4 trojan horses

[paolo]

Hallo allemaal,

Men zou zeggen dat 1 tr.h al 1 teveel is, maar ik heb er 4. Niet te verwijderen met AVG. Zal ze opnoemen.

- PSW. Generic 9 UCX

- PSW. Agent. AUET

- PSW. Agent. ASOH

- PSW. Agent. ASOl

Dit kreeg ik gisteren met de scan als resultaat. Wat me wel opviel is dat de pc. trager was/is en dat internet niet fatsoenlijk werkt. Laden van de pagina traag/ of helemaal niet. Popups die opeens tevoorschijn komen.

Ben ervan overtuigd, gezien mijn eerdere ervaring van jullie hulp, dat het nu ook wel zal lukken om ze te verwjderen.

Misschien dat me ook iemand tips/raad kan geven om de trojan horses buiten de deur/PC te houden.

Bvd. groetjes Paolo

[kape]

We zullen eerst eens nagaan of malware of virussen de oorzaak zijn van je probleem.

1. Download HijackThis. (klik er op)

Klik op HijackThis.msi en de download start automatisch na 5 seconden.

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden.

Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map.

De logjes kan je dan ook in die map terugvinden.

---

2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!)

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier)

---

3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces.

Tip!

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

[paolo]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:19:29, on 22-6-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Fighters\Tray\FightersTray.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Fighters\SPAMfighter\sfus.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fighters\FighterSuiteService.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Fighters\FighterLauncher.exe

C:\Program Files\Fighters\SPAMfighter\sfagent.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176409856373

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177666201296

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\SPAMfighter\sfus.exe

O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

--

End of file - 8454 bytes

Dacht dat het gelukt was.

[kape]

Dit ziet er probleemloos uit. Even verder kijken dan :

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[paolo]

ComboFix 12-06-21.03 - Eigenaar 22-06-2012 10:59:27.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.356 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe

AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\system32\Cache

c:\windows\system32\Cache\046474829976d4cc.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\8414d5f81b26c0ca.fb

c:\windows\system32\Cache\84789b608a6425ba.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\roboot.exe

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_xcpip

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-22 to 2012-06-22 ))))))))))))))))))))))))))))))

.

.

2012-06-21 18:53 . 2012-06-21 18:53 -------- d-----w- c:\windows\system32\wbem\Repository

2012-06-21 18:50 . 2012-06-22 08:29 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend

2012-06-16 09:51 . 2012-06-16 09:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze

2012-06-13 17:52 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-06-13 07:01 . 2012-06-13 07:01 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\AVG Secure Search

2012-06-04 17:31 . 2012-06-04 17:31 -------- d-----w- c:\program files\Common Files\xing shared

2012-06-02 07:51 . 2012-06-02 07:51 -------- d-----w- c:\program files\BitTorrent

2012-06-02 07:45 . 2012-06-02 07:46 -------- d-----w- c:\program files\GAMESVOORIEDEREEN.NL

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-04 17:30 . 2007-04-23 15:34 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-06-04 17:30 . 2007-04-23 15:34 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-06-02 13:19 . 2007-06-21 15:30 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2007-04-12 20:31 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2007-04-12 20:31 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2005-05-26 02:19 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2007-04-12 20:31 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2007-04-12 20:31 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2007-04-12 20:05 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2001-09-07 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2007-06-21 15:30 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2007-06-21 15:30 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2007-04-12 20:31 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2007-06-21 15:30 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2007-04-12 20:05 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2007-06-22 15:27 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2007-04-29 13:25 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2005-05-26 02:19 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2002-09-23 13:11 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:09 . 2004-08-23 16:17 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:55 . 2001-09-07 12:00 1863296 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:44 . 2001-09-07 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:44 . 2001-09-07 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:39 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec

2012-05-05 13:28 . 2012-04-01 18:18 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 13:28 . 2011-05-16 18:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-05 03:15 . 2001-09-07 12:00 2196992 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-05 03:15 . 2001-09-06 19:53 2073472 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:47 . 2007-04-12 20:05 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-04 13:56 . 2012-01-08 19:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-12 18:55 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-28 2077536]

"sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2012-02-02 1197704]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-12 1104440]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"CommonToolkitTray"="c:\program files\Fighters\Tray\FightersTray.exe" [2012-02-02 1453704]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-04 296056]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PHOTOfunSTUDIO -viewer-.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\PHOTOfunSTUDIO -viewer-.lnk

backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk]

path=c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk

backup=c:\windows\pss\Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 03:47 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2008-11-20 09:06 178688 -c--a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

2006-01-02 15:41 45056 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-06-04 20:01 136176 ----atw- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-03-24 12:13 49208 -c--a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 08:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-02 18:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2006-03-01 23:22 577536 ------r- c:\windows\soundman.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 09:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2012-06-04 17:30 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2011-10-26 18:48 74752 ----a-w- c:\program files\Winamp\winampa.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"d:\\downloads\\BitTorrent\\bittorrent.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [20-8-2010 11:34 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20-8-2010 11:34 216400]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20-8-2010 11:34 243152]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11-5-2011 19:59 308136]

R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [12-4-2007 22:38 44928]

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\SPAMfighter\sfus.exe [2-2-2012 17:07 215688]

R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [23-1-2012 14:40 1324680]

R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [12-6-2012 20:55 935480]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [12-4-2007 22:38 55808]

R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13-3-2011 23:47 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1-4-2012 20:18 257696]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [30-3-2011 9:16 30312]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [27-10-2010 9:10 167264]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [27-12-2007 10:34 1527900]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13-3-2011 23:47 136176]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [30-3-2011 9:16 121192]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [30-3-2011 9:16 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [30-3-2011 9:16 136680]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [27-12-2007 10:31 544768]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - xcpip

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:28]

.

