veel troep en trojans?

marcel

19-06-2013 18:58

in eigenschappen van Security Center
verwijst ie naar t pad uitvoerbaar bestand
C:\WINDOWS\System32\svchost.exe -k netsvcs
deze krijg dus maar 1 sec op automatisch en dan zit ie weer op uit
:X
fazantje

19-06-2013 20:33

Hoi Marcel,
We gaan ff verder kijken.
Download TDSSKiller hier en plaats het op je bureaublad.
Voordat je TDSSKiller uitvoert is het raadzaam om de onderstaande handleiding van TDSSKiller te raadplegen.
Dubbelklik op TDSSKiller.exe om de tool te starten. (Indien je TDSSKiller als ZIP bestand hebt gedownload dien je deze eerst uit te pakken).
Als er door TDSSkiller een update wordt gevonden klikt u op de knop "Load update"
Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op.
Start nu TDSSkiller opnieuw.
Klik op "Change parameters" en zorg dat de onderstaande opties allemaal aangevinkt zijn.
Klik op de knop "Start Scan" en volg de instructies.
Gebruik nooit de “Delete” of “Quarantaine” optie bij een “Fail signature” melding.
Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.___log.txt
Voeg dit log-bestand toe aan het volgende bericht.
Succes,
Huib;)
marcel

