Trojan Horse Generic 30. HEH

[KellyMoosje]

Heey!

Zoals de titel al zegt heb ik last van Trojan horse.

Ik heb al op internet gezocht en meerdere scanners geprobeerd. Maar ze werkte allemaal niet.

Nu heb ik Hijackthis geprobeert en dit kwam er uit:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:30:15, on 17-11-2012

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.19088)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe

C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\KPN\bin\sprtcmd.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE

C:\Program Files\KPN\KPN Update\KPNAssistentUpdater.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\System32\atwtusb.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

C:\Users\iriskelly\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Users\iriskelly\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\iriskelly\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\iriskelly\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Users\iriskelly\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\iriskelly\Downloads\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hyves.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hyves.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL

O1 - Hosts: ::1 localhost

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA

O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe

O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

O4 - HKLM\..\Run: [KPN] "C:\Program Files\KPN\bin\sprtcmd.exe" /P KPN

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [KPNAssistentUpdater] C:\Program Files\KPN\KPN Update\KPNAssistentUpdater.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\iriskelly\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\RunOnce: [KPN Assistent Update] C:\ProgramData\UpdateKPNAssistent.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Dropbox.lnk = C:\Users\iriskelly\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm914YYNL

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL (file missing)

O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/CursorManiaInitialSetup1.0.1.1.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe

O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe

O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 14328 bytes

En natuurlijk snap ik er helemaal niets van dus ik hoop dat jullie me kunnen helpen!

Alvast bedankt!

[kape]

Ga naar Start - Alle programma's - Bureauaccesoires.

Zoek het icoon van het opdrachtprompt en klik er op met de rechter muisknop en kies dan in het lijstje voor “uitvoeren als administrator” om het opdrachtprompt te openen.

Tik in: sc stop MyWebSearchService en druk op Enter.

Tik in: sc delete MyWebSearchService en druk op Enter.

Tik in exit en druk Enter.

Als je op een van deze instructies een foutmelding krijgt, ga dan gewoon door met de volgende instructie.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\RunOnce: [KPN Assistent Update] C:\ProgramData\UpdateKPNAssistent.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm914YYNL

O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - eBay, de wereldwijde online handelsplaats (file missing)

O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=h ome (file missing)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/CursorManiaInitialS etup1.0.1.1.cab

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

[KellyMoosje]

Malwarebytes Anti-Malware 1.65.1.1000

Malwarebytes : Free anti-malware download

Databaseversie: v2012.11.18.01

Windows Vista Service Pack 1 x86 NTFS

Internet Explorer 8.0.6001.19088

iriskelly :: PC_VAN_IRISKELL [administrator]

18-11-2012 12:26:12

mbam-log-2012-11-18 (12-26-12).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 207870

Verstreken tijd: 45 minuut/minuten, 12 seconde(n)

Geheugenprocessen gedetecteerd: 2

C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (PUP.MyWebSearch) -> 480 -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> 1340 -> Zal worden verwijderd tijdens het herstarten.

Geheugenmodulen gedetecteerd: 5

C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (PUP.MyWebSearch) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (PUP.MyWebSearch) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (PUP.MyWebSearch) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Zal worden verwijderd tijdens het herstarten.

Registersleutels gedetecteerd: 119

HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\MyWebSearchToolBar.SettingsPlugin.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\MyWebSearchToolBar.SettingsPlugin (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\FunWebProducts.IECookiesManager.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\FunWebProducts.IECookiesManager (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\FunWebProducts.DataControl.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\FunWebProducts.DataControl (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\FunWebProducts.HTMLMenu.2 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\FunWebProducts.HTMLMenu (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\MyWebSearch.HTMLPanel.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\MyWebSearch.HTMLPanel (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\MyWebSearchToolBar.ToolbarPlugin (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\FunWebProducts.PopSwatterSettingsControl.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\FunWebProducts.PopSwatterSettingsControl (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\MyWebSearch.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\MyWebSearch.PseudoTransparentPlugin (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\FunWebProducts.PopSwatterBarButton.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\FunWebProducts.PopSwatterBarButton (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\FunWebProducts.HTMLMenu.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\MyWebSearch.OutlookAddin.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\FunWebProducts.KillerObjManager.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\FunWebProducts.KillerObjManager (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\FunWebProducts.HistoryKillerScheduler.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\FunWebProducts.HistoryKillerScheduler (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\FunWebProducts.HistorySwatterControlBar.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\FunWebProducts.HistorySwatterControlBar (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\MyWebSearch.ChatSessionPlugin.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\MyWebSearch.ChatSessionPlugin (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\Software\AppDataLow\Software\MyWebSearch (PUP.MyWebsearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\FunWebProducts (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 4

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: ©Ž±#¥aI¶»

äG\Ê -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 13

C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files\MyWebSearch\bar\1.bin (PUP.MyWebSearch) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files\MyWebSearch\bar\Avatar (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Game (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\icons (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Message (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Notifier (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 76

C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (PUP.MyWebSearch) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (PUP.MyWebSearch) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (PUP.MyWebSearch) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (PUP.MyWebSearch) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (PUP.MyWebSearch) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\f3hkstub.dll.vir (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\m3SrchMn.exe.vir (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\mwsoemon.exe.vir (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\mwsoestb.dll.vir (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\mwssvc.exe.vir (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\icons\CM.ICO (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\icons\WB.ICO (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:36:51, on 18-11-2012

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.19088)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe

C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe

C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\KPN\bin\sprtcmd.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\KPN\KPN Update\KPNAssistentUpdater.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\System32\atwtusb.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\iriskelly\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wuauclt.exe

C:\Users\iriskelly\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\iriskelly\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\iriskelly\Downloads\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hyves

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA

O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe

O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

O4 - HKLM\..\Run: [KPN] "C:\Program Files\KPN\bin\sprtcmd.exe" /P KPN

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [KPNAssistentUpdater] C:\Program Files\KPN\KPN Update\KPNAssistentUpdater.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\iriskelly\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Dropbox.lnk = C:\Users\iriskelly\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe

O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 12273 bytes

[kape]

Malwarebytes heeft behoorlijk wat rotzooi van de PC gehaald. Om alle aangeduide bestanden compleet te verwijderen, moet je de PC afsluiten en weer opstarten. Logje HijackThis ziet er nu prima uit. Krijg je nu nog meldingen van Trojaantjes ?

18 november 2012 aangepast door kape

[KellyMoosje]

Ja bedankt voor de aanwijzingen! Ik krijg nog wel steeds de melding dat ik de Trojan heb...