2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 21:47]

.

2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 21:47]

.

2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-261478967-839522115-1003Core.job

- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:01]

.

2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-261478967-839522115-1003UA.job

- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:01]

.

2012-06-22 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

2012-06-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-261478967-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]

.

2012-06-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-261478967-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://google.nl/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-22 11:14

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1708537768-261478967-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-1708537768-261478967-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (S-1-5-21-1708537768-261478967-839522115-1003)

@Allowed: (Read) (S-1-5-21-1708537768-261478967-839522115-1003)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(660)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(2240)

c:\program files\Fighters\SPAMfighter\LiveKit.dll

c:\progra~1\WINDOW~3\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\AVG\AVG9\avgam.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\msiexec.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\SearchFilterHost.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

.

**************************************************************************

.

Voltooingstijd: 2012-06-22 11:17:19 - machine werd herstart

ComboFix-quarantined-files.txt 2012-06-22 09:17

.

Pre-Run: 100.087.209.984 bytes beschikbaar

Post-Run: 100.333.916.160 bytes beschikbaar

.

- - End Of File - - 2D22990207DC36FFB85FCE1E98338088

---------- Post toegevoegd om 11:25 ---------- Vorige post was om 11:21 ----------

Hallo Kape, hoop dat het zo goed is. gr. Paolo

[kape]

Prima zo ... laat AVG er nu eens opnieuw op los. Benieuwd of die nog iets te vertellen heeft ?

[paolo]

Hallo Kape, heeft lang geduurd, maar helaas kreeg ik onderstaande meldingen. In totaal 25 stuks.

Gr. Paolo

"C:\PROGRA~1\AVG\AVG9\avgtray.exe (1380)";"Trojaans paard PSW.Generic9.UCX";""

"C:\PROGRA~1\AVG\AVG9\avgtray.exe (1380):\memory_012d0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\Program Files\AVG Secure Search\vprot.exe (1252)";"Trojaans paard PSW.Generic9.UCX";""

"C:\Program Files\AVG Secure Search\vprot.exe (1252):\memory_01c80000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\Program Files\AVG\AVG9\avgui.exe (4060)";"Trojaans paard PSW.Generic9.UCX";""

"C:\Program Files\AVG\AVG9\avgui.exe (4060):\memory_01470000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\Program Files\AVG\AVG9\avgwdsvc.exe (1280)";"Trojaans paard PSW.Generic9.UCX";""

"C:\Program Files\AVG\AVG9\avgwdsvc.exe (1280):\memory_00f60000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe (2624)";"Trojaans paard PSW.Generic9.UCX";""

"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe (2624):\memory_00960000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (2024)";"Trojaans paard PSW.Generic9.UCX";""

"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (2024):\memory_008f0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\Program Files\Fighters\FighterSuiteService.exe (2492)";"Trojaans paard PSW.Generic9.UCX";""

"C:\Program Files\Fighters\FighterSuiteService.exe (2492):\memory_01280000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\Program Files\Fighters\SPAMfighter\sfagent.exe (1404)";"Trojaans paard PSW.Generic9.UCX";""

"C:\Program Files\Fighters\SPAMfighter\sfagent.exe (1404):\memory_02630000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\Program Files\Fighters\SPAMfighter\sfus.exe (2176)";"Trojaans paard PSW.Generic9.UCX";""

"C:\Program Files\Fighters\SPAMfighter\sfus.exe (2176):\memory_009c0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\Program Files\Fighters\Tray\FightersTray.exe (1508)";"Trojaans paard PSW.Generic9.UCX";""

"C:\Program Files\Fighters\Tray\FightersTray.exe (1508):\memory_01190000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\Program Files\Internet Explorer\iexplore.exe (1688)";"Trojaans paard PSW.Generic9.UCX";""

"C:\Program Files\Internet Explorer\iexplore.exe (1688):\memory_00cc0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\Program Files\Internet Explorer\iexplore.exe (1688):\memory_010a0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\Program Files\Internet Explorer\iexplore.exe (1748)";"Trojaans paard PSW.Generic9.UCX";""

"C:\Program Files\Internet Explorer\iexplore.exe (1748):\memory_00d80000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\Program Files\Internet Explorer\iexplore.exe (1748):\memory_01950000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\Program Files\Internet Explorer\iexplore.exe (552)";"Trojaans paard PSW.Generic9.UCX";""

"C:\Program Files\Internet Explorer\iexplore.exe (552):\memory_03750000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\Program Files\Internet Explorer\iexplore.exe (552):\memory_03aa0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\Program Files\Java\jre6\bin\jqs.exe (1952)";"Trojaans paard PSW.Generic9.UCX";""

"C:\Program Files\Java\jre6\bin\jqs.exe (1952):\memory_00fa0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\Program Files\Real\RealPlayer\Update\realsched.exe (1536)";"Trojaans paard PSW.Generic9.UCX";""

"C:\Program Files\Real\RealPlayer\Update\realsched.exe (1536):\memory_00e80000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\WINDOWS\explorer.exe (2240)";"Trojaans paard PSW.Generic9.UCX";""

"C:\WINDOWS\explorer.exe (2240):\memory_02e40000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\WINDOWS\explorer.exe (2240):\memory_03600000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk."

