program files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe”
“GrooveMonitor”=“c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
“beid”=“c:\program files (x86)\Belgium Identity Card\beid35gui.exe”
“G Data AntiVirus Tray Application”=“c:\program files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe”
“Razer Imperator Driver”=“c:\program files (x86)\Razer\Imperator\RazerImperatorSysTray.exe”
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“APSDaemon”=“c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“QuickTime Task”=“c:\program files (x86)\QuickTime\QTTask.exe”
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
“iTunesHelper”=“c:\program files (x86)\iTunes\iTunesHelper.exe”
.
c:\users\Koen Lenaers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\Dropbox.exe
Facebook Messenger.lnk - c:\users\Koen Lenaers\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
SecurityProviders credssp.dll, schannel.dll
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Koen Lenaers\Desktop\Run\a2ddax64.sys
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe
R2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
R3 ATICDSDr;ATICDSDr;c:\users\KOENLE~1\AppData\Local\Temp\ATICDSDr.sys
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys
R3 ghsmdm;Handset USB Modem;c:\windows\system32\DRIVERS\ghsmdm.sys
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys
S1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\AntiVirus\AVK\AVKService.exe
S2 AVKWCtl;G Data Bestandssysteembewaker;c:\program files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS
S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS
S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS
S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys
.
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-09-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001Core.job
- c:\users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
2012-09-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001UA.job
- c:\users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001Core.job
- c:\users\Koen Lenaers\AppData\Local\Google\Update\GoogleUpdate.exe
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001UA.job
- c:\users\Koen Lenaers\AppData\Local\Google\Update\GoogleUpdate.exe
.
.
——— X64 Entries ———–
.
.
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 97792 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 97792 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 97792 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
@=“{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 97792 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”
“Launch LGDCore”=“c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe”
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.blacksheep.be/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: isabel.be
Trusted Zone: kbc.be
Trusted Zone: kbcgroup.eu
Trusted Zone: cbc.be\cbc-pdf
Trusted Zone: cbc.be\cbconline
Trusted Zone: cbc.be\static
Trusted Zone: cbc.be\www
Trusted Zone: cbc.eu\www
Trusted Zone: isabel.be\*.IBS6
Trusted Zone: isabel.be\gotoIBS6
Trusted Zone: isabel.be\pki
Trusted Zone: isabel.be\www
Trusted Zone: isabel.eu\upgrade
Trusted Zone: isabel.eu\www
Trusted Zone: kbc.be\kbc-pdf
Trusted Zone: kbc.be\kbconline
Trusted Zone: kbc.be\static
Trusted Zone: kbc.be\www
Trusted Zone: kbc.com\www
Trusted Zone: kbc.eu\www
Trusted Zone: kbcam.be\www
Trusted Zone: kbcam.com\www
Trusted Zone: kbcbankingforbusiness.com\www
Trusted Zone: kbcgroup.eu\multimediafiles
Trusted Zone: kbcgroup.eu\www
Trusted Zone: kbcmerchantbanking.com\www
TCP: DhcpNameServer = 195.130.130.131 195.130.131.131
FF - ProfilePath - c:\users\Koen Lenaers\AppData\Roaming\Mozilla\Firefox\Profiles\srncyjai.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe
.
.
.
“ImagePath”=“C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe”
.
“ImagePath”=“C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe”
.
“ImagePath”=“C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe”
.
“ImagePath”=“C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (2) (LocalSystem)
“{0124123D-61B4-456F-AF86-78C53A0790C5}”=hex:51,66,7a,6c,4c,1d,38,12,53,11,37,
05,86,2f,01,00,d0,90,3b,85,3f,59,d4,d1
“{18DF081C-E8AD-4283-A596-FA578C2EBDC3}”=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
“{72853161-30C5-4D22-B7F9-0BBC1D38A37E}”=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
“{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}”=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
“{9030D464-4C02-4ABF-8ECC-5164760863C6}”=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
“{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}”=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
“{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}”=hex:51,66,7a,6c,4c,1d,38,12,a1,96,21,
be,df,59,27,0a,e1,83,9a,d9,a5,f3,fb,c8
“{DBC80044-A445-435B-BC74-9C25C1C588A9}”=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
“{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}”=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
“{FF059E31-CC5A-4E2E-BF3B-96E929D65503}”=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
“{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}”=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
@Denied: (2) (LocalSystem)
“Timestamp”=hex:09,b4,7e,5a,ec,93,cd,01
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.11”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
c:\program files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
.