19-06-2013 21:23

hoi
ik kon alleen via rapport boven in de hoek een logje vinden
klopt dat ik alles moets skippen?
21:18:36.0125 2312 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:18:36.0484 2312 ============================================================
21:18:36.0484 2312 Current date / time: 2013/06/19 21:18:36.0484
21:18:36.0484 2312 SystemInfo:
21:18:36.0484 2312
21:18:36.0484 2312 OS Version: 5.1.2600 ServicePack: 3.0
21:18:36.0484 2312 Product type: Workstation
21:18:36.0484 2312 ComputerName: UW-259CBE6449D1
21:18:36.0484 2312 UserName: manon
21:18:36.0484 2312 Windows directory: C:\WINDOWS
21:18:36.0484 2312 System windows directory: C:\WINDOWS
21:18:36.0484 2312 Processor architecture: Intel x86
21:18:36.0484 2312 Number of processors: 2
21:18:36.0484 2312 Page size: 0x1000
21:18:36.0484 2312 Boot type: Normal boot
21:18:36.0484 2312 ============================================================
21:18:38.0312 2312 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000020
21:18:38.0328 2312 ============================================================
21:18:38.0328 2312 \Device\Harddisk0\DR0:
21:18:38.0328 2312 MBR partitions:
21:18:38.0328 2312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
21:18:38.0328 2312 ============================================================
21:18:38.0390 2312 C: <-> \Device\Harddisk0\DR0\Partition1
21:18:38.0484 2312 ============================================================
21:18:42.0656 2312 Initialize success
21:18:42.0656 2312 ============================================================
21:18:51.0187 3028 ============================================================
21:18:51.0187 3028 Scan started
21:18:51.0187 3028 Mode: Manual; SigCheck; TDLFS;
21:18:51.0187 3028 ============================================================
21:18:52.0078 3028 ================ Scan services =============================
21:18:52.0921 3028 ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
21:18:53.0484 3028 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
21:18:54.0187 3028 Abiosdsk - ok
21:18:54.0203 3028 abp480n5 - ok
21:18:54.0250 3028 ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:18:56.0000 3028 ACPI - ok
21:18:56.0031 3028 ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:18:56.0171 3028 ACPIEC - ok
21:18:56.0187 3028 ADBLOCK.DLL - ok
21:18:56.0203 3028 adpu160m - ok
21:18:56.0234 3028 aec C:\WINDOWS\system32\drivers\aec.sys
21:18:56.0406 3028 aec - ok
21:18:56.0453 3028 AFD C:\WINDOWS\System32\drivers\afd.sys
21:18:56.0546 3028 AFD - ok
21:18:56.0546 3028 Aha154x - ok
21:18:56.0562 3028 aic78u2 - ok
21:18:56.0578 3028 aic78xx - ok
21:18:56.0609 3028 Alerter C:\WINDOWS\system32\alrsvc.dll
21:18:56.0765 3028 Alerter - ok
21:18:56.0812 3028 ALG C:\WINDOWS\System32\alg.exe
21:18:56.0906 3028 ALG - ok
21:18:56.0906 3028 AliIde - ok
21:18:56.0921 3028 amsint - ok
21:18:57.0000 3028 Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:18:57.0015 3028 Apple Mobile Device - ok
21:18:57.0031 3028 AppMgmt - ok
21:18:57.0031 3028 ARP.DLL - ok
21:18:57.0062 3028 Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:18:57.0218 3028 Arp1394 - ok
21:18:57.0234 3028 asc - ok
21:18:57.0234 3028 asc3350p - ok
21:18:57.0250 3028 asc3550 - ok
21:18:57.0375 3028 aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:18:57.0421 3028 aspnet_state - ok
21:18:57.0437 3028 AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:18:57.0609 3028 AsyncMac - ok
21:18:57.0656 3028 atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:18:57.0828 3028 atapi - ok
21:18:57.0843 3028 Atdisk - ok
21:18:57.0890 3028 Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:18:57.0984 3028 Ati HotKey Poller - ok
21:18:58.0062 3028 ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:18:58.0187 3028 ati2mtag - ok
21:18:58.0218 3028 Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:18:58.0375 3028 Atmarpc - ok
21:18:58.0421 3028 AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:18:58.0593 3028 AudioSrv - ok
21:18:58.0640 3028 audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:18:58.0796 3028 audstub - ok
21:18:58.0843 3028 Beep C:\WINDOWS\system32\drivers\Beep.sys
21:18:59.0015 3028 Beep - ok
21:18:59.0078 3028 BITS C:\WINDOWS\system32\qmgr.dll
21:18:59.0296 3028 BITS - ok
21:18:59.0328 3028 BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
21:18:59.0343 3028 BlueletAudio ( UnsignedFile.Multi.Generic ) - warning
21:18:59.0343 3028 BlueletAudio - detected UnsignedFile.Multi.Generic (1)
21:18:59.0421 3028 Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:18:59.0500 3028 Bonjour Service - ok
21:18:59.0546 3028 Browser C:\WINDOWS\System32\browser.dll
21:18:59.0609 3028 Browser - ok
21:18:59.0640 3028 BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
21:18:59.0656 3028 BT ( UnsignedFile.Multi.Generic ) - warning
21:18:59.0656 3028 BT - detected UnsignedFile.Multi.Generic (1)
21:18:59.0687 3028 Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys
21:18:59.0703 3028 Btcsrusb ( UnsignedFile.Multi.Generic ) - warning
21:18:59.0703 3028 Btcsrusb - detected UnsignedFile.Multi.Generic (1)
21:18:59.0718 3028 BTHidEnum C:\WINDOWS\system32\DRIVERS\vbtenum.sys
21:18:59.0734 3028 BTHidEnum ( UnsignedFile.Multi.Generic ) - warning
21:18:59.0734 3028 BTHidEnum - detected UnsignedFile.Multi.Generic (1)
21:18:59.0765 3028 BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys
21:18:59.0781 3028 BTHidMgr ( UnsignedFile.Multi.Generic ) - warning
21:18:59.0781 3028 BTHidMgr - detected UnsignedFile.Multi.Generic (1)
21:18:59.0796 3028 catchme - ok
21:18:59.0843 3028 cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:19:00.0000 3028 cbidf2k - ok
21:19:00.0031 3028 CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:19:00.0187 3028 CCDECODE - ok
21:19:00.0203 3028 cd20xrnt - ok
21:19:00.0234 3028 Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:19:00.0390 3028 Cdaudio - ok
21:19:00.0421 3028 Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:19:00.0578 3028 Cdfs - ok
21:19:00.0609 3028 Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:19:00.0765 3028 Cdrom - ok
21:19:00.0781 3028 Changer - ok
21:19:00.0828 3028 CiSvc C:\WINDOWS\system32\cisvc.exe
21:19:00.0968 3028 CiSvc - ok
21:19:01.0000 3028 ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:19:01.0156 3028 ClipSrv - ok
21:19:01.0171 3028 clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:19:01.0281 3028 clr_optimization_v2.0.50727_32 - ok
21:19:01.0343 3028 clr_optimization_v4.0.30319_32 c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:19:01.0359 3028 clr_optimization_v4.0.30319_32 - ok
21:19:01.0375 3028 CmdIde - ok
21:19:01.0437 3028 cmudau C:\WINDOWS\system32\drivers\cmudau.sys
21:19:01.0531 3028 cmudau ( UnsignedFile.Multi.Generic ) - warning
21:19:01.0531 3028 cmudau - detected UnsignedFile.Multi.Generic (1)
21:19:01.0546 3028 COMSysApp - ok
21:19:01.0562 3028 CONTENT.DLL - ok
21:19:01.0593 3028 Cpqarray - ok
21:19:01.0625 3028 CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:19:01.0781 3028 CryptSvc - ok
21:19:01.0796 3028 dac2w2k - ok
21:19:01.0812 3028 dac960nt - ok
21:19:01.0859 3028 DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:19:01.0984 3028 DcomLaunch - ok
21:19:02.0046 3028 Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:19:02.0218 3028 Dhcp - ok
21:19:02.0250 3028 Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:19:02.0437 3028 Disk - ok
21:19:02.0453 3028 dmadmin - ok
21:19:02.0484 3028 dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:19:02.0671 3028 dmboot - ok
21:19:02.0703 3028 dmio C:\WINDOWS\system32\drivers\dmio.sys
21:19:02.0875 3028 dmio - ok
21:19:02.0890 3028 dmload C:\WINDOWS\system32\drivers\dmload.sys
21:19:03.0046 3028 dmload - ok
21:19:03.0078 3028 dmserver C:\WINDOWS\System32\dmserver.dll
21:19:03.0234 3028 dmserver - ok
21:19:03.0296 3028 DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:19:03.0453 3028 DMusic - ok
21:19:03.0484 3028 DNSCACHE.DLL - ok
21:19:03.0515 3028 Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:19:03.0671 3028 Dot3svc - ok
21:19:03.0687 3028 dpti2o - ok
21:19:03.0703 3028 drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:19:03.0859 3028 drmkaud - ok
21:19:03.0890 3028 EapHost C:\WINDOWS\System32\eapsvc.dll
21:19:04.0062 3028 EapHost - ok
21:19:04.0093 3028 ERSvc C:\WINDOWS\System32\ersvc.dll
21:19:04.0265 3028 ERSvc - ok
21:19:04.0296 3028 esgiguard - ok
21:19:04.0328 3028 Eventlog C:\WINDOWS\system32\services.exe