"C:\WINDOWS\system32\ati2evxx.exe (1524)";"Trojaans paard PSW.Generic9.UCX";""

"C:\WINDOWS\system32\ati2evxx.exe (1524):\memory_00b50000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\WINDOWS\system32\ctfmon.exe (1360)";"Trojaans paard PSW.Generic9.UCX";""

"C:\WINDOWS\system32\ctfmon.exe (1360):\memory_00bb0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\WINDOWS\system32\searchindexer.exe (2788)";"Trojaans paard PSW.Generic9.UCX";""

"C:\WINDOWS\system32\searchindexer.exe (2788):\memory_0bfc0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\WINDOWS\system32\services.exe (704)";"Trojaans paard PSW.Agent.ASOH";""

"C:\WINDOWS\system32\services.exe (704):\memory_00ea0000";"Trojaans paard PSW.Agent.ASOH";"Object is niet toegankelijk."

"C:\WINDOWS\system32\services.exe (704):\memory_01270000";"Trojaans paard PSW.Agent.ASOI";"Object is niet toegankelijk."

"C:\WINDOWS\system32\svchost.exe (1056)";"Trojaans paard PSW.Generic9.UCX";""

"C:\WINDOWS\system32\svchost.exe (1056):\memory_01650000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\WINDOWS\system32\svchost.exe (1056):\memory_01d10000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk."

"C:\WINDOWS\system32\svchost.exe (1092)";"Trojaans paard PSW.Generic9.UCX";""

"C:\WINDOWS\system32\svchost.exe (1092):\memory_00640000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\WINDOWS\system32\svchost.exe (1092):\memory_00ac0000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk."

"C:\WINDOWS\system32\svchost.exe (2432)";"Trojaans paard PSW.Generic9.UCX";""

"C:\WINDOWS\system32\svchost.exe (2432):\memory_01220000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\WINDOWS\system32\svchost.exe (2432):\memory_012e0000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk."

"C:\WINDOWS\system32\svchost.exe (892)";"Trojaans paard PSW.Generic9.UCX";""

"C:\WINDOWS\system32\svchost.exe (892):\memory_00ac0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."

"C:\WINDOWS\system32\svchost.exe (892):\memory_00cf0000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk."

"C:\WINDOWS\system32\winlogon.exe (660)";"Trojaans paard PSW.Agent.AUET";""

"C:\WINDOWS\system32\winlogon.exe (660):\memory_01530000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk."

[kape]

Vreemd ... er zitten zelfs bestanden van AVG zelf tussen ???

Download TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

[paolo]

15:53:37.0406 1852 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

15:53:38.0531 1852 ============================================================

15:53:38.0531 1852 Current date / time: 2012/06/22 15:53:38.0531

15:53:38.0531 1852 SystemInfo:

15:53:38.0531 1852

15:53:38.0531 1852 OS Version: 5.1.2600 ServicePack: 3.0

15:53:38.0531 1852 Product type: Workstation

15:53:38.0531 1852 ComputerName: PAOLO

15:53:38.0531 1852 UserName: Eigenaar

15:53:38.0531 1852 Windows directory: C:\WINDOWS

15:53:38.0531 1852 System windows directory: C:\WINDOWS

15:53:38.0531 1852 Processor architecture: Intel x86

15:53:38.0531 1852 Number of processors: 1

15:53:38.0531 1852 Page size: 0x1000

15:53:38.0531 1852 Boot type: Normal boot

15:53:38.0531 1852 ============================================================

15:53:41.0796 1852 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

15:53:42.0390 1852 ============================================================

15:53:42.0390 1852 \Device\Harddisk0\DR0:

15:53:42.0390 1852 MBR partitions:

15:53:42.0390 1852 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEA60903

15:53:42.0421 1852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEA60981, BlocksNum 0xE75FD3F

15:53:42.0421 1852 ============================================================

15:53:42.0531 1852 C: <-> \Device\Harddisk0\DR0\Partition0

15:53:42.0562 1852 D: <-> \Device\Harddisk0\DR0\Partition1

15:53:42.0562 1852 ============================================================

15:53:42.0562 1852 Initialize success

15:53:42.0562 1852 ============================================================

15:53:44.0859 3200 ============================================================

15:53:44.0859 3200 Scan started

15:53:44.0859 3200 Mode: Manual;

15:53:44.0859 3200 ============================================================

15:53:46.0062 3200 Abiosdsk - ok

15:53:46.0062 3200 abp480n5 - ok

15:53:46.0203 3200 ACDaemon (127532ee2de2333e1b72a7482b739a82) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

15:53:46.0265 3200 ACDaemon - ok

15:53:46.0359 3200 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:53:46.0515 3200 ACPI - ok

15:53:46.0546 3200 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:53:46.0703 3200 ACPIEC - ok

15:53:46.0859 3200 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

15:53:46.0953 3200 AdobeFlashPlayerUpdateSvc - ok

15:53:46.0953 3200 adpu160m - ok

15:53:47.0031 3200 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:53:47.0218 3200 aec - ok