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[KellyMoosje]

ComboFix 12-11-23.02 - iriskelly 23-11-2012 20:38:56.1.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.31.1043.18.1915.680 [GMT 1:00]

Gestart vanuit: c:\users\iriskelly\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\pt

c:\windows\system32\pt\toscdspd.cpl.mui

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-23 to 2012-11-23 ))))))))))))))))))))))))))))))

.

.

2012-11-23 19:56 . 2012-11-23 19:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-23 18:37 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FAF956CF-9C81-4BDE-AF38-C6A70BBD47B4}\mpengine.dll

2012-11-18 11:18 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-13 21:58 . 2012-11-13 22:00 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP

2012-11-13 20:59 . 2012-11-13 20:59 -------- d-----w- c:\program files\Enigma Software Group

2012-11-02 09:10 . 2012-11-02 09:10 -------- d-----w- c:\users\iriskelly\AppData\Roaming\Malwarebytes

2012-11-02 09:09 . 2012-11-02 09:09 -------- d-----w- c:\programdata\Malwarebytes

2012-11-02 09:09 . 2012-11-18 11:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-01 19:56 . 2012-11-01 19:57 -------- d-----w- c:\program files\Trojan Remover

2012-11-01 19:56 . 2012-11-01 19:56 -------- d-----w- c:\users\iriskelly\AppData\Roaming\Simply Super Software

2012-11-01 19:56 . 2012-11-01 19:56 -------- d-----w- c:\programdata\Simply Super Software

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\iriskelly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\iriskelly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\iriskelly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-14 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"NDSTray.exe"="NDSTray.exe" [bU]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-12 30192]

"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]

"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]

"KPN"="c:\program files\KPN\bin\sprtcmd.exe" [2008-06-06 198184]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-17 2042208]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"KPNAssistentUpdater"="c:\program files\KPN\KPN Update\KPNAssistentUpdater.exe" [2010-09-13 1964928]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"atwtusb"="atwtusb.exe" [2007-05-15 323232]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-15 939872]

"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

.

c:\users\iriskelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Dropbox.lnk - c:\users\iriskelly\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-25 26909544]

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3121688333-2044271472-2189710050-1000Core.job

- c:\users\iriskelly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 16:59]

.

2012-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3121688333-2044271472-2189710050-1000UA.job

- c:\users\iriskelly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 16:59]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.hyves.nl

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKCU-Run-AdobeBridge - (no file)

HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe

AddRemove-Google Chrome - c:\users\iriskelly\AppData\Local\Google\Chrome\Application\23.0.1271.64\Installer\setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-11-23 20:57

Windows 6.0.6001 Service Pack 1 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????i?''???P?z?x?z???z???z??

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-3121688333-2044271472-2189710050-1000\Software\SecuROM\License information*]

"datasecu"=hex:20,7f,6c,41,fa,c2,eb,ba,84,f7,6e,6b,80,9b,29,f3,4e,d5,eb,6b,6d,

47,88,c4,8b,1d,1e,00,00,38,72,8e,8b,50,5d,14,03,e6,4e,aa,f8,14,8e,17,a3,bc,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2012-11-23 21:01:32

ComboFix-quarantined-files.txt 2012-11-23 20:01

.

Pre-Run: 5.846.040.576 bytes beschikbaar

Post-Run: 7.842.263.040 bytes beschikbaar

.

- - End Of File - - EED629E0F982F0A2C5C291312C8773A5

[kape]

Verwijder dit nog manueel: c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP

Download TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

24 november 2012 aangepast door kape

[KellyMoosje]

Oke mapje verwijderd.

De link van TDSSkiller deed het niet dus ik heb hem van deze site gehaald: How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?.

09:32:07.0059 5812 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

09:32:07.0278 5812 ============================================================

09:32:07.0278 5812 Current date / time: 2012/11/24 09:32:07.0278

09:32:07.0278 5812 SystemInfo:

09:32:07.0278 5812

09:32:07.0278 5812 OS Version: 6.0.6001 ServicePack: 1.0

09:32:07.0293 5812 Product type: Workstation

09:32:07.0293 5812 ComputerName: PC_VAN_IRISKELL

09:32:07.0293 5812 UserName: iriskelly

09:32:07.0293 5812 Windows directory: C:\Windows

09:32:07.0293 5812 System windows directory: C:\Windows

09:32:07.0293 5812 Processor architecture: Intel x86

09:32:07.0293 5812 Number of processors: 1

09:32:07.0293 5812 Page size: 0x1000

09:32:07.0293 5812 Boot type: Normal boot

09:32:07.0293 5812 ============================================================

09:32:08.0276 5812 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

09:32:08.0276 5812 ============================================================

09:32:08.0276 5812 \Device\Harddisk0\DR0:

09:32:08.0276 5812 MBR partitions:

09:32:08.0276 5812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x6F7A800

09:32:08.0276 5812 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7269000, BlocksNum 0x6D2B3B0

09:32:08.0276 5812 ============================================================

09:32:08.0370 5812 C: <-> \Device\Harddisk0\DR0\Partition1

09:32:08.0432 5812 E: <-> \Device\Harddisk0\DR0\Partition2

09:32:08.0432 5812 ============================================================

09:32:08.0432 5812 Initialize success

09:32:08.0432 5812 ============================================================

09:32:10.0710 4600 ============================================================

09:32:10.0710 4600 Scan started

09:32:10.0710 4600 Mode: Manual;

09:32:10.0710 4600 ============================================================

09:32:12.0207 4600 ================ Scan system memory ========================

09:32:12.0207 4600 System memory - ok

09:32:12.0207 4600 ================ Scan services =============================

09:32:12.0894 4600 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys

09:32:12.0894 4600 ACPI - ok

09:32:13.0081 4600 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\Windows\system32\drivers\adfs.sys

09:32:13.0081 4600 adfs - ok

09:32:13.0253 4600 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

09:32:13.0268 4600 adp94xx - ok

09:32:13.0299 4600 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys

09:32:13.0315 4600 adpahci - ok

09:32:13.0331 4600 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

09:32:13.0331 4600 adpu160m - ok

09:32:13.0377 4600 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

09:32:13.0377 4600 adpu320 - ok

09:32:13.0455 4600 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

09:32:13.0455 4600 AeLookupSvc - ok

09:32:13.0518 4600 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys

09:32:13.0533 4600 AFD - ok

09:32:13.0627 4600 [ 5D97943C128ED756D1B0A08302C1B1F8 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys

09:32:13.0658 4600 AgereSoftModem - ok

09:32:13.0736 4600 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys

09:32:13.0736 4600 agp440 - ok

09:32:13.0767 4600 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

09:32:13.0767 4600 aic78xx - ok

09:32:13.0892 4600 [ 14A9BA653838164A2AE148E362640197 ] aiptektp C:\Windows\system32\DRIVERS\aiptektp.sys

09:32:13.0892 4600 aiptektp - ok

09:32:13.0939 4600 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

09:32:13.0939 4600 ALG - ok

09:32:13.0970 4600 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys

09:32:13.0970 4600 aliide - ok

09:32:14.0001 4600 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys

09:32:14.0001 4600 amdagp - ok

09:32:14.0064 4600 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys

09:32:14.0079 4600 amdide - ok

09:32:14.0111 4600 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

09:32:14.0111 4600 AmdK7 - ok

09:32:14.0142 4600 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

09:32:14.0157 4600 AmdK8 - ok

09:32:14.0235 4600 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll

09:32:14.0235 4600 Appinfo - ok

09:32:14.0329 4600 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys

09:32:14.0329 4600 arc - ok

09:32:14.0360 4600 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys

09:32:14.0360 4600 arcsas - ok

09:32:14.0750 4600 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

09:32:14.0828 4600 aspnet_state - ok

09:32:14.0953 4600 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

09:32:14.0953 4600 AsyncMac - ok

09:32:14.0984 4600 [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi C:\Windows\system32\drivers\atapi.sys

09:32:14.0984 4600 atapi - ok

09:32:15.0062 4600 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

09:32:15.0078 4600 AudioEndpointBuilder - ok

09:32:15.0125 4600 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll

09:32:15.0125 4600 Audiosrv - ok

09:32:15.0421 4600 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe

09:32:15.0437 4600 AVG Security Toolbar Service - ok

09:32:15.0515 4600 [ B9AE3C63A53396CD669EF8AE9C9CBD85 ] avg8emc C:\PROGRA~1\AVG\AVG8\avgemc.exe

09:32:15.0530 4600 avg8emc - ok

09:32:15.0577 4600 [ DB338A6BD3976904EB0F8343F51E64EB ] avg8wd C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

09:32:15.0577 4600 avg8wd - ok

09:32:15.0624 4600 [ BC12F2404BB6F2B6B2FF3C4C246CB752 ] AvgLdx86 C:\Windows\System32\Drivers\avgldx86.sys

09:32:15.0639 4600 AvgLdx86 - ok

09:32:15.0671 4600 [ 5903D729D4F0C5BCA74123C96A1B29E0 ] AvgMfx86 C:\Windows\System32\Drivers\avgmfx86.sys

09:32:15.0686 4600 AvgMfx86 - ok

09:32:15.0733 4600 [ 92D8E1E8502E649B60E70074EB29C380 ] AvgTdiX C:\Windows\System32\Drivers\avgtdix.sys

09:32:15.0733 4600 AvgTdiX - ok

09:32:15.0780 4600 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

09:32:15.0795 4600 Beep - ok

09:32:15.0889 4600 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll

09:32:15.0889 4600 BFE - ok

09:32:15.0983 4600 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\system32\qmgr.dll

09:32:15.0998 4600 BITS - ok

09:32:16.0029 4600 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

09:32:16.0029 4600 blbdrive - ok

09:32:16.0107 4600 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

09:32:16.0107 4600 bowser - ok

09:32:16.0139 4600 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

09:32:16.0154 4600 BrFiltLo - ok

09:32:16.0170 4600 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

09:32:16.0185 4600 BrFiltUp - ok

09:32:16.0232 4600 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

09:32:16.0232 4600 Browser - ok

09:32:16.0279 4600 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

09:32:16.0279 4600 Brserid - ok

09:32:16.0295 4600 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

09:32:16.0295 4600 BrSerWdm - ok

09:32:16.0326 4600 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

09:32:16.0326 4600 BrUsbMdm - ok

09:32:16.0404 4600 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

09:32:16.0419 4600 BrUsbSer - ok

09:32:16.0451 4600 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

09:32:16.0451 4600 BTHMODEM - ok

09:32:16.0903 4600 catchme - ok

09:32:16.0965 4600 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

09:32:16.0981 4600 cdfs - ok

09:32:17.0012 4600 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

09:32:17.0012 4600 cdrom - ok

09:32:17.0090 4600 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll

09:32:17.0090 4600 CertPropSvc - ok

09:32:17.0137 4600 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys

09:32:17.0137 4600 circlass - ok

09:32:17.0184 4600 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys

09:32:17.0184 4600 CLFS - ok

09:32:17.0262 4600 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:32:17.0277 4600 clr_optimization_v2.0.50727_32 - ok

09:32:17.0355 4600 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:32:17.0433 4600 clr_optimization_v4.0.30319_32 - ok

09:32:17.0511 4600 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

09:32:17.0511 4600 CmBatt - ok

09:32:17.0527 4600 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys

09:32:17.0527 4600 cmdide - ok

09:32:17.0543 4600 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

09:32:17.0558 4600 Compbatt - ok

09:32:17.0574 4600 COMSysApp - ok

09:32:17.0699 4600 [ D10D01B2DFCD8D2F32A32ED29E8DA1C2 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