**************************************************************************
.
Voltooingstijd: 2012-09-19 19:43:44 - machine werd herstart
ComboFix-quarantined-files.txt 2012-09-19 17:43
ComboFix2.txt 2012-09-06 15:50
.
Pre-Run: 15.886.311.424 bytes beschikbaar
Post-Run: 15.775.318.016 bytes beschikbaar
.
- - End Of File - - 9C47F48BCBAF8311D2854E6404F461E8
Hallo,
“zoek.exe” gebruiken
Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens gebruik soms als trojan aangezien.
(hier of hier) kan je lezen hoe je dat doet.
Download daarna zoek.exe naar het bureaublad.
Windows Vista en Windows 7: start de tool middels rechtsklik op “zoek.exe” en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande Vet gedrukte en plak die in het grote invulvenster:
iedefaults;
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69;f
emptytemp;
filesrcm;
emptyclsid;
startupall;
emptyjava;
emptyflash;
Sluit nu eerst alle nog openstaande programmavensters!
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht.
Gr.Ben
Zoek.exe Version 3.0.0.3 Updated 18-09-2012
Tool run by Koen Lenaers on wo 19/09/2012 at 20:08:29,94.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running from: C:\Users\Koen Lenaers\AppData\Local\Temp\zoek.exe
==== Set IE to Default ======================
Old Values:
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
“Start Page”=“http://www.blacksheep.be/”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“SearchAssistant”=“http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm”
“CustomizeSearch”=“http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm”
“SearchAssistant”=“http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm”
“CustomizeSearch”=“http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm”
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
“SuggestionsURLFallback”=“http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}”
“FaviconURLFallback”=“http://www.bing.com/favicon.ico”
“FaviconPath”=“C:\\Users\\Koen Lenaers\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico”
“DisplayName”=“Bing”
“URL”=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
“TopResultURLFallback”=“http://www.bing.com/search?q={searchTerms}&src=ie9tr”
New Values:
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“SearchAssistant”=“http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm”
“CustomizeSearch”=“http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm”
“SearchAssistant”=“http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm”
“CustomizeSearch”=“http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm”
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
“SuggestionsURLFallback”=“http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}”
“FaviconPath”=“C:\\Users\\Koen Lenaers\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico”
“DisplayName”=“Bing”
“URL”=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
“TopResultURLFallback”=“http://www.bing.com/search?q={searchTerms}&src=ie9tr”
==== Deleting Files \ Folders ======================
“c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exe” deleted
“c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxAPI.dll” deleted
“c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DifXInst64.exe” deleted
“c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxInstallLog.txt” deleted
“c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi.dll” deleted
“c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi64.dll” deleted
“c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspiWDM.inf” deleted
“c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\gearaspiwdmx64.cat” deleted
“c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64\GEARAspiWDM.sys” deleted
“c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69” deleted
“c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64” deleted