15:53:47.0250 3200 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys

15:53:47.0437 3200 Afc - ok

15:53:47.0531 3200 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

15:53:47.0750 3200 AFD - ok

15:53:47.0765 3200 Aha154x - ok

15:53:47.0781 3200 aic78u2 - ok

15:53:47.0828 3200 aic78xx - ok

15:53:49.0812 3200 ALCXWDM (5003d2e3f6b220ed3b0f1ac2816c2a18) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

15:53:50.0203 3200 ALCXWDM - ok

15:53:50.0609 3200 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll

15:53:52.0062 3200 Alerter - ok

15:53:52.0156 3200 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe

15:53:52.0156 3200 ALG - ok

15:53:52.0187 3200 AliIde - ok

15:53:52.0234 3200 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

15:53:52.0265 3200 AmdK8 - ok

15:53:52.0281 3200 amsint - ok

15:53:52.0359 3200 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys

15:53:52.0390 3200 androidusb - ok

15:53:52.0421 3200 AppMgmt - ok

15:53:52.0437 3200 asc - ok

15:53:52.0437 3200 asc3350p - ok

15:53:52.0453 3200 asc3550 - ok

15:53:52.0640 3200 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

15:53:52.0734 3200 aspnet_state - ok

15:53:52.0750 3200 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:53:52.0921 3200 AsyncMac - ok

15:53:52.0953 3200 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:53:52.0953 3200 atapi - ok

15:53:52.0968 3200 Atdisk - ok

15:53:53.0156 3200 Ati HotKey Poller (a2eaeb497ca29ecaeaf0df66ad85c57d) C:\WINDOWS\System32\Ati2evxx.exe

15:53:53.0390 3200 Ati HotKey Poller - ok

15:53:53.0656 3200 ATI Smart (312a17dff710a0f4e6d4dd1d52ead1a8) C:\WINDOWS\system32\ati2sgag.exe

15:53:53.0890 3200 ATI Smart - ok

15:53:54.0562 3200 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

15:53:54.0750 3200 ati2mtag - ok

15:53:55.0203 3200 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:53:55.0406 3200 Atmarpc - ok

15:53:55.0468 3200 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll

15:53:55.0656 3200 AudioSrv - ok

15:53:55.0671 3200 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:53:55.0843 3200 audstub - ok

15:53:56.0109 3200 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

15:53:56.0171 3200 AVG Security Toolbar Service - ok

15:53:56.0343 3200 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe

15:53:56.0437 3200 avg9wd - ok

15:53:56.0562 3200 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys

15:53:56.0656 3200 AvgLdx86 - ok

15:53:56.0687 3200 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys

15:53:56.0718 3200 AvgMfx86 - ok

15:53:56.0750 3200 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys

15:53:56.0812 3200 AvgRkx86 - ok

15:53:56.0937 3200 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys

15:53:57.0031 3200 AvgTdiX - ok

15:53:57.0062 3200 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:53:57.0250 3200 Beep - ok

15:53:57.0468 3200 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll

15:53:57.0828 3200 BITS - ok

15:53:57.0890 3200 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll

15:53:57.0906 3200 Browser - ok

15:53:57.0906 3200 catchme - ok

15:53:58.0171 3200 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:53:58.0218 3200 cbidf2k - ok

15:53:58.0218 3200 cd20xrnt - ok

15:53:58.0234 3200 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:53:58.0250 3200 Cdaudio - ok

15:53:58.0328 3200 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:53:58.0343 3200 Cdfs - ok

15:53:58.0359 3200 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:53:58.0359 3200 Cdrom - ok

15:53:58.0375 3200 Changer - ok

15:53:58.0406 3200 cisvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe

15:53:58.0406 3200 cisvc - ok

15:53:58.0437 3200 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe

15:53:58.0453 3200 ClipSrv - ok

15:53:58.0718 3200 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:53:58.0812 3200 clr_optimization_v2.0.50727_32 - ok

15:53:58.0875 3200 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:53:58.0921 3200 clr_optimization_v4.0.30319_32 - ok

15:53:58.0921 3200 CmdIde - ok

15:53:58.0937 3200 COMSysApp - ok

15:53:58.0953 3200 Cpqarray - ok

15:53:58.0984 3200 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll

15:53:58.0984 3200 CryptSvc - ok

15:53:59.0000 3200 dac2w2k - ok

15:53:59.0015 3200 dac960nt - ok

15:53:59.0093 3200 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll

15:53:59.0093 3200 DcomLaunch - ok

15:53:59.0140 3200 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll

15:53:59.0140 3200 Dhcp - ok

15:53:59.0156 3200 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:53:59.0156 3200 Disk - ok

15:53:59.0156 3200 dmadmin - ok

15:53:59.0218 3200 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys

15:53:59.0250 3200 dmboot - ok

15:53:59.0265 3200 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys

15:53:59.0281 3200 dmio - ok

15:53:59.0312 3200 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:53:59.0312 3200 dmload - ok

15:53:59.0343 3200 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll

15:53:59.0343 3200 dmserver - ok

15:53:59.0375 3200 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:53:59.0375 3200 DMusic - ok

15:53:59.0406 3200 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll

15:53:59.0406 3200 Dnscache - ok

15:53:59.0453 3200 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll

15:53:59.0453 3200 Dot3svc - ok

15:53:59.0453 3200 dpti2o - ok

15:53:59.0468 3200 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:53:59.0468 3200 drmkaud - ok