21:19:04.0359 3028 Eventlog - ok
21:19:04.0406 3028 EventSystem C:\WINDOWS\system32\es.dll
21:19:04.0484 3028 EventSystem - ok
21:19:04.0515 3028 Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:19:04.0656 3028 Fastfat - ok
21:19:04.0703 3028 FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:19:04.0765 3028 FastUserSwitchingCompatibility - ok
21:19:04.0812 3028 Fax C:\WINDOWS\system32\fxssvc.exe
21:19:05.0015 3028 Fax - ok
21:19:05.0062 3028 Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:19:05.0250 3028 Fdc - ok
21:19:05.0281 3028 Fips C:\WINDOWS\system32\drivers\Fips.sys
21:19:05.0437 3028 Fips - ok
21:19:05.0453 3028 Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:19:05.0625 3028 Flpydisk - ok
21:19:05.0656 3028 FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:19:05.0843 3028 FltMgr - ok
21:19:05.0890 3028 fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
21:19:05.0906 3028 fssfltr - ok
21:19:06.0000 3028 fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:19:06.0062 3028 fsssvc - ok
21:19:06.0093 3028 FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
21:19:06.0109 3028 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
21:19:06.0109 3028 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
21:19:06.0140 3028 FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
21:19:06.0218 3028 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
21:19:06.0218 3028 FsUsbExService - detected UnsignedFile.Multi.Generic (1)
21:19:06.0265 3028 Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:19:06.0437 3028 Fs_Rec - ok
21:19:06.0468 3028 Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:19:06.0640 3028 Ftdisk - ok
21:19:06.0640 3028 FTPFILT.DLL - ok
21:19:06.0687 3028 GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:19:06.0703 3028 GEARAspiWDM - ok
21:19:06.0765 3028 gfibto C:\WINDOWS\system32\drivers\gfibto.sys
21:19:06.0828 3028 gfibto - ok
21:19:06.0859 3028 Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:19:07.0031 3028 Gpc - ok
21:19:07.0078 3028 HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
21:19:07.0171 3028 HdAudAddService - ok
21:19:07.0203 3028 HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:19:07.0390 3028 HDAudBus - ok
21:19:07.0484 3028 helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:19:07.0640 3028 helpsvc - ok
21:19:07.0687 3028 HidServ C:\WINDOWS\System32\hidserv.dll
21:19:07.0859 3028 HidServ - ok
21:19:07.0906 3028 hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:19:08.0062 3028 hidusb - ok
21:19:08.0109 3028 hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:19:08.0265 3028 hkmsvc - ok
21:19:08.0281 3028 hpn - ok
21:19:08.0281 3028 HTMLFILT.DLL - ok
21:19:08.0343 3028 HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:19:08.0406 3028 HTTP - ok
21:19:08.0421 3028 HTTPFILT.DLL - ok
21:19:08.0453 3028 HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:19:08.0625 3028 HTTPFilter - ok
21:19:08.0640 3028 i2omgmt - ok
21:19:08.0671 3028 i2omp - ok
21:19:08.0703 3028 i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
21:19:08.0875 3028 i8042prt - ok
21:19:08.0921 3028 IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:19:08.0937 3028 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:19:08.0937 3028 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:19:09.0015 3028 idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:19:09.0093 3028 idsvc - ok
21:19:09.0109 3028 IMAPFILT.DLL - ok
21:19:09.0156 3028 Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:19:09.0328 3028 Imapi - ok
21:19:09.0359 3028 ImapiService C:\WINDOWS\system32\imapi.exe
21:19:09.0531 3028 ImapiService - ok
21:19:09.0546 3028 ini910u - ok
21:19:09.0687 3028 IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:19:10.0093 3028 IntcAzAudAddService - ok
21:19:10.0109 3028 IntelIde - ok
21:19:10.0171 3028 intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:19:10.0343 3028 intelppm - ok
21:19:10.0375 3028 Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:19:10.0546 3028 Ip6Fw - ok
21:19:10.0562 3028 IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:19:10.0734 3028 IpFilterDriver - ok
21:19:10.0750 3028 IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:19:10.0921 3028 IpInIp - ok
21:19:10.0953 3028 IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:19:11.0140 3028 IpNat - ok
21:19:11.0187 3028 iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:19:11.0234 3028 iPod Service - ok
21:19:11.0281 3028 IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:19:11.0406 3028 IPSec - ok
21:19:11.0437 3028 IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:19:11.0515 3028 IRENUM - ok
21:19:11.0546 3028 isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:19:11.0734 3028 isapnp - ok
21:19:11.0843 3028 JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
21:19:11.0859 3028 JavaQuickStarterService - ok
21:19:11.0890 3028 Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:19:12.0046 3028 Kbdclass - ok
21:19:12.0093 3028 kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:19:12.0250 3028 kbdhid - ok
21:19:12.0296 3028 kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:19:12.0484 3028 kmixer - ok
21:19:12.0500 3028 KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:19:12.0609 3028 KSecDD - ok
21:19:12.0640 3028 lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:19:12.0718 3028 lanmanserver - ok
21:19:12.0765 3028 lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:19:12.0812 3028 lanmanworkstation - ok
21:19:12.0828 3028 lbrtfdc - ok
21:19:12.0875 3028 LexBceS C:\WINDOWS\system32\LEXBCES.EXE
21:19:12.0921 3028 LexBceS ( UnsignedFile.Multi.Generic ) - warning
21:19:12.0921 3028 LexBceS - detected UnsignedFile.Multi.Generic (1)
21:19:12.0968 3028 LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:19:13.0140 3028 LmHosts - ok
21:19:13.0187 3028 LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
21:19:13.0359 3028 LPDSVC - ok
21:19:13.0359 3028 MAILFILT.DLL - ok
21:19:13.0437 3028 MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:19:13.0500 3028 MDM - ok
21:19:13.0546 3028 Messenger C:\WINDOWS\System32\msgsvc.dll
21:19:13.0703 3028 Messenger - ok
21:19:13.0734 3028 mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:19:13.0890 3028 mnmdd - ok
21:19:13.0937 3028 mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:19:14.0093 3028 mnmsrvc - ok
21:19:14.0125 3028 Modem C:\WINDOWS\system32\drivers\Modem.sys
21:19:14.0265 3028 Modem - ok
21:19:14.0296 3028 Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:19:14.0468 3028 Mouclass - ok
21:19:14.0515 3028 mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:19:14.0656 3028 mouhid - ok
21:19:14.0671 3028 MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:19:14.0828 3028 MountMgr - ok
21:19:14.0843 3028 mraid35x - ok
21:19:14.0843 3028 MRENDIS5 - ok
21:19:14.0875 3028 MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:19:15.0015 3028 MRxDAV - ok
21:19:15.0078 3028 MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:19:15.0218 3028 MRxSmb - ok
21:19:15.0250 3028 MSDTC C:\WINDOWS\system32\msdtc.exe
21:19:15.0390 3028 MSDTC - ok
21:19:15.0437 3028 Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:19:15.0593 3028 Msfs - ok
21:19:15.0593 3028 MSIServer - ok
21:19:15.0625 3028 MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:19:15.0781 3028 MSKSSRV - ok
21:19:15.0812 3028 MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:19:15.0953 3028 MSPCLOCK - ok
21:19:15.0968 3028 MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:19:16.0140 3028 MSPQM - ok
21:19:16.0171 3028 mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:19:16.0312 3028 mssmbios - ok
21:19:16.0328 3028 MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:19:16.0468 3028 MSTEE - ok
21:19:16.0484 3028 Mup C:\WINDOWS\system32\drivers\Mup.sys
21:19:16.0546 3028 Mup - ok
21:19:16.0593 3028 NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:19:16.0750 3028 NABTSFEC - ok
21:19:16.0781 3028 napagent C:\WINDOWS\System32\qagentrt.dll
21:19:16.0984 3028 napagent - ok
21:19:17.0015 3028 NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:19:17.0171 3028 NDIS - ok
21:19:17.0218 3028 NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:19:17.0375 3028 NdisIP - ok
21:19:17.0406 3028 NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:19:17.0468 3028 NdisTapi - ok
21:19:17.0515 3028 Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:19:17.0671 3028 Ndisuio - ok