“c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64” deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2012-09-19 17:29:26 F042EE4C8D66248D9B86DCF52ABAE416 256000 —-a-w- C:\Windows\PEV.exe
2012-09-19 17:29:26 9E05A9C264C8A908A8E79450FCBFF047 80412 —-a-w- C:\Windows\grep.exe
2012-09-19 17:29:26 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 —-a-w- C:\Windows\zip.exe
2012-09-19 17:29:26 0297C72529807322B152F517FDB0A9FC 406528 —-a-w- C:\Windows\SWSC.exe
2012-09-19 17:29:26 0277C027A26428DB64EF4F64F52BB4FD 208896 —-a-w- C:\Windows\MBR.exe
====== C:\Users\KOENLE~1\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2012-09-12 15:31:32 54AF46DC37E63E1E85EB619033953309 490496 —-a-w- C:\Windows\SysWOW64\d3d10level9.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2012-09-12 15:31:33 AD976778C4B92F9EC4842295974E9BD9 574464 —-a-w- C:\Windows\Sysnative\d3d10level9.dll
====== C:\Windows\Sysnative\drivers =====
2012-09-18 17:04:27 8E98D21EE06192492A5671A6144D092F 33240 —-a-w- C:\Windows\Sysnative\drivers\GEARAspiWDM.sys
2012-09-12 15:31:34 760E38053BF56E501D562B70AD796B88 950128 —-a-w- C:\Windows\Sysnative\drivers\ndis.sys
2012-09-12 15:31:34 0E01641D96889BDEB22DE12D30575B08 41472 —-a-w- C:\Windows\Sysnative\drivers\RNDISMP.sys
2012-09-12 15:31:32 F782CAD3CEDBB3F9FFE3BF2775D92DDC 1913200 —-a-w- C:\Windows\Sysnative\drivers\tcpip.sys
2012-09-12 15:31:32 910DD6694848872FD3B8F42BAF801D0A 288624 —-a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS
2012-09-12 15:31:32 7942B7AC3FF598F8A1736D51ADAF04E8 376688 —-a-w- C:\Windows\Sysnative\drivers\netio.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2012-09-18 17:03:37 ——– d—–w- C:\Program Files\iTunes
2012-09-18 17:03:37 ——– d—–w- C:\Program Files\iPod
======= C:\Program Files (x86) =====
2012-09-18 17:34:05 ——– d—–w- C:\Program Files (x86)\ESET
2012-09-18 17:03:37 ——– d—–w- C:\Program Files (x86)\iTunes
2012-09-15 08:16:25 ——– d—–w- C:\Program Files (x86)\Common Files\Overwolf
======= C: =====
2012-09-04 13:21:31 F2F43A8AFF58652E2F6CD371CD6A9F4A 1046 —-a-w- C:\AdwCleaner.txt
2012-09-04 13:01:21 EEDB3DED27306DC1BF30EC2C3AE88813 987 —-a-w- C:\AdwCleaner.txt
2012-09-04 12:50:54 9FEB88C1823F1682DEC48C096617613D 1076 —-a-w- C:\AdwCleaner.txt
====== C:\Users\Koen Lenaers\AppData\Roaming ======
2012-09-19 17:43:46 ——– d—–w- C:\users\Public\AppData\Local\temp
2012-09-19 17:43:46 ——– d—–w- C:\users\Default\AppData\Local\temp
2012-09-19 17:43:46 ——– d—–w- C:\users\Default User\AppData\Local\temp
2012-09-19 17:43:46 ——– d—–w- C:\users\Administrator\AppData\Local\temp
2012-09-06 14:12:07 ——– d—–w- C:\users\Koen Lenaers\AppData\Local\Temp
2012-09-02 14:19:05 2E56FFFCAB0A638F4F0B25E13206D747 855959 —-a-w- C:\users\Koen Lenaers\AppData\Local\census.cache
2012-09-02 14:18:24 1B17BF8B552310C81578339B60B5321E 129728 —-a-w- C:\users\Koen Lenaers\AppData\Local\ars.cache
2012-09-02 14:09:10 431584BB17C7687E1250BAF225B2AD2D 36 —-a-w- C:\users\Koen Lenaers\AppData\Local\housecall.guid.cache
2012-09-02 13:04:44 ——– d—–w- C:\users\Koen Lenaers\AppData\Local\G DATA
2012-09-01 12:06:49 ——– d—–w- C:\users\Koen Lenaers\AppData\Local\Overwolf
2012-09-01 09:18:15 ——– d—–w- C:\users\Koen Lenaers\AppData\Roaming\dvdcss
====== C:\Users\Koen Lenaers ======
2012-09-13 15:24:26 ——– d—–w- C:\ProgramData\Overwolf
2012-09-05 11:58:02 ——– d—–w- C:\Users\Public\AppData
2012-09-04 19:52:42 ——– d—–w- C:\ProgramData\Battle.net
====== C: exe-files ==
2012-09-19 17:29:26 F042EE4C8D66248D9B86DCF52ABAE416 256000 —-a-w- C:\Windows\PEV.exe
2012-09-19 17:29:26 9E05A9C264C8A908A8E79450FCBFF047 80412 —-a-w- C:\Windows\grep.exe
2012-09-19 17:29:26 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 —-a-w- C:\Windows\zip.exe
2012-09-19 17:29:26 0297C72529807322B152F517FDB0A9FC 406528 —-a-w- C:\Windows\SWSC.exe
2012-09-19 17:29:26 0277C027A26428DB64EF4F64F52BB4FD 208896 —-a-w- C:\Windows\MBR.exe
2012-09-19 17:14:18 7AD347718319D488FD9FE6D15DF8DCD6 93184 —-a-w- C:\Users\Koen Lenaers\Downloads\TDSSKStarter(1).exe