15:53:59.0500 3200 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll

15:53:59.0500 3200 EapHost - ok

15:53:59.0546 3200 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll

15:53:59.0546 3200 ERSvc - ok

15:53:59.0578 3200 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe

15:53:59.0593 3200 Eventlog - ok

15:53:59.0640 3200 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\System32\es.dll

15:53:59.0640 3200 EventSystem - ok

15:53:59.0734 3200 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:53:59.0750 3200 Fastfat - ok

15:53:59.0796 3200 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

15:53:59.0796 3200 FastUserSwitchingCompatibility - ok

15:53:59.0828 3200 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:53:59.0828 3200 Fdc - ok

15:53:59.0843 3200 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys

15:53:59.0843 3200 Fips - ok

15:54:00.0015 3200 FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

15:54:00.0046 3200 FirebirdServerMAGIXInstance - ok

15:54:00.0125 3200 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

15:54:00.0125 3200 Flpydisk - ok

15:54:00.0156 3200 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:54:00.0156 3200 FltMgr - ok

15:54:00.0250 3200 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

15:54:00.0250 3200 FontCache3.0.0.0 - ok

15:54:00.0281 3200 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

15:54:00.0281 3200 fssfltr - ok

15:54:00.0421 3200 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe

15:54:00.0437 3200 fsssvc - ok

15:54:00.0468 3200 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:54:00.0468 3200 Fs_Rec - ok

15:54:00.0484 3200 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:54:00.0500 3200 Ftdisk - ok

15:54:00.0500 3200 GMSIPCI - ok

15:54:00.0562 3200 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:54:00.0562 3200 Gpc - ok

15:54:00.0625 3200 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

15:54:00.0640 3200 gupdate - ok

15:54:00.0640 3200 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

15:54:00.0640 3200 gupdatem - ok

15:54:00.0734 3200 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

15:54:00.0734 3200 helpsvc - ok

15:54:00.0750 3200 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll

15:54:00.0765 3200 HidServ - ok

15:54:00.0781 3200 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:54:00.0781 3200 HidUsb - ok

15:54:00.0828 3200 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll

15:54:00.0843 3200 hkmsvc - ok

15:54:00.0843 3200 hpn - ok

15:54:00.0859 3200 hpt3xx - ok

15:54:00.0906 3200 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:54:00.0906 3200 HTTP - ok

15:54:00.0953 3200 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll

15:54:00.0953 3200 HTTPFilter - ok

15:54:00.0968 3200 i2omgmt - ok

15:54:00.0968 3200 i2omp - ok

15:54:01.0015 3200 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:54:01.0015 3200 i8042prt - ok

15:54:01.0140 3200 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:54:01.0156 3200 idsvc - ok

15:54:01.0187 3200 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:54:01.0187 3200 Imapi - ok

15:54:01.0234 3200 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe

15:54:01.0234 3200 ImapiService - ok

15:54:01.0250 3200 ini910u - ok

15:54:01.0265 3200 IntelIde - ok

15:54:01.0296 3200 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:54:01.0296 3200 ip6fw - ok

15:54:01.0343 3200 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:54:01.0343 3200 IpFilterDriver - ok

15:54:01.0359 3200 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:54:01.0359 3200 IpInIp - ok

15:54:01.0390 3200 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:54:01.0406 3200 IpNat - ok

15:54:01.0421 3200 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:54:01.0421 3200 IPSec - ok

15:54:01.0437 3200 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:54:01.0437 3200 IRENUM - ok

15:54:01.0468 3200 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:54:01.0468 3200 isapnp - ok

15:54:01.0609 3200 JavaQuickStarterService (74e30a41cdcf331c74bc4d97be40cc5b) C:\Program Files\Java\jre6\bin\jqs.exe

15:54:01.0609 3200 JavaQuickStarterService - ok

15:54:01.0656 3200 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:54:01.0656 3200 Kbdclass - ok

15:54:01.0703 3200 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

15:54:01.0703 3200 kbdhid - ok

15:54:01.0734 3200 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:54:01.0750 3200 kmixer - ok

15:54:01.0781 3200 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:54:01.0796 3200 KSecDD - ok

15:54:01.0828 3200 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll

15:54:01.0828 3200 lanmanserver - ok

15:54:01.0875 3200 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll

15:54:01.0906 3200 lanmanworkstation - ok

15:54:01.0906 3200 lbrtfdc - ok

15:54:01.0953 3200 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll

15:54:01.0953 3200 LmHosts - ok

15:54:02.0015 3200 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

15:54:02.0015 3200 MDM - ok

15:54:02.0046 3200 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll

15:54:02.0046 3200 Messenger - ok

15:54:02.0078 3200 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:54:02.0093 3200 mnmdd - ok

15:54:02.0125 3200 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\System32\mnmsrvc.exe

15:54:02.0125 3200 mnmsrvc - ok

15:54:02.0140 3200 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys

15:54:02.0140 3200 Modem - ok

15:54:02.0171 3200 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:54:02.0171 3200 Mouclass - ok

15:54:02.0218 3200 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:54:02.0218 3200 mouhid - ok

15:54:02.0234 3200 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:54:02.0234 3200 MountMgr - ok

15:54:02.0250 3200 mraid35x - ok

15:54:02.0265 3200 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:54:02.0265 3200 MRxDAV - ok

15:54:02.0328 3200 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:54:02.0343 3200 MRxSmb - ok

15:54:02.0375 3200 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\System32\msdtc.exe