09:32:17.0699 4600 ConfigFree Service - ok

09:32:17.0730 4600 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

09:32:17.0730 4600 crcdisk - ok

09:32:17.0745 4600 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys

09:32:17.0745 4600 Crusoe - ok

09:32:17.0839 4600 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll

09:32:17.0839 4600 CryptSvc - ok

09:32:17.0933 4600 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll

09:32:17.0948 4600 DcomLaunch - ok

09:32:17.0995 4600 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys

09:32:17.0995 4600 DfsC - ok

09:32:18.0151 4600 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe

09:32:18.0229 4600 DFSR - ok

09:32:18.0307 4600 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll

09:32:18.0307 4600 Dhcp - ok

09:32:18.0354 4600 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys

09:32:18.0354 4600 disk - ok

09:32:18.0416 4600 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll

09:32:18.0416 4600 Dnscache - ok

09:32:18.0463 4600 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll

09:32:18.0479 4600 dot3svc - ok

09:32:18.0525 4600 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

09:32:18.0525 4600 DPS - ok

09:32:18.0572 4600 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

09:32:18.0572 4600 drmkaud - ok

09:32:18.0650 4600 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

09:32:18.0681 4600 DXGKrnl - ok

09:32:18.0728 4600 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

09:32:18.0744 4600 E1G60 - ok

09:32:18.0775 4600 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

09:32:18.0775 4600 EapHost - ok

09:32:18.0822 4600 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys

09:32:18.0837 4600 Ecache - ok

09:32:18.0900 4600 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys

09:32:18.0915 4600 elxstor - ok

09:32:19.0040 4600 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll

09:32:19.0056 4600 EMDMgmt - ok

09:32:19.0118 4600 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys

09:32:19.0118 4600 ErrDev - ok

09:32:19.0243 4600 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll

09:32:19.0243 4600 EventSystem - ok

09:32:19.0305 4600 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys

09:32:19.0305 4600 exfat - ok

09:32:19.0352 4600 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys

09:32:19.0368 4600 fastfat - ok

09:32:19.0415 4600 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

09:32:19.0430 4600 fdc - ok

09:32:19.0477 4600 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

09:32:19.0477 4600 fdPHost - ok

09:32:19.0508 4600 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

09:32:19.0508 4600 FDResPub - ok

09:32:19.0555 4600 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

09:32:19.0571 4600 FileInfo - ok

09:32:19.0586 4600 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

09:32:19.0602 4600 Filetrace - ok

09:32:19.0727 4600 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

09:32:19.0742 4600 FLEXnet Licensing Service - ok

09:32:19.0789 4600 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

09:32:19.0789 4600 flpydisk - ok

09:32:19.0851 4600 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

09:32:19.0914 4600 FltMgr - ok

09:32:20.0132 4600 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

09:32:20.0132 4600 FontCache3.0.0.0 - ok

09:32:20.0210 4600 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

09:32:20.0210 4600 fssfltr - ok

09:32:20.0429 4600 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe

09:32:20.0444 4600 fsssvc - ok

09:32:20.0507 4600 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

09:32:20.0507 4600 Fs_Rec - ok

09:32:20.0569 4600 [ CBC22823628544735625B280665E434E ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys

09:32:20.0585 4600 FwLnk - ok

09:32:20.0616 4600 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

09:32:20.0616 4600 gagp30kx - ok

09:32:20.0772 4600 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

09:32:20.0787 4600 GoogleDesktopManager-051210-111108 - ok

09:32:20.0850 4600 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll

09:32:20.0881 4600 gpsvc - ok

09:32:20.0975 4600 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

09:32:20.0990 4600 gusvc - ok

09:32:21.0131 4600 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

09:32:21.0146 4600 HdAudAddService - ok

09:32:21.0193 4600 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

09:32:21.0193 4600 HDAudBus - ok

09:32:21.0224 4600 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

09:32:21.0224 4600 HidBth - ok

09:32:21.0255 4600 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

09:32:21.0255 4600 HidIr - ok

09:32:21.0318 4600 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\System32\hidserv.dll

09:32:21.0318 4600 hidserv - ok

09:32:21.0349 4600 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

09:32:21.0349 4600 HidUsb - ok

09:32:21.0443 4600 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

09:32:21.0443 4600 hkmsvc - ok

09:32:21.0474 4600 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

09:32:21.0474 4600 HpCISSs - ok

09:32:21.0599 4600 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS

09:32:21.0614 4600 HSFHWAZL - ok

09:32:21.0739 4600 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys

09:32:21.0786 4600 HSF_DPV - ok

09:32:21.0833 4600 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys

09:32:21.0833 4600 HSXHWAZL - ok

09:32:21.0895 4600 [ 33B02459E86D0A2B86A6B9FE19139390 ] HTTP C:\Windows\system32\drivers\HTTP.sys

09:32:21.0926 4600 HTTP - ok

09:32:21.0973 4600 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys

09:32:21.0989 4600 i2omp - ok

09:32:22.0176 4600 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

09:32:22.0176 4600 i8042prt - ok

09:32:22.0316 4600 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

09:32:22.0332 4600 iaStor - ok

09:32:22.0379 4600 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

09:32:22.0394 4600 iaStorV - ok

09:32:22.0535 4600 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

09:32:22.0535 4600 IDriverT - ok

09:32:22.0659 4600 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:32:22.0691 4600 idsvc - ok

09:32:22.0893 4600 [ 6FB1858D1F0923D122B0331865695041 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys

09:32:22.0987 4600 igfx - ok

09:32:23.0096 4600 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

09:32:23.0096 4600 iirsp - ok

09:32:23.0174 4600 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll

09:32:23.0174 4600 IKEEXT - ok

09:32:23.0393 4600 [ B9CBD3DEA7CA02868621173BF7A2AF9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

09:32:23.0533 4600 IntcAzAudAddService - ok

09:32:23.0689 4600 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys

09:32:23.0705 4600 intelide - ok

09:32:23.0736 4600 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

09:32:23.0736 4600 intelppm - ok

09:32:23.0798 4600 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

09:32:23.0798 4600 IPBusEnum - ok

09:32:23.0876 4600 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:32:23.0876 4600 IpFilterDriver - ok

09:32:23.0954 4600 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

09:32:23.0954 4600 iphlpsvc - ok

09:32:23.0985 4600 IpInIp - ok

09:32:24.0079 4600 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

09:32:24.0095 4600 IPMIDRV - ok

09:32:24.0126 4600 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

09:32:24.0141 4600 IPNAT - ok

09:32:24.0157 4600 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

09:32:24.0173 4600 IRENUM - ok

09:32:24.0204 4600 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys

09:32:24.0219 4600 isapnp - ok

09:32:24.0282 4600 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

09:32:24.0282 4600 iScsiPrt - ok

09:32:24.0313 4600 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

09:32:24.0329 4600 iteatapi - ok

09:32:24.0360 4600 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

09:32:24.0360 4600 iteraid - ok

09:32:24.0375 4600 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

09:32:24.0391 4600 kbdclass - ok

09:32:24.0438 4600 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

09:32:24.0438 4600 kbdhid - ok

09:32:24.0516 4600 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe

09:32:24.0516 4600 KeyIso - ok

09:32:24.0594 4600 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

09:32:24.0625 4600 KSecDD - ok

09:32:24.0703 4600 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

09:32:24.0719 4600 KtmRm - ok

09:32:24.0797 4600 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\System32\srvsvc.dll