2012-09-19 16:56:27 7AD347718319D488FD9FE6D15DF8DCD6 93184 —-a-w- C:\Users\Koen Lenaers\Downloads\TDSSKStarter.exe
2012-09-18 19:13:21 A6F5387D69C21739445BF2AAA01CE2C5 74603088 —-a-w- C:\Users\Koen Lenaers\Downloads\msert.exe
2012-09-18 17:34:19 D368094F4ED2D281AB3931E4A85BA95A 863704 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2012-09-18 17:34:19 C886F2D01813B12B1F359C35AFA3B1F2 546464 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2012-09-18 17:34:19 705A004553C2499F81C0EF19CFD70255 2346904 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2012-09-18 17:34:19 3C8D190643B7E5C50E36B0E2C1FA96CA 204504 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2012-09-18 17:34:19 355C4A751883EF73850F74D7EF97FBCB 884304 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2012-09-18 17:33:59 AA1FFCCE383A227144FD62A019CD27CE 2322184 —-a-w- C:\Users\Koen Lenaers\Downloads\esetsmartinstaller_enu.exe
2012-09-18 17:00:25 E04F681B6C361F956C283E94C10B6E68 73624 —-a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.7.0.21\SetupAdmin.exe
=== C: other files ==
2012-09-19 15:09:39 651141C54F069F010804791B1345B643 1811456 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12091900\algo.dll
2012-09-19 15:09:38 E2D37F405E21BE2534FF4A84F5032ECA 297176 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12091900\aswRep.dll
2012-09-19 15:09:38 CFB3EEDF620E7F32464A3091BA76D5E8 13400 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12091900\exts.dll
2012-09-19 15:09:38 CEBE7C43277E5CC8120A0E99C27CFEC6 40712 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12091900\fwAux.dll
2012-09-19 15:09:38 C71A884DD6F8CFFA87D70FB75857449C 427432 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12091900\aswFiDb.dll
2012-09-19 15:09:38 9AB833956EB46BA28FAE9611569AB921 115872 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12091900\aswCmnOS.dll
2012-09-19 15:09:38 923F90002185201CD7F7B87DE99D913D 1637712 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12091900\aswBoot.dll
2012-09-19 15:09:38 87F664BF0B8728382D03B2126127DC98 185912 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12091900\aswAR.dll
2012-09-19 15:09:38 72A7C1EC4D3BF38CB115395AD721AE3C 46880 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12091900\ArPot.dll
2012-09-19 15:09:38 6EF2C1A823BDE70DCACF595897AD97D7 450688 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12091900\aswCleanerDLL.dll
2012-09-19 15:09:38 695106DF3C15A9EA30069CCECEEC2B66 40712 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12091900\uiext.dll
2012-09-19 15:09:38 45551558282528DD5AD76606D51E6F09 109680 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12091900\aswScan.dll
2012-09-19 15:09:38 2935740E9E6B71C6D28CDA78E2ECDABD 243592 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12091900\aswCmnIS.dll
2012-09-19 15:09:38 1869C1A8ABB6D3E0B7FA81EE4346DC14 1285440 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12091900\aswEngin.dll
2012-09-19 15:09:38 16D72F62FBF97AFD0511BCFE4C732EA9 358440 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12091900\aswCmnBS.dll
2012-09-19 15:09:38 0D0FA4434A9434641AB0A6332AC5560A 424872 —-a-w- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\Avast5\defs\12091900\aswRawFS.dll
2012-09-18 17:34:19 F8D176DB5B14AED7C9B25E0640226BD1 258352 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\unicows.dll
2012-09-18 17:34:19 DDF27E5E67DFE78ED947C254D5233ADE 451704 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\esets_apiA.dll
2012-09-18 17:34:19 A95760BBA94E2C9775F5A214C828BFC6 768944 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\esets_apiW_a.dll
2012-09-18 17:34:19 5067BCCF99F177E92284F7244F237008 464064 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\esets_apiW.dll
2012-09-18 17:34:19 0A959A8102F224F0C0AC4A1438DA79C2 323984 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerLang.dll