21:19:17.0687 3028 NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:19:17.0843 3028 NdisWan - ok
21:19:17.0875 3028 NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:19:17.0953 3028 NDProxy - ok
21:19:18.0000 3028 NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:19:18.0156 3028 NetBIOS - ok
21:19:18.0203 3028 NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:19:18.0390 3028 NetBT - ok
21:19:18.0421 3028 NetDDE C:\WINDOWS\system32\netdde.exe
21:19:18.0562 3028 NetDDE - ok
21:19:18.0578 3028 NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:19:18.0734 3028 NetDDEdsdm - ok
21:19:18.0781 3028 Netlogon C:\WINDOWS\system32\lsass.exe
21:19:18.0921 3028 Netlogon - ok
21:19:18.0953 3028 Netman C:\WINDOWS\System32\netman.dll
21:19:19.0125 3028 Netman - ok
21:19:19.0171 3028 NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:19:19.0187 3028 NetTcpPortSharing - ok
21:19:19.0234 3028 NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:19:19.0390 3028 NIC1394 - ok
21:19:19.0453 3028 Nla C:\WINDOWS\System32\mswsock.dll
21:19:19.0531 3028 Nla - ok
21:19:19.0546 3028 NNTPFILT.DLL - ok
21:19:19.0562 3028 Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:19:19.0718 3028 Npfs - ok
21:19:19.0781 3028 Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:19:19.0968 3028 Ntfs - ok
21:19:19.0984 3028 NtLmSsp C:\WINDOWS\system32\lsass.exe
21:19:20.0125 3028 NtLmSsp - ok
21:19:20.0156 3028 NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:19:20.0359 3028 NtmsSvc - ok
21:19:20.0406 3028 Null C:\WINDOWS\system32\drivers\Null.sys
21:19:20.0546 3028 Null - ok
21:19:20.0578 3028 NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:19:20.0734 3028 NwlnkFlt - ok
21:19:20.0765 3028 NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:19:20.0921 3028 NwlnkFwd - ok
21:19:20.0937 3028 ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:19:21.0078 3028 ohci1394 - ok
21:19:21.0093 3028 ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:19:21.0125 3028 ose - ok
21:19:21.0140 3028 Parport C:\WINDOWS\system32\drivers\Parport.sys
21:19:21.0296 3028 Parport - ok
21:19:21.0312 3028 PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:19:21.0500 3028 PartMgr - ok
21:19:21.0531 3028 ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:19:21.0687 3028 ParVdm - ok
21:19:21.0718 3028 pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:19:21.0765 3028 pccsmcfd - ok
21:19:21.0781 3028 PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:19:21.0953 3028 PCI - ok
21:19:21.0968 3028 PCIDump - ok
21:19:21.0984 3028 PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:19:22.0156 3028 PCIIde - ok
21:19:22.0187 3028 Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:19:22.0343 3028 Pcmcia - ok
21:19:22.0359 3028 PDCOMP - ok
21:19:22.0359 3028 PDFRAME - ok
21:19:22.0375 3028 PDRELI - ok
21:19:22.0390 3028 PDRFRAME - ok
21:19:22.0406 3028 perc2 - ok
21:19:22.0421 3028 perc2hib - ok
21:19:22.0468 3028 PlugPlay C:\WINDOWS\system32\services.exe
21:19:22.0484 3028 PlugPlay - ok
21:19:22.0515 3028 PolicyAgent C:\WINDOWS\system32\lsass.exe
21:19:22.0671 3028 PolicyAgent - ok
21:19:22.0687 3028 POP3FILT.DLL - ok
21:19:22.0718 3028 PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:19:22.0875 3028 PptpMiniport - ok
21:19:22.0875 3028 PROTECT.DLL - ok
21:19:22.0890 3028 ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:19:23.0046 3028 ProtectedStorage - ok
21:19:23.0062 3028 PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:19:23.0218 3028 PSched - ok
21:19:23.0250 3028 Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:19:23.0421 3028 Ptilink - ok
21:19:23.0437 3028 ql1080 - ok
21:19:23.0437 3028 Ql10wnt - ok
21:19:23.0453 3028 ql12160 - ok
21:19:23.0468 3028 ql1240 - ok
21:19:23.0484 3028 ql1280 - ok
21:19:23.0515 3028 RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:19:23.0671 3028 RasAcd - ok
21:19:23.0703 3028 RasAuto C:\WINDOWS\System32\rasauto.dll
21:19:23.0859 3028 RasAuto - ok
21:19:23.0890 3028 Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:19:24.0046 3028 Rasl2tp - ok
21:19:24.0078 3028 RasMan C:\WINDOWS\System32\rasmans.dll
21:19:24.0265 3028 RasMan - ok
21:19:24.0296 3028 RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:19:24.0453 3028 RasPppoe - ok
21:19:24.0468 3028 Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:19:24.0625 3028 Raspti - ok
21:19:24.0671 3028 Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:19:24.0812 3028 Rdbss - ok
21:19:24.0875 3028 RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:19:25.0031 3028 RDPCDD - ok
21:19:25.0078 3028 RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:19:25.0156 3028 RDPWD - ok
21:19:25.0187 3028 RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:19:25.0359 3028 RDSessMgr - ok
21:19:25.0375 3028 redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:19:25.0562 3028 redbook - ok
21:19:25.0609 3028 RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:19:25.0765 3028 RemoteAccess - ok
21:19:25.0781 3028 RimUsb - ok
21:19:25.0796 3028 RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
21:19:25.0859 3028 RimVSerPort - ok
21:19:25.0890 3028 ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
21:19:26.0062 3028 ROOTMODEM - ok
21:19:26.0093 3028 RpcLocator C:\WINDOWS\system32\locator.exe
21:19:26.0265 3028 RpcLocator - ok
21:19:26.0296 3028 RpcSs C:\WINDOWS\System32\rpcss.dll
21:19:26.0359 3028 RpcSs - ok
21:19:26.0390 3028 RSVP C:\WINDOWS\system32\rsvp.exe
21:19:26.0546 3028 RSVP - ok
21:19:26.0562 3028 s494.sys - ok
21:19:26.0593 3028 SamSs C:\WINDOWS\system32\lsass.exe
21:19:26.0750 3028 SamSs - ok
21:19:26.0796 3028 SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:19:26.0953 3028 SCardSvr - ok
21:19:27.0000 3028 Schedule C:\WINDOWS\system32\schedsvc.dll
21:19:27.0187 3028 Schedule - ok
21:19:27.0234 3028 Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:19:27.0312 3028 Secdrv - ok
21:19:27.0359 3028 seclogon C:\WINDOWS\System32\seclogon.dll
21:19:27.0531 3028 seclogon - ok
21:19:27.0546 3028 SECRET.DLL - ok
21:19:27.0578 3028 SENS C:\WINDOWS\system32\sens.dll
21:19:27.0750 3028 SENS - ok
21:19:27.0781 3028 serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:19:27.0921 3028 serenum - ok
21:19:27.0953 3028 Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:19:28.0109 3028 Serial - ok
21:19:28.0187 3028 ServiceLayer c:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:19:28.0250 3028 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
21:19:28.0250 3028 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
21:19:28.0312 3028 Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:19:28.0468 3028 Sfloppy - ok
21:19:28.0515 3028 SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:19:28.0687 3028 SharedAccess - ok
21:19:28.0734 3028 ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:19:28.0750 3028 ShellHWDetection - ok
21:19:28.0765 3028 Simbad - ok
21:19:28.0812 3028 SiSGbeXP C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys
21:19:28.0875 3028 SiSGbeXP - ok
21:19:28.0906 3028 SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:19:29.0062 3028 SLIP - ok
21:19:29.0078 3028 Sparrow - ok
21:19:29.0109 3028 splitter C:\WINDOWS\system32\drivers\splitter.sys
21:19:29.0265 3028 splitter - ok
21:19:29.0296 3028 Spooler C:\WINDOWS\system32\spoolsv.exe
21:19:29.0375 3028 Spooler - ok
21:19:29.0390 3028 sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:19:29.0484 3028 sr - ok
21:19:29.0500 3028 srservice C:\WINDOWS\system32\srsvc.dll
21:19:29.0625 3028 srservice - ok
21:19:29.0671 3028 Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:19:29.0750 3028 Srv - ok
21:19:29.0812 3028 sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
21:19:29.0828 3028 sscdbus - ok
21:19:29.0843 3028 sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
21:19:29.0859 3028 sscdmdfl - ok
21:19:29.0890 3028 sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
21:19:29.0921 3028 sscdmdm - ok
21:19:29.0937 3028 SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:19:30.0015 3028 SSDPSRV - ok
21:19:30.0062 3028 stisvc C:\WINDOWS\system32\wiaservc.dll
21:19:30.0265 3028 stisvc - ok
21:19:30.0296 3028 streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:19:30.0453 3028 streamip - ok
21:19:30.0500 3028 swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:19:30.0671 3028 swenum - ok
21:19:30.0703 3028 swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:19:30.0843 3028 swmidi - ok