15:54:02.0375 3200 MSDTC - ok

15:54:02.0390 3200 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:54:02.0390 3200 Msfs - ok

15:54:02.0406 3200 MSIServer - ok

15:54:02.0421 3200 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:54:02.0421 3200 MSKSSRV - ok

15:54:02.0437 3200 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:54:02.0437 3200 MSPCLOCK - ok

15:54:02.0453 3200 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:54:02.0453 3200 MSPQM - ok

15:54:02.0468 3200 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:54:02.0468 3200 mssmbios - ok

15:54:02.0500 3200 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:54:02.0500 3200 Mup - ok

15:54:02.0546 3200 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll

15:54:02.0562 3200 napagent - ok

15:54:02.0578 3200 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:54:02.0593 3200 NDIS - ok

15:54:02.0625 3200 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:54:02.0625 3200 NdisTapi - ok

15:54:02.0656 3200 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:54:02.0656 3200 Ndisuio - ok

15:54:02.0671 3200 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:54:02.0687 3200 NdisWan - ok

15:54:02.0703 3200 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:54:02.0703 3200 NDProxy - ok

15:54:02.0718 3200 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:54:02.0718 3200 NetBIOS - ok

15:54:02.0750 3200 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:54:02.0750 3200 NetBT - ok

15:54:02.0781 3200 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe

15:54:02.0796 3200 NetDDE - ok

15:54:02.0796 3200 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe

15:54:02.0796 3200 NetDDEdsdm - ok

15:54:02.0828 3200 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

15:54:02.0828 3200 Netlogon - ok

15:54:02.0859 3200 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll

15:54:02.0859 3200 Netman - ok

15:54:02.0953 3200 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:54:02.0953 3200 NetTcpPortSharing - ok

15:54:03.0000 3200 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll

15:54:03.0000 3200 Nla - ok

15:54:03.0031 3200 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:54:03.0031 3200 Npfs - ok

15:54:03.0078 3200 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:54:03.0078 3200 Ntfs - ok

15:54:03.0093 3200 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\System32\lsass.exe

15:54:03.0093 3200 NtLmSsp - ok

15:54:03.0156 3200 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll

15:54:03.0171 3200 NtmsSvc - ok

15:54:03.0203 3200 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:54:03.0203 3200 Null - ok

15:54:03.0234 3200 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys

15:54:03.0234 3200 nvata - ok

15:54:03.0265 3200 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

15:54:03.0265 3200 NVENETFD - ok

15:54:03.0281 3200 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

15:54:03.0281 3200 nvnetbus - ok

15:54:03.0328 3200 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:54:03.0328 3200 NwlnkFlt - ok

15:54:03.0359 3200 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:54:03.0359 3200 NwlnkFwd - ok

15:54:03.0421 3200 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:54:03.0453 3200 ose - ok

15:54:03.0500 3200 ousb2hub (b69051d59730c61d188adbabfc7c0517) C:\WINDOWS\system32\DRIVERS\ousb2hub.sys

15:54:03.0515 3200 ousb2hub - ok

15:54:03.0546 3200 ousbehci (46c4b42e2621a9b002f93ed18b349254) C:\WINDOWS\system32\Drivers\ousbehci.sys

15:54:03.0546 3200 ousbehci - ok

15:54:03.0593 3200 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys

15:54:03.0593 3200 Parport - ok

15:54:03.0625 3200 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:54:03.0625 3200 PartMgr - ok

15:54:03.0687 3200 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys

15:54:03.0687 3200 ParVdm - ok

15:54:03.0703 3200 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys

15:54:03.0765 3200 PCI - ok

15:54:03.0781 3200 PCIDump - ok

15:54:03.0921 3200 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:54:03.0937 3200 PCIIde - ok

15:54:03.0984 3200 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:54:03.0984 3200 Pcmcia - ok

15:54:04.0000 3200 PDCOMP - ok

15:54:04.0031 3200 PDFRAME - ok

15:54:04.0046 3200 PDRELI - ok

15:54:04.0062 3200 PDRFRAME - ok

15:54:04.0078 3200 perc2 - ok

15:54:04.0093 3200 perc2hib - ok

15:54:04.0187 3200 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe

15:54:04.0187 3200 PlugPlay - ok

15:54:04.0218 3200 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

15:54:04.0234 3200 PolicyAgent - ok

15:54:04.0250 3200 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:54:04.0250 3200 PptpMiniport - ok

15:54:04.0296 3200 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys

15:54:04.0296 3200 Processor - ok

15:54:04.0312 3200 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

15:54:04.0312 3200 ProtectedStorage - ok

15:54:04.0343 3200 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:54:04.0343 3200 PSched - ok

15:54:04.0375 3200 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:54:04.0375 3200 Ptilink - ok

15:54:04.0406 3200 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

15:54:04.0421 3200 PxHelp20 - ok

15:54:04.0437 3200 ql1080 - ok

15:54:04.0453 3200 Ql10wnt - ok

15:54:04.0453 3200 ql12160 - ok

15:54:04.0468 3200 ql1240 - ok

15:54:04.0468 3200 ql1280 - ok

15:54:04.0500 3200 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:54:04.0500 3200 RasAcd - ok

15:54:04.0531 3200 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll

15:54:04.0531 3200 RasAuto - ok

15:54:04.0562 3200 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:54:04.0578 3200 Rasl2tp - ok

