Sieg

Helemaal schoon, superbedankt! Ik zag dat ik systeemherstel al uitgeschakeld had staan, moet ik er dan nog wat mee doen? En mag ik ook alle logjes verwijderen?

AVG vindt het virus niet meer, hoera! Hartstikke bedankt!! Kan ik er nu op vertrouwen dat het echt weg is? Ik wil graag weer mijn bankzaken doen en veilig kunnen inloggen op mijn mail etc. In de scanhistorie van AVG staan nog wel de infecties die toentertijd gevonden werden. Moet ik daar nog wat mee? AVG vond nu wel twee 'informatie' dingen, ik denk omdat ik avast! en google toolbar eraf heb gegooid, wat een beetje vreemd verliep. "Het bestand is ondertekend met een beschadigd certificaat" "Objectnaam";"C:\Documents and Settings\Sigrid\Local Settings\temp\_av_sfx.tm~a01544\Chrome_AVS.exe" "Objectnaam";"C:\Documents and Settings\Sigrid\Local Settings\temp\_av_sfx.tm~a01544\GToolbar_AVS.exe" Maar ik denk niet dat het erg is

ComboFix 12-04-06.02 - Sigrid 08-04-2012 0:24.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.402 [GMT 2:00] Gestart vanuit: c:\documents and settings\Sigrid\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Sigrid\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Nieuw herstelpunt werd aangemaakt . FILE :: "c:\windows\system32\drivers\g71wf8dok.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_G71WF8DOK.SYS -------\Service_g71wf8dok.sys -------\Service_xcpip . . (((((((((((((((((((( Bestanden Gemaakt van 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))) . . 2012-04-06 08:54 . 2012-04-06 08:54 -------- d-----w- c:\documents and settings\Sigrid\Application Data\Malwarebytes 2012-04-06 08:53 . 2012-04-06 08:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-04-06 08:51 . 2012-04-06 08:51 -------- d-----w- c:\program files\backups 2012-04-05 13:46 . 2012-04-07 22:20 -------- d--h--r- c:\documents and settings\Sigrid\Onlangs geopend 2012-04-05 12:50 . 2012-04-05 12:50 388608 ----a-w- c:\program files\HijackThis.exe 2012-04-05 10:42 . 2012-02-24 08:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-04-05 10:42 . 2012-04-05 15:16 -------- d-----w- c:\program files\Common Files\PC Tools 2012-04-05 10:42 . 2012-04-05 12:42 -------- d-----w- c:\program files\PC Tools 2012-04-05 10:39 . 2012-04-05 10:39 -------- d-----w- c:\documents and settings\Sigrid\Application Data\TestApp 2012-04-05 10:39 . 2012-04-05 10:39 3834832 ----a-w- c:\program files\sdsetup.exe 2012-04-02 21:42 . 2012-04-02 21:44 74761776 ----a-w- c:\program files\avast_free_antivirus_setup.exe 2012-04-01 18:44 . 2012-04-01 18:44 -------- d-sh--w- c:\documents and settings\Sigrid\IECompatCache 2012-03-21 16:13 . 2012-03-21 16:13 -------- d-sh--w- c:\documents and settings\Sigrid\PrivacIE 2012-03-18 11:03 . 2012-03-18 11:03 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-18 11:03 . 2012-03-18 11:03 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll 2012-03-18 10:58 . 2012-03-18 10:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2012-03-18 10:58 . 2012-03-18 10:58 -------- d-sh--w- c:\documents and settings\Sigrid\IETldCache 2012-03-17 23:05 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll 2012-03-17 23:03 . 2011-12-17 19:42 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2012-03-17 23:03 . 2011-12-17 19:42 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2012-03-17 23:03 . 2011-12-17 19:42 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2012-03-17 23:01 . 2012-03-17 23:03 -------- dc-h--w- c:\windows\ie8 . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-03 09:57 . 2005-09-02 01:05 1860224 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:07 . 2012-02-17 11:16 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2005-09-02 01:23 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2009-05-15 22:35 . 2011-02-22 14:03 3439918 ----a-w- c:\program files\CEP_Setup.exe 2009-01-13 16:39 . 2009-01-13 16:39 1851544 -c--a-w- c:\program files\install_flash_player2.exe 2009-01-11 08:15 . 2009-01-11 08:15 8146816 -c--a-w- c:\program files\Firefox Setup 3.0.5.exe 2008-05-01 16:58 . 2008-05-01 16:57 4585912 -c--a-w- c:\program files\Shockwave_Installer_Slim.exe 2008-04-03 17:57 . 