09:32:24.0797 4600 LanmanServer - ok

09:32:24.0890 4600 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

09:32:24.0890 4600 LanmanWorkstation - ok

09:32:24.0984 4600 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

09:32:24.0999 4600 lltdio - ok

09:32:25.0249 4600 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

09:32:25.0280 4600 lltdsvc - ok

09:32:25.0358 4600 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

09:32:25.0374 4600 lmhosts - ok

09:32:25.0452 4600 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

09:32:25.0452 4600 LSI_FC - ok

09:32:25.0608 4600 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

09:32:25.0608 4600 LSI_SAS - ok

09:32:25.0670 4600 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

09:32:25.0670 4600 LSI_SCSI - ok

09:32:25.0748 4600 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

09:32:25.0764 4600 luafv - ok

09:32:25.0873 4600 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys

09:32:25.0889 4600 LVRS - ok

09:32:25.0951 4600 [ A730FC8671A60666D6E877C544DD7CD4 ] LVUSBSta C:\Windows\system32\drivers\lvusbsta.sys

09:32:25.0967 4600 LVUSBSta - ok

09:32:26.0138 4600 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

09:32:26.0154 4600 MBAMProtector - ok

09:32:26.0372 4600 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

09:32:26.0372 4600 MBAMScheduler - ok

09:32:26.0591 4600 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

09:32:26.0622 4600 MBAMService - ok

09:32:26.0684 4600 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

09:32:26.0684 4600 mdmxsdk - ok

09:32:26.0747 4600 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys

09:32:26.0762 4600 megasas - ok

09:32:26.0793 4600 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys

09:32:26.0793 4600 MegaSR - ok

09:32:26.0965 4600 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

09:32:26.0965 4600 Microsoft Office Groove Audit Service - ok

09:32:27.0059 4600 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

09:32:27.0059 4600 MMCSS - ok

09:32:27.0137 4600 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

09:32:27.0137 4600 Modem - ok

09:32:27.0168 4600 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

09:32:27.0168 4600 monitor - ok

09:32:27.0199 4600 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

09:32:27.0199 4600 mouclass - ok

09:32:27.0230 4600 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

09:32:27.0230 4600 mouhid - ok

09:32:27.0277 4600 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

09:32:27.0277 4600 MountMgr - ok

09:32:27.0308 4600 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys

09:32:27.0324 4600 mpio - ok

09:32:27.0355 4600 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

09:32:27.0355 4600 mpsdrv - ok

09:32:27.0417 4600 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll

09:32:27.0433 4600 MpsSvc - ok

09:32:27.0449 4600 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

09:32:27.0449 4600 Mraid35x - ok

09:32:27.0480 4600 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

09:32:27.0495 4600 MRxDAV - ok

09:32:27.0542 4600 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

09:32:27.0558 4600 mrxsmb - ok

09:32:27.0620 4600 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:32:27.0620 4600 mrxsmb10 - ok

09:32:27.0714 4600 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:32:27.0714 4600 mrxsmb20 - ok

09:32:27.0823 4600 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys

09:32:27.0823 4600 msahci - ok

09:32:27.0932 4600 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys

09:32:27.0932 4600 msdsm - ok

09:32:27.0979 4600 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

09:32:27.0995 4600 MSDTC - ok

09:32:28.0088 4600 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

09:32:28.0088 4600 Msfs - ok

09:32:28.0151 4600 [ 1E00B9B8601F24A96AD71A7D0FC5F136 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

09:32:28.0151 4600 msisadrv - ok

09:32:28.0229 4600 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

09:32:28.0229 4600 MSiSCSI - ok

09:32:28.0275 4600 msiserver - ok

09:32:28.0338 4600 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

09:32:28.0338 4600 MSKSSRV - ok

09:32:28.0385 4600 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

09:32:28.0385 4600 MSPCLOCK - ok

09:32:28.0416 4600 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

09:32:28.0416 4600 MSPQM - ok

09:32:28.0447 4600 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

09:32:28.0463 4600 MsRPC - ok

09:32:28.0525 4600 [ 215634CF935B696E3EBCA813D02E9165 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

09:32:28.0525 4600 mssmbios - ok

09:32:28.0556 4600 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

09:32:28.0556 4600 MSTEE - ok

09:32:28.0603 4600 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys

09:32:28.0603 4600 Mup - ok

09:32:28.0665 4600 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll

09:32:28.0697 4600 napagent - ok

09:32:28.0759 4600 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

09:32:28.0775 4600 NativeWifiP - ok

09:32:28.0837 4600 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys

09:32:28.0853 4600 NDIS - ok

09:32:28.0899 4600 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

09:32:28.0899 4600 NdisTapi - ok

09:32:28.0931 4600 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

09:32:28.0931 4600 Ndisuio - ok

09:32:28.0962 4600 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

09:32:28.0962 4600 NdisWan - ok

09:32:29.0040 4600 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

09:32:29.0040 4600 NDProxy - ok

09:32:29.0102 4600 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

09:32:29.0102 4600 NetBIOS - ok

09:32:29.0133 4600 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

09:32:29.0133 4600 netbt - ok

09:32:29.0180 4600 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe

09:32:29.0196 4600 Netlogon - ok

09:32:29.0258 4600 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll

09:32:29.0258 4600 Netman - ok

09:32:29.0352 4600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

09:32:29.0414 4600 NetMsmqActivator - ok

09:32:29.0461 4600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

09:32:29.0461 4600 NetPipeActivator - ok

09:32:29.0555 4600 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll

09:32:29.0570 4600 netprofm - ok

09:32:29.0664 4600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

09:32:29.0664 4600 NetTcpActivator - ok

09:32:29.0711 4600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

09:32:29.0726 4600 NetTcpPortSharing - ok

09:32:29.0789 4600 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

09:32:29.0789 4600 nfrd960 - ok

09:32:29.0867 4600 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

09:32:29.0867 4600 NlaSvc - ok

09:32:29.0898 4600 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys

09:32:29.0898 4600 Npfs - ok

09:32:29.0929 4600 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll

09:32:29.0929 4600 nsi - ok

09:32:29.0960 4600 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

09:32:29.0960 4600 nsiproxy - ok

09:32:30.0179 4600 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

09:32:30.0210 4600 Ntfs - ok

09:32:30.0257 4600 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

09:32:30.0257 4600 ntrigdigi - ok

09:32:30.0288 4600 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

09:32:30.0303 4600 Null - ok

09:32:30.0319 4600 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys

09:32:30.0335 4600 nvraid - ok

09:32:30.0381 4600 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys

09:32:30.0381 4600 nvstor - ok

09:32:30.0428 4600 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

09:32:30.0428 4600 nv_agp - ok

09:32:30.0459 4600 NwlnkFlt - ok

09:32:30.0491 4600 NwlnkFwd - ok

09:32:30.0678 4600 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

09:32:30.0693 4600 odserv - ok

09:32:30.0865 4600 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

09:32:30.0865 4600 ohci1394 - ok

09:32:31.0083 4600 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:32:31.0099 4600 ose - ok