15:54:04.0625 3200 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll

15:54:04.0625 3200 RasMan - ok

15:54:04.0640 3200 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:54:04.0640 3200 RasPppoe - ok

15:54:04.0656 3200 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:54:04.0656 3200 Raspti - ok

15:54:04.0671 3200 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:54:04.0687 3200 Rdbss - ok

15:54:04.0687 3200 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:54:04.0703 3200 RDPCDD - ok

15:54:04.0750 3200 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

15:54:04.0750 3200 RDPWD - ok

15:54:04.0781 3200 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe

15:54:04.0796 3200 RDSessMgr - ok

15:54:04.0812 3200 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:54:04.0812 3200 redbook - ok

15:54:04.0843 3200 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll

15:54:04.0843 3200 RemoteAccess - ok

15:54:04.0875 3200 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\System32\locator.exe

15:54:04.0875 3200 RpcLocator - ok

15:54:04.0937 3200 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\System32\rpcss.dll

15:54:04.0937 3200 RpcSs - ok

15:54:04.0984 3200 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\System32\rsvp.exe

15:54:04.0984 3200 RSVP - ok

15:54:05.0015 3200 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

15:54:05.0015 3200 SamSs - ok

15:54:05.0046 3200 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe

15:54:05.0046 3200 SCardSvr - ok

15:54:05.0093 3200 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll

15:54:05.0109 3200 Schedule - ok

15:54:05.0140 3200 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:54:05.0140 3200 Secdrv - ok

15:54:05.0156 3200 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll

15:54:05.0171 3200 seclogon - ok

15:54:05.0187 3200 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll

15:54:05.0187 3200 SENS - ok

15:54:05.0234 3200 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:54:05.0234 3200 serenum - ok

15:54:05.0250 3200 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys

15:54:05.0250 3200 Serial - ok

15:54:05.0281 3200 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:54:05.0296 3200 Sfloppy - ok

15:54:05.0343 3200 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll

15:54:05.0343 3200 SharedAccess - ok

15:54:05.0375 3200 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

15:54:05.0390 3200 ShellHWDetection - ok

15:54:05.0390 3200 Simbad - ok

15:54:05.0484 3200 SPAMfighter Update Service (1ec0a00a13095e8423548dfa3394e727) C:\Program Files\Fighters\SPAMfighter\sfus.exe

15:54:05.0484 3200 SPAMfighter Update Service - ok

15:54:05.0500 3200 Sparrow - ok

15:54:05.0515 3200 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:54:05.0531 3200 splitter - ok

15:54:05.0562 3200 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

15:54:05.0562 3200 Spooler - ok

15:54:05.0609 3200 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys

15:54:05.0609 3200 sr - ok

15:54:05.0656 3200 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll

15:54:05.0656 3200 srservice - ok

15:54:05.0703 3200 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

15:54:05.0703 3200 Srv - ok

15:54:05.0750 3200 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys

15:54:05.0750 3200 ssadbus - ok

15:54:05.0765 3200 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys

15:54:05.0765 3200 ssadmdfl - ok

15:54:05.0796 3200 ssadmdm (9afaa23421622c392b55508fa9613949) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys

15:54:05.0796 3200 ssadmdm - ok

15:54:05.0828 3200 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll

15:54:05.0843 3200 SSDPSRV - ok

15:54:05.0875 3200 ssm_bus (9ece19a1a4f4896597c3bb840fbfa721) C:\WINDOWS\system32\DRIVERS\ssm_bus.sys

15:54:05.0875 3200 ssm_bus - ok

15:54:05.0906 3200 ssm_mdfl (8e93a17a5253999a0e7c332f475699dc) C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys

15:54:05.0906 3200 ssm_mdfl - ok

15:54:05.0953 3200 ssm_mdm (c0ba1357c63deacf3b3ccf4b989fef06) C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys

15:54:05.0968 3200 ssm_mdm - ok

15:54:05.0984 3200 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys

15:54:05.0984 3200 StarOpen - ok

15:54:06.0031 3200 StillCam (bf8aa066bb0398ddcbc9573153d39b8c) C:\WINDOWS\system32\DRIVERS\serscan.sys

15:54:06.0031 3200 StillCam - ok

15:54:06.0093 3200 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll

15:54:06.0093 3200 stisvc - ok

15:54:06.0140 3200 STV680 (a7c201297fa5118b95518f31af729da0) C:\WINDOWS\system32\drivers\STV680.sys

15:54:06.0156 3200 STV680 - ok

15:54:06.0328 3200 Suite Service (a7e21e907c39fab021ced41296fc8019) C:\Program Files\Fighters\FighterSuiteService.exe

15:54:06.0343 3200 Suite Service - ok

15:54:06.0437 3200 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:54:06.0437 3200 swenum - ok

15:54:06.0453 3200 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:54:06.0453 3200 swmidi - ok

15:54:06.0468 3200 SwPrv - ok

15:54:06.0468 3200 symc810 - ok

15:54:06.0484 3200 symc8xx - ok

15:54:06.0500 3200 sym_hi - ok

15:54:06.0500 3200 sym_u3 - ok

15:54:06.0515 3200 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:54:06.0531 3200 sysaudio - ok

15:54:06.0562 3200 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe

15:54:06.0562 3200 SysmonLog - ok

15:54:06.0609 3200 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll

15:54:06.0609 3200 TapiSrv - ok

15:54:06.0671 3200 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:54:06.0687 3200 Tcpip - ok