2012-09-18 17:04:27 8E98D21EE06192492A5671A6144D092F 33240 -c–a-w- C:\Windows\System32\DRVSTORE\GEARAspiWD_53DFBC3344EBC2614851E0BF38F60B616DF86778\x64\GEARAspiWDM.sys
2012-09-18 17:04:27 8E98D21EE06192492A5671A6144D092F 33240 —-a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
==== Startup Registry Enabled ======================
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“Steam”=“C:\Program Files (x86)\Valve\Steam\\Steam.exe -silent”
“DDAssist”=“C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe”
“MobileDocuments”=“C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe”
“Facebook Update”=“C:\Users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver”
“Spotify”=“C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart ”
“Spotify Web Helper”=“C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ”
“iCloudServices”=“C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe”
“ApplePhotoStreams”=“C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe”
“RoxWatchTray”=“C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
“DMXLauncher”=“C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe”
“RoxioDragToDisc”=“C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe”
“GrooveMonitor”=“C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
“beid”=“C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup”
“G Data AntiVirus Tray Application”=“C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe”
“Razer Imperator Driver”=“C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe”
“Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“APSDaemon”=“C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“QuickTime Task”=“C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime”
“SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
“iTunesHelper”=“C:\Program Files (x86)\iTunes\iTunesHelper.exe”
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“Steam”=“C:\Program Files (x86)\Valve\Steam\\Steam.exe -silent”
“DDAssist”=“C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe”
“MobileDocuments”=“C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe”
“Facebook Update”=“C:\Users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver”
“Spotify”=“C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart ”
“Spotify Web Helper”=“C:\Users\Koen Lenaers\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ”
“iCloudServices”=“C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe”
“ApplePhotoStreams”=“C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe”
==== Startup Folders ======================
2012-07-13 17:56:19 1062 —-a-w- C:\users\Koen Lenaers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-06-07 19:07:01 1349 —-a-w- C:\users\Koen Lenaers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001Core.job –a—— C:\Users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001UA.job –a—— C:\Users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001Core.job –a—— C:\Users\Koen Lenaers\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001UA.job –a—— C:\Users\Koen Lenaers\AppData\Local\Google\Update\GoogleUpdate.exe
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\KOENLE~1\AppData\Local\Temp successfully emptied
Het ziet er goed uit,ik heb de C partitie gescand en G Data vindt geen virus meer 
Hallo,
Ziet er zeker netjes uit.
De volgende programma's en bijbehorende log bestanden (waaronder ook je Quarantaine-mappen) mag je verwijderen.
• TDSSKStarter.exe
• zoek.exe
• ComboFix via de onderstaande instructies.
Ga naar Start.
Kopieer en plak: Combofix /Uninstall in de startzoekbalk.
Druk ENTER en bevestig met OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.
Leeg hierna je prullenbak.
Verwijder ook nog even je systeemherstelpunten en maak een nieuwe aan.
Want hierin kunnen nog besmettingen zitten.
Gr.Ben
Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's