09:32:31.0193 4600 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll

09:32:31.0224 4600 p2pimsvc - ok

09:32:31.0271 4600 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll

09:32:31.0271 4600 p2psvc - ok

09:32:31.0333 4600 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

09:32:31.0333 4600 Parport - ok

09:32:31.0364 4600 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys

09:32:31.0364 4600 partmgr - ok

09:32:31.0395 4600 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

09:32:31.0395 4600 Parvdm - ok

09:32:31.0427 4600 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

09:32:31.0427 4600 PcaSvc - ok

09:32:31.0473 4600 [ ECA39351296D905BAA4FA3244C152B00 ] pci C:\Windows\system32\drivers\pci.sys

09:32:31.0489 4600 pci - ok

09:32:31.0505 4600 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\DRIVERS\pciide.sys

09:32:31.0520 4600 pciide - ok

09:32:31.0551 4600 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

09:32:31.0551 4600 pcmcia - ok

09:32:31.0645 4600 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

09:32:31.0692 4600 PEAUTH - ok

09:32:31.0832 4600 [ 5BD2C6D982481D548107C602E7CCFBBC ] PID_0928 C:\Windows\system32\DRIVERS\LV561AV.SYS

09:32:31.0832 4600 PID_0928 - ok

09:32:31.0957 4600 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

09:32:31.0988 4600 pla - ok

09:32:32.0129 4600 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll

09:32:32.0144 4600 PlugPlay - ok

09:32:32.0222 4600 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

09:32:32.0238 4600 PNRPAutoReg - ok

09:32:32.0269 4600 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll

09:32:32.0300 4600 PNRPsvc - ok

09:32:32.0363 4600 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

09:32:32.0394 4600 PolicyAgent - ok

09:32:32.0456 4600 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

09:32:32.0456 4600 PptpMiniport - ok

09:32:32.0503 4600 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys

09:32:32.0519 4600 Processor - ok

09:32:32.0565 4600 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll

09:32:32.0581 4600 ProfSvc - ok

09:32:32.0612 4600 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe

09:32:32.0628 4600 ProtectedStorage - ok

09:32:32.0675 4600 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys

09:32:32.0675 4600 PSched - ok

09:32:32.0799 4600 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

09:32:32.0862 4600 ql2300 - ok

09:32:32.0940 4600 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

09:32:32.0940 4600 ql40xx - ok

09:32:33.0080 4600 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll

09:32:33.0111 4600 QWAVE - ok

09:32:33.0143 4600 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

09:32:33.0174 4600 QWAVEdrv - ok

09:32:33.0205 4600 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

09:32:33.0205 4600 RasAcd - ok

09:32:33.0314 4600 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

09:32:33.0330 4600 RasAuto - ok

09:32:33.0408 4600 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

09:32:33.0408 4600 Rasl2tp - ok

09:32:33.0564 4600 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll

09:32:33.0595 4600 RasMan - ok

09:32:33.0626 4600 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

09:32:33.0642 4600 RasPppoe - ok

09:32:33.0798 4600 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

09:32:33.0813 4600 RasSstp - ok

09:32:33.0860 4600 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

09:32:34.0094 4600 rdbss - ok

09:32:34.0141 4600 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

09:32:34.0141 4600 RDPCDD - ok

09:32:34.0203 4600 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

09:32:34.0219 4600 rdpdr - ok

09:32:34.0235 4600 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

09:32:34.0235 4600 RDPENCDD - ok

09:32:34.0297 4600 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

09:32:34.0297 4600 RDPWD - ok

09:32:34.0453 4600 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

09:32:34.0469 4600 RemoteAccess - ok

09:32:34.0515 4600 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll

09:32:34.0531 4600 RemoteRegistry - ok

09:32:34.0609 4600 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

09:32:34.0609 4600 RpcLocator - ok

09:32:34.0687 4600 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll

09:32:34.0718 4600 RpcSs - ok

09:32:34.0781 4600 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

09:32:34.0796 4600 rspndr - ok

09:32:34.0859 4600 [ 7157E70A90CCE49DEB8885D23A073A39 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys

09:32:34.0874 4600 RTL8169 - ok

09:32:34.0937 4600 [ B71D269B9AB5417963E986126C12B9FC ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys

09:32:34.0952 4600 RTL8187B - ok

09:32:35.0155 4600 [ 0D60B8C10A2C5E8DD620B3FDEB1CDA64 ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys

09:32:35.0171 4600 RtlProt - ok

09:32:35.0217 4600 [ 9FF7D9CF3A5F296613588B0E8DB83AFE ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS

09:32:35.0233 4600 RTSTOR - ok

09:32:35.0280 4600 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe

09:32:35.0295 4600 SamSs - ok

09:32:35.0327 4600 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

09:32:35.0342 4600 sbp2port - ok

09:32:35.0420 4600 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll

09:32:35.0420 4600 SCardSvr - ok

09:32:35.0514 4600 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll

09:32:35.0545 4600 Schedule - ok

09:32:35.0592 4600 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll

09:32:35.0592 4600 SCPolicySvc - ok

09:32:35.0654 4600 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

09:32:35.0654 4600 SDRSVC - ok

09:32:35.0732 4600 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

09:32:35.0732 4600 secdrv - ok

09:32:35.0779 4600 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

09:32:35.0810 4600 seclogon - ok

09:32:35.0857 4600 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll

09:32:35.0873 4600 SENS - ok

09:32:35.0935 4600 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys

09:32:35.0935 4600 Serenum - ok

09:32:35.0966 4600 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys

09:32:35.0966 4600 Serial - ok

09:32:35.0997 4600 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

09:32:36.0044 4600 sermouse - ok

09:32:36.0169 4600 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll

09:32:36.0169 4600 SessionEnv - ok

09:32:36.0200 4600 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

09:32:36.0200 4600 sffdisk - ok

09:32:36.0231 4600 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

09:32:36.0231 4600 sffp_mmc - ok

09:32:36.0263 4600 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

09:32:36.0263 4600 sffp_sd - ok

09:32:36.0278 4600 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

09:32:36.0294 4600 sfloppy - ok

09:32:36.0356 4600 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll

09:32:36.0372 4600 SharedAccess - ok

09:32:36.0434 4600 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

09:32:36.0450 4600 ShellHWDetection - ok

09:32:36.0465 4600 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys

09:32:36.0481 4600 sisagp - ok

09:32:36.0528 4600 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

09:32:36.0528 4600 SiSRaid2 - ok

09:32:36.0559 4600 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

09:32:36.0559 4600 SiSRaid4 - ok

09:32:36.0887 4600 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe

09:32:37.0043 4600 slsvc - ok

09:32:37.0136 4600 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll

09:32:37.0136 4600 SLUINotify - ok

09:32:37.0183 4600 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys

09:32:37.0183 4600 Smb - ok

09:32:37.0245 4600 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

09:32:37.0245 4600 SNMPTRAP - ok

09:32:37.0277 4600 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

09:32:37.0277 4600 spldr - ok

09:32:37.0339 4600 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe

09:32:37.0339 4600 Spooler - ok

09:32:37.0479 4600 [ DC490AC319C4044318F17C8E14F64364 ] sprtsvc_KPN C:\Program Files\KPN\bin\sprtsvc.exe

09:32:37.0495 4600 sprtsvc_KPN - ok

09:32:37.0557 4600 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys

09:32:37.0573 4600 srv - ok

09:32:37.0635 4600 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

09:32:37.0651 4600 srv2 - ok

09:32:37.0713 4600 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

09:32:37.0713 4600 srvnet - ok

09:32:37.0807 4600 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

09:32:37.0838 4600 SSDPSRV - ok

09:32:37.0916 4600 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

09:32:37.0916 4600 SstpSvc - ok

09:32:38.0041 4600 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll

09:32:38.0057 4600 stisvc - ok

09:32:38.0150 4600 [ 97E089971A6ABA49AD5592BD6298E416 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

09:32:38.0166 4600 swenum - ok

09:32:38.0228 4600 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll

09:32:38.0228 4600 swprv - ok

09:32:38.0259 4600 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

09:32:38.0259 4600 Symc8xx - ok

09:32:38.0306 4600 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

09:32:38.0306 4600 Sym_hi - ok

09:32:38.0337 4600 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

09:32:38.0353 4600 Sym_u3 - ok

09:32:38.0415 4600 [ 55F6E55CC2430CA8713387106FA79817 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

09:32:38.0415 4600 SynTP - ok

09:32:38.0509 4600 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll

09:32:38.0540 4600 SysMain - ok

09:32:38.0571 4600 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

09:32:38.0587 4600 TabletInputService - ok

09:32:38.0634 4600 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll

09:32:38.0634 4600 TapiSrv - ok

09:32:38.0681 4600 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

09:32:38.0681 4600 TBS - ok

09:32:38.0790 4600 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

09:32:38.0837 4600 Tcpip - ok

09:32:38.0915 4600 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

09:32:38.0930 4600 Tcpip6 - ok

09:32:39.0039 4600 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

09:32:39.0039 4600 tcpipreg - ok

09:32:39.0149 4600 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys

09:32:39.0149 4600 tdcmdpst - ok

09:32:39.0180 4600 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

09:32:39.0180 4600 TDPIPE - ok

09:32:39.0211 4600 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

09:32:39.0211 4600 TDTCP - ok

09:32:39.0258 4600 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys

09:32:39.0258 4600 tdx - ok

09:32:39.0320 4600 [ CE0B5D587839614A16480D7B8395FFE9 ] TempoMonitoringService C:\Program Files\Toshiba TEMPRO\TempoSVC.exe

09:32:39.0320 4600 TempoMonitoringService - ok

09:32:39.0383 4600 [ 718B2F4355CD8EB2844741ADDAC0E622 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

09:32:39.0383 4600 TermDD - ok

09:32:39.0445 4600 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll

09:32:39.0461 4600 TermService - ok

09:32:39.0617 4600 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll

09:32:39.0617 4600 Themes - ok

09:32:39.0663 4600 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

09:32:39.0663 4600 THREADORDER - ok

09:32:39.0804 4600 [ 89F74C86523F5E334628DBCE66E6D165 ] TNaviSrv C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

09:32:39.0804 4600 TNaviSrv - ok

09:32:39.0929 4600 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\Windows\system32\TODDSrv.exe

09:32:39.0929 4600 TODDSrv - ok

09:32:40.0100 4600 [ DA6903958CBDC091FFCBBCA70CCFF34C ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

09:32:40.0116 4600 TosCoSrv - ok

09:32:40.0163 4600 [ DCA621CE31CA604C762001883E385DF8 ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

09:32:40.0163 4600 TOSHIBA SMART Log Service - ok

09:32:40.0225 4600 [ 4399A9BF7D8F49991A07FD86590A1619 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys

09:32:40.0241 4600 tos_sps32 - ok

09:32:40.0287 4600 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

09:32:40.0303 4600 TrkWks - ok

09:32:40.0365 4600 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

09:32:40.0365 4600 TrustedInstaller - ok

09:32:40.0412 4600 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

09:32:40.0428 4600 tssecsrv - ok

09:32:40.0475 4600 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

09:32:40.0475 4600 tunmp - ok

09:32:40.0553 4600 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

09:32:40.0553 4600 tunnel - ok

09:32:40.0615 4600 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS

09:32:40.0615 4600 TVALZ - ok

09:32:40.0662 4600 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys

09:32:40.0662 4600 uagp35 - ok

09:32:40.0693 4600 [ C985B36E127EA9B8A92396120BFF52D8 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

09:32:40.0709 4600 udfs - ok

09:32:40.0771 4600 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

09:32:40.0787 4600 UI0Detect - ok

09:32:41.0099 4600 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

09:32:41.0114 4600 UleadBurningHelper - ok

09:32:41.0161 4600 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

09:32:41.0161 4600 uliagpkx - ok

09:32:41.0208 4600 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys

09:32:41.0208 4600 uliahci - ok

09:32:41.0239 4600 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

09:32:41.0255 4600 UlSata - ok

09:32:41.0286 4600 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

09:32:41.0286 4600 ulsata2 - ok

09:32:41.0317 4600 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

09:32:41.0317 4600 umbus - ok

09:32:41.0379 4600 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll

09:32:41.0395 4600 upnphost - ok

09:32:41.0457 4600 [ 292A25BB75A568AE2C67169BA2C6365A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