15:54:06.0703 3200 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:54:06.0718 3200 TDPIPE - ok

15:54:06.0734 3200 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:54:06.0734 3200 TDTCP - ok

15:54:06.0750 3200 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:54:06.0765 3200 TermDD - ok

15:54:06.0796 3200 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll

15:54:06.0812 3200 TermService - ok

15:54:06.0859 3200 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

15:54:06.0859 3200 Themes - ok

15:54:06.0875 3200 TosIde - ok

15:54:06.0890 3200 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll

15:54:06.0890 3200 TrkWks - ok

15:54:06.0921 3200 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:54:06.0921 3200 Udfs - ok

15:54:06.0937 3200 ultra - ok

15:54:07.0000 3200 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:54:07.0015 3200 Update - ok

15:54:07.0046 3200 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll

15:54:07.0046 3200 upnphost - ok

15:54:07.0156 3200 UPnPService (7ce0fe34fd8fb7f52d1e503b0c1e4fa9) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

15:54:07.0171 3200 UPnPService - ok

15:54:07.0187 3200 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe

15:54:07.0203 3200 UPS - ok

15:54:07.0234 3200 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:54:07.0234 3200 usbccgp - ok

15:54:07.0265 3200 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:54:07.0281 3200 usbhub - ok

15:54:07.0312 3200 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

15:54:07.0312 3200 usbohci - ok

15:54:07.0343 3200 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:54:07.0359 3200 USBSTOR - ok

15:54:07.0390 3200 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

15:54:07.0390 3200 usb_rndisx - ok

15:54:07.0406 3200 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:54:07.0406 3200 VgaSave - ok

15:54:07.0421 3200 ViaIde - ok

15:54:07.0453 3200 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys

15:54:07.0453 3200 VolSnap - ok

15:54:07.0484 3200 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe

15:54:07.0500 3200 VSS - ok

15:54:07.0609 3200 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

15:54:07.0625 3200 vToolbarUpdater11.1.0 - ok

15:54:07.0656 3200 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll

15:54:07.0671 3200 W32Time - ok

15:54:07.0718 3200 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:54:07.0718 3200 Wanarp - ok

15:54:07.0781 3200 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

15:54:07.0796 3200 Wdf01000 - ok

15:54:07.0796 3200 WDICA - ok

15:54:07.0828 3200 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:54:07.0828 3200 wdmaud - ok

15:54:07.0859 3200 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll

15:54:07.0875 3200 WebClient - ok

15:54:07.0921 3200 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll

15:54:07.0921 3200 winmgmt - ok

15:54:08.0031 3200 WinRM (250f8d15406269cb3a690b4a4859d92d) C:\WINDOWS\system32\WsmSvc.dll

15:54:08.0062 3200 WinRM - ok

15:54:08.0093 3200 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

15:54:08.0109 3200 WmdmPmSN - ok

15:54:08.0140 3200 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\System32\wbem\wmiapsrv.exe

15:54:08.0140 3200 WmiApSrv - ok

15:54:08.0281 3200 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe

15:54:08.0296 3200 WMPNetworkSvc - ok

15:54:08.0343 3200 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

15:54:08.0343 3200 WpdUsb - ok

15:54:08.0484 3200 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

15:54:08.0500 3200 WPFFontCache_v0400 - ok

15:54:08.0531 3200 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

15:54:08.0546 3200 WS2IFSL - ok

15:54:08.0578 3200 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll

15:54:08.0593 3200 wscsvc - ok

15:54:08.0593 3200 WSearch - ok

15:54:08.0609 3200 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll

15:54:08.0640 3200 wuauserv - ok

15:54:08.0671 3200 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:54:08.0687 3200 WudfPf - ok

15:54:08.0703 3200 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:54:08.0718 3200 WudfRd - ok

15:54:08.0734 3200 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

15:54:08.0750 3200 WudfSvc - ok

15:54:08.0812 3200 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll

15:54:08.0828 3200 WZCSVC - ok

15:54:08.0875 3200 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll

15:54:08.0906 3200 xmlprov - ok

15:54:08.0906 3200 xpsec - ok

15:54:08.0937 3200 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0

15:54:09.0343 3200 \Device\Harddisk0\DR0 - ok

15:54:09.0343 3200 Boot (0x1200) (5a79a42dc2ed4deaced87b41a79c25bc) \Device\Harddisk0\DR0\Partition0

15:54:09.0343 3200 \Device\Harddisk0\DR0\Partition0 - ok

15:54:09.0375 3200 Boot (0x1200) (1c9dd1011de39039774693cb03ff007b) \Device\Harddisk0\DR0\Partition1

15:54:09.0375 3200 \Device\Harddisk0\DR0\Partition1 - ok

15:54:09.0375 3200 ============================================================

15:54:09.0375 3200 Scan finished

15:54:09.0375 3200 ============================================================

15:54:09.0390 3832 Detected object count: 0

15:54:09.0390 3832 Actual detected object count: 0

Bovenstaande log file was nadat ik moest rebooten en weer een scan deed.

[kape]

Weer niets gevonden. Laten we er even een andere scanner op los :

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.

• Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  
• Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
  
  
• Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  
• Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  
• Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  
• Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
  
• Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
  
  
• Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  
• Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  
• Herstart nu de computer.