21:19:30.0859 3028 SwPrv - ok
21:19:30.0875 3028 symc810 - ok
21:19:30.0890 3028 symc8xx - ok
21:19:30.0906 3028 sym_hi - ok
21:19:30.0906 3028 sym_u3 - ok
21:19:30.0968 3028 sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:19:31.0125 3028 sysaudio - ok
21:19:31.0171 3028 SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:19:31.0312 3028 SysmonLog - ok
21:19:31.0343 3028 TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:19:31.0515 3028 TapiSrv - ok
21:19:31.0562 3028 Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:19:31.0625 3028 Tcpip - ok
21:19:31.0656 3028 TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:19:31.0812 3028 TDPIPE - ok
21:19:31.0843 3028 TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:19:32.0015 3028 TDTCP - ok
21:19:32.0062 3028 TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:19:32.0234 3028 TermDD - ok
21:19:32.0281 3028 TermService C:\WINDOWS\System32\termsrv.dll
21:19:32.0453 3028 TermService - ok
21:19:32.0500 3028 Themes C:\WINDOWS\System32\shsvcs.dll
21:19:32.0546 3028 Themes - ok
21:19:32.0609 3028 TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
21:19:32.0625 3028 TomTomHOMEService - ok
21:19:32.0640 3028 TosIde - ok
21:19:32.0671 3028 TrkWks C:\WINDOWS\system32\trkwks.dll
21:19:32.0828 3028 TrkWks - ok
21:19:32.0875 3028 Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:19:33.0000 3028 Udfs - ok
21:19:33.0031 3028 ultra - ok
21:19:33.0109 3028 Update C:\WINDOWS\system32\DRIVERS\update.sys
21:19:33.0312 3028 Update - ok
21:19:33.0343 3028 upnphost C:\WINDOWS\System32\upnphost.dll
21:19:33.0453 3028 upnphost - ok
21:19:33.0468 3028 upperdev - ok
21:19:33.0484 3028 UPS C:\WINDOWS\System32\ups.exe
21:19:33.0656 3028 UPS - ok
21:19:33.0687 3028 USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:19:33.0734 3028 USBAAPL - ok
21:19:33.0765 3028 usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:19:33.0921 3028 usbaudio - ok
21:19:33.0953 3028 usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:19:34.0109 3028 usbccgp - ok
21:19:34.0156 3028 usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:19:34.0312 3028 usbehci - ok
21:19:34.0359 3028 usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:19:34.0500 3028 usbhub - ok
21:19:34.0546 3028 usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:19:34.0687 3028 usbohci - ok
21:19:34.0718 3028 usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:19:34.0875 3028 usbprint - ok
21:19:34.0906 3028 usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:19:35.0046 3028 usbscan - ok
21:19:35.0109 3028 usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:19:35.0265 3028 usbstor - ok
21:19:35.0296 3028 VComm C:\WINDOWS\system32\DRIVERS\VComm.sys
21:19:35.0312 3028 VComm ( UnsignedFile.Multi.Generic ) - warning
21:19:35.0312 3028 VComm - detected UnsignedFile.Multi.Generic (1)
21:19:35.0343 3028 VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys
21:19:35.0343 3028 VcommMgr ( UnsignedFile.Multi.Generic ) - warning
21:19:35.0343 3028 VcommMgr - detected UnsignedFile.Multi.Generic (1)
21:19:35.0390 3028 VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:19:35.0531 3028 VgaSave - ok
21:19:35.0546 3028 ViaIde - ok
21:19:35.0593 3028 VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:19:35.0734 3028 VolSnap - ok
21:19:35.0765 3028 VSS C:\WINDOWS\System32\vssvc.exe
21:19:35.0890 3028 VSS - ok
21:19:35.0937 3028 W32Time C:\WINDOWS\system32\w32time.dll
21:19:36.0093 3028 W32Time - ok
21:19:36.0140 3028 Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:19:36.0312 3028 Wanarp - ok
21:19:36.0359 3028 Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:19:36.0453 3028 Wdf01000 - ok
21:19:36.0468 3028 WDICA - ok
21:19:36.0500 3028 wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:19:36.0656 3028 wdmaud - ok
21:19:36.0703 3028 WebClient C:\WINDOWS\System32\webclnt.dll
21:19:36.0859 3028 WebClient - ok
21:19:36.0937 3028 winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:19:37.0093 3028 winmgmt - ok
21:19:37.0156 3028 WinRM C:\WINDOWS\system32\WsmSvc.dll
21:19:37.0281 3028 WinRM - ok
21:19:37.0312 3028 WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:19:37.0390 3028 WmdmPmSN - ok
21:19:37.0437 3028 WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:19:37.0593 3028 WmiApSrv - ok
21:19:37.0671 3028 WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:19:37.0781 3028 WMPNetworkSvc - ok
21:19:37.0812 3028 WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:19:37.0859 3028 WpdUsb - ok
21:19:37.0953 3028 WPFFontCache_v0400 c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:19:38.0015 3028 WPFFontCache_v0400 - ok
21:19:38.0062 3028 WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:19:38.0218 3028 WS2IFSL - ok
21:19:38.0250 3028 wscsvc C:\WINDOWS\system32\wscsvc.dll
21:19:38.0421 3028 wscsvc - ok
21:19:38.0437 3028 WSearch - ok
21:19:38.0468 3028 WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:19:38.0640 3028 WSTCODEC - ok
21:19:38.0671 3028 wuauserv C:\WINDOWS\system32\wuauserv.dll
21:19:38.0828 3028 wuauserv - ok
21:19:38.0875 3028 WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:19:38.0953 3028 WudfPf - ok
21:19:38.0984 3028 WUDFRd C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
21:19:39.0015 3028 WUDFRd - ok
21:19:39.0046 3028 WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:19:39.0078 3028 WudfSvc - ok
21:19:39.0109 3028 WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:19:39.0281 3028 WZCSVC - ok
21:19:39.0296 3028 xcpip - ok
21:19:39.0328 3028 xmlprov C:\WINDOWS\System32\xmlprov.dll
21:19:39.0484 3028 xmlprov - ok
21:19:39.0500 3028 xpsec - ok
21:19:39.0531 3028 ================ Scan global ===============================
21:19:39.0562 3028 C:\WINDOWS\system32\basesrv.dll
21:19:39.0625 3028 C:\WINDOWS\system32\winsrv.dll
21:19:39.0656 3028 C:\WINDOWS\system32\winsrv.dll
21:19:39.0671 3028 C:\WINDOWS\system32\services.exe
21:19:39.0671 3028 - ok
21:19:39.0687 3028 ================ Scan MBR ==================================
21:19:39.0703 3028 \Device\Harddisk0\DR0
21:19:39.0906 3028 \Device\Harddisk0\DR0 - ok
21:19:39.0906 3028 ================ Scan VBR ==================================
21:19:39.0906 3028 \Device\Harddisk0\DR0\Partition1
21:19:39.0906 3028 \Device\Harddisk0\DR0\Partition1 - ok
21:19:39.0906 3028 ============================================================
21:19:39.0906 3028 Scan finished
21:19:39.0906 3028 ============================================================
21:19:40.0015 3020 Detected object count: 13
21:19:40.0015 3020 Actual detected object count: 13
21:19:50.0500 3020 BlueletAudio ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:50.0500 3020 BlueletAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:50.0500 3020 BT ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:50.0500 3020 BT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:50.0500 3020 Btcsrusb ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:50.0500 3020 Btcsrusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:50.0515 3020 BTHidEnum ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:50.0515 3020 BTHidEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:50.0515 3020 BTHidMgr ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:50.0515 3020 BTHidMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:50.0515 3020 cmudau ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:50.0515 3020 cmudau ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:50.0515 3020 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:50.0515 3020 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:50.0531 3020 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:50.0531 3020 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:50.0531 3020 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:50.0531 3020 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:50.0531 3020 LexBceS ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:50.0531 3020 LexBceS ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:50.0546 3020 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:50.0546 3020 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:50.0546 3020 VComm ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:50.0546 3020 VComm ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:50.0546 3020 VcommMgr ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:50.0546 3020 VcommMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
fazantje