09:32:41.0457 4600 usbaudio - ok

09:32:41.0504 4600 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

09:32:41.0520 4600 usbccgp - ok

09:32:41.0535 4600 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

09:32:41.0551 4600 usbcir - ok

09:32:41.0598 4600 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

09:32:41.0598 4600 usbehci - ok

09:32:41.0676 4600 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

09:32:41.0676 4600 usbhub - ok

09:32:41.0707 4600 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys

09:32:41.0707 4600 usbohci - ok

09:32:41.0738 4600 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys

09:32:41.0738 4600 usbprint - ok

09:32:41.0769 4600 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:32:41.0769 4600 USBSTOR - ok

09:32:41.0801 4600 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

09:32:41.0801 4600 usbuhci - ok

09:32:41.0832 4600 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

09:32:41.0847 4600 usbvideo - ok

09:32:41.0925 4600 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll

09:32:41.0925 4600 UxSms - ok

09:32:42.0050 4600 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe

09:32:42.0113 4600 vds - ok

09:32:42.0144 4600 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

09:32:42.0144 4600 vga - ok

09:32:42.0191 4600 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

09:32:42.0206 4600 VgaSave - ok

09:32:42.0222 4600 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys

09:32:42.0237 4600 viaagp - ok

09:32:42.0269 4600 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys

09:32:42.0284 4600 ViaC7 - ok

09:32:42.0315 4600 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys

09:32:42.0315 4600 viaide - ok

09:32:42.0347 4600 [ BDD98BBE7323FC0975A26373D8050471 ] volmgr C:\Windows\system32\drivers\volmgr.sys

09:32:42.0362 4600 volmgr - ok

09:32:42.0393 4600 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

09:32:42.0409 4600 volmgrx - ok

09:32:42.0471 4600 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys

09:32:42.0471 4600 volsnap - ok

09:32:42.0518 4600 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

09:32:42.0534 4600 vsmraid - ok

09:32:42.0627 4600 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe

09:32:42.0659 4600 VSS - ok

09:32:42.0705 4600 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll

09:32:42.0721 4600 W32Time - ok

09:32:42.0752 4600 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

09:32:42.0768 4600 WacomPen - ok

09:32:42.0830 4600 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

09:32:42.0830 4600 Wanarp - ok

09:32:42.0846 4600 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

09:32:42.0846 4600 Wanarpv6 - ok

09:32:42.0971 4600 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll

09:32:42.0986 4600 wcncsvc - ok

09:32:43.0111 4600 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

09:32:43.0111 4600 WcsPlugInService - ok

09:32:43.0173 4600 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys

09:32:43.0189 4600 Wd - ok

09:32:43.0267 4600 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

09:32:43.0283 4600 Wdf01000 - ok

09:32:43.0345 4600 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

09:32:43.0345 4600 WdiServiceHost - ok

09:32:43.0376 4600 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

09:32:43.0392 4600 WdiSystemHost - ok

09:32:43.0439 4600 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll

09:32:43.0454 4600 WebClient - ok

09:32:43.0517 4600 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll

09:32:43.0517 4600 Wecsvc - ok

09:32:43.0579 4600 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

09:32:43.0579 4600 wercplsupport - ok

09:32:43.0641 4600 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll

09:32:43.0657 4600 WerSvc - ok

09:32:43.0719 4600 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys

09:32:43.0735 4600 winachsf - ok

09:32:43.0829 4600 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

09:32:43.0844 4600 WinDefend - ok

09:32:43.0891 4600 WinHttpAutoProxySvc - ok

09:32:44.0078 4600 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

09:32:44.0094 4600 Winmgmt - ok

09:32:44.0234 4600 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll

09:32:44.0281 4600 WinRM - ok

09:32:44.0375 4600 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll

09:32:44.0406 4600 Wlansvc - ok

09:32:44.0468 4600 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

09:32:44.0468 4600 WmiAcpi - ok

09:32:44.0546 4600 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

09:32:44.0562 4600 wmiApSrv - ok

09:32:44.0687 4600 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

09:32:44.0702 4600 WMPNetworkSvc - ok

09:32:44.0765 4600 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll

09:32:44.0765 4600 WPCSvc - ok

09:32:44.0811 4600 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

09:32:44.0827 4600 WPDBusEnum - ok

09:32:44.0874 4600 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

09:32:44.0889 4600 WpdUsb - ok

09:32:45.0326 4600 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

09:32:45.0420 4600 WPFFontCache_v0400 - ok

09:32:45.0467 4600 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

09:32:45.0482 4600 ws2ifsl - ok

09:32:45.0529 4600 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\system32\wscsvc.dll

09:32:45.0545 4600 wscsvc - ok

09:32:45.0591 4600 WSearch - ok

09:32:45.0747 4600 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll

09:32:45.0794 4600 wuauserv - ok

09:32:45.0872 4600 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

09:32:45.0888 4600 WUDFRd - ok

09:32:45.0966 4600 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll

09:32:45.0981 4600 wudfsvc - ok

09:32:46.0059 4600 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys

09:32:46.0059 4600 XAudio - ok

09:32:46.0257 4600 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe

09:32:46.0272 4600 XAudioService - ok

09:32:46.0323 4600 ================ Scan global ===============================

09:32:46.0378 4600 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

09:32:46.0466 4600 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll

09:32:46.0507 4600 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll

09:32:46.0573 4600 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe

09:32:46.0603 4600 [Global] - ok

09:32:46.0617 4600 ================ Scan MBR ==================================

09:32:46.0641 4600 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

09:32:46.0950 4600 \Device\Harddisk0\DR0 - ok

09:32:46.0961 4600 ================ Scan VBR ==================================

09:32:47.0065 4600 [ 2BC6ACE98749DDA574BD981F01E3705F ] \Device\Harddisk0\DR0\Partition1

09:32:47.0140 4600 \Device\Harddisk0\DR0\Partition1 - ok

09:32:47.0196 4600 [ EA985AA82BE8A2AB8AB0690A033D310C ] \Device\Harddisk0\DR0\Partition2

09:32:47.0200 4600 \Device\Harddisk0\DR0\Partition2 - ok

09:32:47.0209 4600 ============================================================

09:32:47.0210 4600 Scan finished

09:32:47.0210 4600 ============================================================

09:32:47.0246 5956 Detected object count: 0

09:32:47.0247 5956 Actual detected object count: 0

[kape]

En krijg je nu nog meldingen van Trojans ?