19-06-2013 22:21

HJoi Marcel,
Ook dit logje ziet er goed uit;)
Ben nog eens alle logjes door gelopen en kwam nog wat tegen waarvan ik denk de oorzaak te hebben gevonden.
Verwijder Adaware van Lavasoft eens, daarna CCleaner, computer opnieuw opstarten en doe zoek exe zoals ik eerder aangaf nog eens.
Reden hiervoor is het volgende:
S4 ADBLOCK.DLL;Lavasoft Firewall PlugIn (ADBLOCK.DLL); \??\C:\Program Files\Lavasoft\Personal Firewall\kernel\ADBLOCK.DLL
S4 ARP.DLL;Lavasoft Firewall PlugIn (ARP.DLL); \??\C:\Program Files\Lavasoft\Personal Firewall\kernel\ARP.DLL
S4 CONTENT.DLL;Lavasoft Firewall PlugIn (CONTENT.DLL); \??\C:\Program Files\Lavasoft\Personal Firewall\kernel\CONTENT.DLL
S4 DNSCACHE.DLL;Lavasoft Firewall PlugIn (DNSCACHE.DLL); \??\C:\Program Files\Lavasoft\Personal Firewall\kernel\DNSCACHE.DLL
S4 FTPFILT.DLL;Lavasoft Firewall PlugIn (FTPFILT.DLL); \??\C:\Program Files\Lavasoft\Personal Firewall\kernel\FTPFILT.DLL
S4 HTMLFILT.DLL;Lavasoft Firewall PlugIn (HTMLFILT.DLL); \??\C:\Program Files\Lavasoft\Personal Firewall\kernel\HTMLFILT.DLL
S4 HTTPFILT.DLL;Lavasoft Firewall PlugIn (HTTPFILT.DLL); \??\C:\Program Files\Lavasoft\Personal Firewall\kernel\HTTPFILT.DLL
S4 IMAPFILT.DLL;Lavasoft Firewall PlugIn (IMAPFILT.DLL); \??\C:\Program Files\Lavasoft\Personal Firewall\kernel\IMAPFILT.DLL
S4 MAILFILT.DLL;Lavasoft Firewall PlugIn (MAILFILT.DLL); \??\C:\Program Files\Lavasoft\Personal Firewall\kernel\MAILFILT.DLL
S4 NNTPFILT.DLL;Lavasoft Firewall PlugIn (NNTPFILT.DLL); \??\C:\Program Files\Lavasoft\Personal Firewall\kernel\NNTPFILT.DLL
S4 POP3FILT.DLL;Lavasoft Firewall PlugIn (POP3FILT.DLL); \??\C:\Program Files\Lavasoft\Personal Firewall\kernel\POP3FILT.DLL
S4 PROTECT.DLL;Lavasoft Firewall PlugIn (PROTECT.DLL); \??\C:\Program Files\Lavasoft\Personal Firewall\kernel\PROTECT.DLL
S4 SECRET.DLL;Lavasoft Firewall PlugIn (SECRET.DLL); \??\C:\Program Files\Lavasoft\Personal Firewall\kernel\SECRET.DLL
Plaats het nieuwe logje van zoek exe hier even en vertel hoe het nu is.
Succes,
Huib;)
marcel

19-06-2013 22:52

hoi huib
nog t zelfde “beveiligingcentrum niet beschikbaar”
en lafasoft via zoeken 1 en in register meerdere verwijderd allen 3 wilden niet
ccleaner er ook af
lees morgen wel je antwoord
weltrusten
Zoek.exe Version 4.0.0.2 Updated 18-June-2013
Tool run by manon on wo 19-06-2013 at 22:33:17,23.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\manon\Bureaublad\zoek.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
==== System Specs ======================
Windows: Windows XP Home Edition Service Pack 3 (Build 2600)
Memory (RAM): 1023 MB
CPU Info: Intel(R) Pentium(R) D CPU 2.66GHz
CPU Speed: 2654,9 MHz
Sound Card: Realtek HD Audio output |
Display Adapters: Radeon X1300 Series | Radeon X1300 Series Secondary | NetMeeting driver | RDPDD Chained DD
Monitors: 1x; Dell 1503FP (analoog) |
Screen Resolution: 1024 X 768 - 32 bit
Network: Network Present
Network Adapters: SiS191 100/10 Ethernet Device - Pakketplanner-minipoort
CD / DVD Drives: 2x (D: | E: | ) D: PHILIPS DROM6216 | E: HL-DT-STDVDRAM GSA-H10N
Ports: COM4 | COM5 | COM1 LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 232,9GB
Hard Disks - Free: C: 177,2GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 04/19/06 | A M I - 4000619
Time Zone: West-Europa (standaardtijd)
Motherboard *: FUJITSU SIEMENS P5SD2-FM
Internet Explorer Version: 8.0.6001.18702
Sun Java version: 1.7.0_13
Country: Nederland
Language: NLD
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
2013-06-18 12:25:58 CA7557DF329737D84F604891285EE0DF 4884 -c–a-w- C:\WINDOWS\SchedLgU.Txt
====== C:\WINDOWS\TEMP ====
====== C:\WINDOWS\system32 =====
====== C:\WINDOWS\system32\drivers =====
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2013-06-19 15:34:18 ——– dc—-w- C:\Program Files\IObit
======= C: =====
2013-06-19 12:22:39 2B8BBBF207477C554A4D82BDF6552ABB 3190 -c–a-w- C:\DelFix.txt
====== C:\Documents and Settings\manon\Application Data ======
2013-06-19 15:34:30 ——– dc—-w- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-06-19 15:34:29 ——– dc—-w- C:\Documents and Settings\All Users\Application Data\IObit
2013-06-19 15:34:27 ——– dc—-w- C:\Documents and Settings\manon\Application Data\IObit
2013-06-14 09:38:33 ——– dc—-w- C:\Documents and Settings\All Users\Application Data\3936
====== C:\Documents and Settings\manon ======
2013-06-19 18:52:45 178A34E5554DCE485E1262DDF027960C 2237968 -c–a-w- C:\Documents and Settings\manon\Bureaublad\tdsskiller.exe
2013-06-19 12:41:19 ——– dc-h–r- C:\Documents and Settings\manon\Onlangs geopend
2013-06-19 09:51:46 ——– dcsh–w- C:\Documents and Settings\LocalService\Cookies
====== C: exe-files ==
2013-06-19 20:30:26 FCA17DB4FEB0D0449B30B6477B76B980 103757 -c–a-w- C:\Tmp\Mama\~nsu.tmp\Au_.exe
2013-06-19 18:52:45 178A34E5554DCE485E1262DDF027960C 2237968 -c–a-w- C:\Documents and Settings\manon\Bureaublad\tdsskiller.exe
2013-06-19 16:34:39 FD35BD83DCD48338931442B47644719A 192512 -c–a-w- C:\Tmp\Mama\HouseCall\bspatch.exe
2013-06-19 16:34:36 A7A0791ECADCF96CAEE258033A2D3878 2445744 -c–a-w- C:\Tmp\Mama\HCBackup\hcpackage.exe
2013-06-19 16:34:26 4C4AB9390E4B943D43CA051103DA667F 2002944 -c–a-w- C:\Tmp\Mama\Tijdelijke internetbestanden\Content.IE5\S280CLOE\HousecallLauncher.exe
2013-06-19 15:44:54 789C152BD857F314E6D24A3AE37DC179 1467712 -c–a-w- C:\Tmp\Mama\is-CD7BU.tmp\UninstallPromote.exe
2013-06-19 15:39:13 E68727BE58B10E8DDF64BA1B720E3C09 948544 -c–a-w- C:\Program Files\IObit\Advanced SystemCare 6\Sur13_WinFix.exe
2013-06-19 15:34:49 D4A740E814C8DA2D60821259D3AB4F9F 321344 -c–a-w- C:\Program Files\IObit\Advanced SystemCare 6\newyear.exe
2013-06-18 14:18:56 9A2347903D6EDB84C10F288BC0578C1C 388608 -c–a-w- C:\Program Files\Trend Micro\manon.exe
=== C: other files ==
2013-06-19 16:34:39 D79B8B7BED8D30387C22663B24E8C191 256904 -c–a-w- C:\Tmp\Mama\HouseCall\tmcomm.sys
2013-06-19 16:34:39 B67F27C0ED14095C3F4CC4494B989C14 2496 -c–a-w- C:\Tmp\Mama\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip
2013-06-19 12:23:14 28F6862F6CE6995DCFAC1AFCDE0D17B5 196 -c–a-w- C:\Tmp\Mama\Uninst.bat
==== Startup Registry Enabled ======================
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”
“DWQueuedReporting”=“c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t”
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe”
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”
“DWQueuedReporting”=“c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t”
“RIMBBLaunchAgent.exe”=“C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe”
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe”
==== Startup Registry Disabled ======================
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“cli”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\“ runtime -Delay”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“iTunesHelper”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\iTunes\\iTunesHelper.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“NeroCheck”
“hkey”=“HKLM”
“command”=“C:\\WINDOWS\\system32\\NeroCheck.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“qttask”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\QuickTime\\qttask.exe\“ -atboottime”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“RTHDCPL”
“hkey”=“HKLM”
“command”=“RTHDCPL.EXE”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“HDAShCut”
“hkey”=“HKLM”
“command”=“HDAShCut.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Res”
“hkey”=“HKLM”
“command”=“C:\\Program Files\\USB Disk Win98 Driver\\Res.EXE”
“path”=“C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Adobe Reader Snelle start.lnk”
“backup”=“C:\\WINDOWS\\pss\\Adobe Reader Snelle start.lnkCommon Startup”
“command”=“C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE ”
“item”=“Adobe Reader Snelle start”
“path”=“C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\BlueSoleil.lnk”
“backup”=“C:\\WINDOWS\\pss\\BlueSoleil.lnkCommon Startup”
“command”=“C:\\PROGRA~1\\IVTCOR~1\\BLUESO~1\\BLUESO~1.EXE ”
“item”=“BlueSoleil”
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Acow.job –a–c— C:\WINDOWS\system32\rundll32- C:\WINDOWS\system32\umpnpmgr1.dll
C:\WINDOWS\tasks\AppleSoftwareUpdate.job –a–c— C:\Program Files\AppleC:oftware Update\SoftwareUpdate.exe
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-83265092-2990293034-2559932795-1007Core.job –a–c— C:\Documents and Settings\manon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-83265092-2990293034-2559932795-1007UA.job –a–c— C:\Documents and Settings\manon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
==== Chrome Look ======================
YouTube - manon - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - manon - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - manon - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.google.com/webhp?hl=nl”
New Values:
“Start Page”=“http://www.google.com/webhp?hl=nl”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
{5BFE9EDA-43A4-4406-AC64-DF39EB1223B9} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBS”
{6575846F-1D65-4E0F-BE76-1F68DD71BF66} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== HijackThis Entries ======================
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\Run: “c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353790306718
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O21 - SSODL: WindowsCopy - {312BED3C-A901-4203-B4F2-ADCB957D1887} - C:\Documents and Settings\All Users\Application Data\3936\lmbd.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ServiceLayer - Nokia. - c:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
==== Empty IE Cache ======================
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\janneke\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\janneke\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\manon\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Documents and Settings\manon\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\WINDOWS\TEMP successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
“C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat” not found
==== EOF on wo 19-06-2013 at 22:41:56,17 ======================
fazantje

20-06-2013 00:24

Hoi Marcel,
En in veilige modus opstarten en dan die zaken van Lavasoft verwijderen.
Doe het volgende ook nog even in normale modus:
Ga naar: start-configuratiescherm-extra-mapopties-weergave.
Zet een vinkje bij 'Verborgen bestanden en mappen weergeven'
en haal het vinkje weg bij 'Extensies voor bekende bestandstypen verbergen'.
Ga nu naar Virustotal en klik op bestand kiezen.
Zoek nu naar het volgende bestand en laat deze scannen:
C:\Documents and Settings\All Users\Application Data\3936\lmbd.dll
Ben is er vanaf vandaag ook weer dus wie weet ziet hij nog iets wat ik over het hoofd zie:D
Groetjes Huib;)
marcel

20-06-2013 11:22

hoi huib
in VM lukte t ook niet lafasoft te deleten
dit gaf ie aan bij virustotal
gr marcel
SHA256: 63b09ef7b06f6254ee269c849a434c8a413ecb3d631b86363bbbb40e54fa8d7c
SHA1: e89207f9b4b1e3d3b27a87a3cba45c23e9e94662
MD5: 140bf0bbb73d43a93114d6c03eb4d2e2
Bestandsgrootte: 131.5 KB ( 134656 bytes )
Bestandsnaam: lmbd.dll
Bestandstype: Win32 DLL
Detectieverhouding: 27 / 47
Datum van analyse: 2013-06-20 09:17:43 UTC (0 minuten geleden
fazantje

20-06-2013 12:09

Hoi Marcel,
Volgens mij is de actie met virustotal niet goed gegaan.
Je moet n.l. een hele lijst krijgen van alle scanners die er zijn, met hun bevindingen.
Zou je het nog eens willen doen?
Ga nu naar Virustotal en klik op bestand kiezen.
Dan ga je naar: C - Documents and Settings - All Users - Application Data - 3936 en dan lmbd.dll
Nu klik je op scannen en wacht even geduldig af.
Een voorbeeld:
Agnitum 20130619
AhnLab-V3 20130619
AntiVir 20130620
Antiy-AVL 20130620
Avast 20130620
AVG 20130620
BitDefender 20130620
ByteHero 20130613
CAT-QuickHeal 20130620
ClamAV 20130620
Commtouch 20130619
Comodo 20130620
DrWeb 20130620
Emsisoft 20130620
eSafe 20130616
ESET-NOD32 20130620
F-Prot 20130620
Fortinet 20130620
GData 20130620
Ikarus 20130620
Jiangmin 20130620
K7AntiVirus 20130619
K7GW 20130619
Kaspersky 20130620
Kingsoft 20130506
Malwarebytes 20130620
McAfee 20130620
McAfee-GW-Edition 20130620
Microsoft 20130620
MicroWorld-eScan 20130620
NANO-Antivirus 20130620
Norman 20130620
nProtect 20130620
Panda 20130619
PCTools 20130521
Rising 20130619
Sophos 20130620
SUPERAntiSpyware 20130620
Symantec 20130620
TheHacker 20130620
TotalDefense 20130620
TrendMicro 20130620
TrendMicro-HouseCall 20130620
VBA32 20130620
VIPRE 20130620
ViRobot 20130620
Zo ziet het er ongeveer uit.
Ik ben er vanmiddag niet, maar dan helpt Ben jou verder.
Groetjes Huib;)
marcel

20-06-2013 12:29

SHA256: 63b09ef7b06f6254ee269c849a434c8a413ecb3d631b86363bbbb40e54fa8d7c
SHA1: e89207f9b4b1e3d3b27a87a3cba45c23e9e94662
MD5: 140bf0bbb73d43a93114d6c03eb4d2e2
Bestandsgrootte: 131.5 KB ( 134656 bytes )
Bestandsnaam: lmbd.dll
Bestandstype: Win32 DLL
Detectieverhouding: 26 / 47
Datum van analyse: 2013-06-20 10:23:44 UTC (0 minuten geleden)
0 0 Meer gegevens Analyse Bestandsgegevens Aanvullende informatie Reacties Stemmen
Virusscanner Resultaat Versie
Agnitum  20130619
AhnLab-V3 Backdoor/Win32.Sinowal 20130619
AntiVir TR/Crypt.ZPACK.Gen8 20130620
Antiy-AVL  20130620
Avast Win32:Rootkit-gen 20130620
AVG Agent.10.L 20130620
BitDefender Trojan.Sinowal.Gen.1 20130620
ByteHero  20130613
CAT-QuickHeal  20130620
ClamAV  20130620
Commtouch W32/Trojan.CDOT-4989 20130619
Comodo UnclassifiedMalware 20130620
DrWeb  20130620
Emsisoft Trojan.Sinowal.Gen.1 (B) 20130620
eSafe  20130616
ESET-NOD32 Win32/TrojanDownloader.Mebload.AY 20130620
F-Prot  20130620
F-Secure Trojan.Sinowal.Gen.1 20130620
Fortinet W32/Generic.AY!tr 20130620
GData Trojan.Sinowal.Gen.1 20130620
Ikarus Trojan-Dropper.Agent 20130620
Jiangmin  20130620
K7AntiVirus  20130619
K7GW  20130619
Kaspersky HEUR:Trojan.Win32.Generic 20130620
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130506
Malwarebytes Trojan.FakeMS 20130620
McAfee Artemis!140BF0BBB73D 20130620
McAfee-GW-Edition Artemis!140BF0BBB73D 20130620
Microsoft PWS:Win32/Sinowal 20130620
MicroWorld-eScan  20130620
NANO-Antivirus  20130620
Norman Suspicious_Gen5.AAHGM 20130620
nProtect Trojan.Sinowal.Gen.1 20130620
Panda Suspicious file 20130620
PCTools  20130521
Rising  20130619
Sophos Mal/Generic-S 20130620
SUPERAntiSpyware  20130620
Symantec  20130620
TheHacker Trojan/Downloader.Mebload.ay 20130620
TotalDefense  20130620
TrendMicro  20130620
TrendMicro-HouseCall TROJ_GEN.R0CCB01FJ13 20130620
VBA32  20130620
VIPRE Trojan.Win32.Sinowal.baq (v) 20130620
ViRobot 
Ben

20-06-2013 14:39

Hallo,
1. Verwijder het programma IObit\Advanced SystemCare 6, herstart je pc.
Heb je deze map zelf gemaakt C:\Tmp\Mama ?
2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
Dubbelklik op Zoek.exe om de tool te starten.
Kopieer nu het onderstaande vet gedrukte code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
c:\documents and settings\All Users\Application Data\3936;f
;r
“WajamUpdater”=-;r
;r
“3389:TCP”=-;r
“65533:TCP”=-;r
“52344:TCP”=-;r
;r
“3389:TCP”=-;r
“65533:TCP”=-;r
“52344:TCP”=-;r
autoclean;
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als het nodig is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht.
3. Download aswMBR.exe naar het bureaublad.
Dubbelklik op "aswMBR.exe" om de tool te starten.
Klik bij het volgende scherm op "Ja" om de laatste virusdefinities van Avast te downloaden.
Klik nu op de knop "scan" er zal nu tevens een snelle scan van de systeemschijf worden uitgevoerd.
Als de scan gereed is klikt u op de knop "save log"
Plaats dit log bestand in het volgende bericht.
Gr.Ben

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

veel troep en trojans?

marcel

fazantje

marcel

fazantje

marcel

fazantje

marcel

fazantje

marcel

Ben