2008-04-03 17:53 59782440 -c--a-w- c:\program files\iTunesSetup.exe 2007-12-14 10:37 . 2007-12-14 09:56 205471728 -c--a-w- c:\program files\SPSS16.0EvalVersion-a.exe 2007-09-17 14:53 . 2007-09-17 14:52 17874288 -c--a-w- c:\program files\Install_Messenger.exe 2007-09-03 13:48 . 2007-09-03 13:48 1164456 -c--a-w- c:\program files\install_flash_player.exe 2007-01-13 16:37 . 2007-09-09 11:07 9453630 -c--a-w- c:\program files\vlc-0.8.6a-win32.exe 2006-08-06 09:51 . 2007-09-09 11:07 1102865 -c--a-w- c:\program files\wrar350nl.exe 2012-03-18 11:03 . 2011-06-02 11:56 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-04-06_10.04.39 ))))))))))))))))))))))))))))))))))))))))) . + 2001-09-06 20:27 . 2004-09-02 11:00 14336 c:\windows\system32\wowfaxui.dll + 1999-11-25 00:40 . 1999-11-25 00:40 40960 c:\windows\system32\VBAME.DLL + 2001-09-06 20:27 . 2004-09-02 11:00 49211 c:\windows\system32\usrvpa.dll + 2001-09-06 20:27 . 2004-09-02 11:00 45116 c:\windows\system32\usrvoica.dll + 2001-09-06 20:27 . 2004-09-02 11:00 49209 c:\windows\system32\usrv80a.dll + 2001-09-06 20:27 . 2004-09-02 11:00 41019 c:\windows\system32\usrsvpia.dll + 2001-09-06 20:27 . 2004-09-02 11:00 69700 c:\windows\system32\usrshuta.exe + 2001-09-06 20:27 . 2004-09-02 11:00 49211 c:\windows\system32\usrsdpia.dll + 2001-09-06 20:27 . 2004-09-02 11:00 77883 c:\windows\system32\usrrtosa.dll + 2001-09-06 20:27 . 2004-09-02 11:00 61508 c:\windows\system32\usrprbda.exe + 2001-09-06 20:27 . 2004-09-02 11:00 77891 c:\windows\system32\usrmlnka.exe + 2001-09-06 20:27 . 2004-09-02 11:00 53305 c:\windows\system32\usrlbva.dll + 2001-09-06 20:27 . 2004-09-02 11:00 86073 c:\windows\system32\usrfaxa.dll + 2001-09-06 20:27 . 2004-09-02 11:00 77890 c:\windows\system32\usrdpa.dll + 2001-09-06 20:27 . 2004-09-02 11:00 69699 c:\windows\system32\usrcoina.dll + 2001-09-06 20:27 . 2004-09-02 11:00 61500 c:\windows\system32\usrcntra.dll + 2003-02-21 04:16 . 2003-02-21 04:16 49152 c:\windows\system32\URTTemp\regtlib.exe + 2001-09-06 20:27 . 2004-09-02 11:00 72192 c:\windows\system32\sprio800.dll + 2001-09-06 20:27 . 2004-09-02 11:00 70656 c:\windows\system32\sprio600.dll + 2001-09-06 20:27 . 2004-09-02 11:00 69632 c:\windows\system32\spnike.dll + 1998-03-25 03:54 . 1998-03-25 03:54 15872 c:\windows\system32\SCP32.DLL + 2002-06-26 17:40 . 2002-06-26 17:40 76288 c:\windows\system32\Pubole32.dll + 2002-05-30 16:56 . 2002-05-30 16:56 37888 c:\windows\system32\ochlp30e.dll + 2002-01-05 02:38 . 2002-01-05 02:38 54784 c:\windows\system32\msvci70.dll + 1998-08-09 17:07 . 1998-08-09 17:07 94208 c:\windows\system32\MSSTKPRP.DLL + 2002-06-20 03:19 . 2002-06-20 03:19 91136 c:\windows\system32\msls2.dll + 1998-12-14 16:33 . 1998-12-14 16:33 57344 c:\windows\system32\MFC42NLD.DLL + 1999-05-23 22:25 . 1999-05-23 22:25 38672 c:\windows\system32\MAPISRVR.EXE + 2002-06-07 03:02 . 2002-06-07 03:02 59392 c:\windows\system32\lfwmf11n.dll + 2002-06-07 03:02 . 2002-06-07 03:02 27648 c:\windows\system32\lftga11n.dll + 2002-06-07 03:02 . 2002-06-07 03:02 56320 c:\windows\system32\lfpsd11n.dll + 2002-06-07 03:02 . 2002-06-07 03:02 33280 c:\windows\system32\lfpcx11n.dll + 2002-06-07 03:02 . 2002-06-07 03:02 26112 c:\windows\system32\lfpcd11n.dll + 2002-06-07 03:02 . 2002-06-07 03:02 41472 c:\windows\system32\lfgif11n.dll + 2002-06-07 03:02 . 2002-06-07 03:02 81408 c:\windows\system32\lffax11n.dll + 2002-06-07 03:02 . 2002-06-07 03:02 31232 c:\windows\system32\lfeps11n.dll + 2002-06-07 03:02 . 2002-06-07 03:02 36864 c:\windows\system32\lfbmp11n.dll + 1999-09-01 11:04 . 1999-09-01 11:04 49152 c:\windows\system32\inetwh32.dll + 2002-07-12 16:41 . 2002-07-12 16:41 31744 c:\windows\system32\hlp95en.dll + 2001-03-27 08:57 . 2001-03-27 08:57 29968 c:\windows\system32\FM20NLD.DLL + 2001-09-06 20:27 . 2004-09-02 11:00 58368 c:\windows\system32\dvdplay.exe + 2001-08-17 21:02 . 2004-09-02 11:00 58112 c:\windows\system32\drivers\vdmindvd.sys + 2001-08-17 21:03 . 2008-04-13 18:45 25728 c:\windows\system32\drivers\usbcamd2.sys + 2001-08-17 21:03 . 2008-04-13 18:45 25600 c:\windows\system32\drivers\usbcamd.sys + 2001-08-17 21:06 . 2004-09-02 11:00 21376 c:\windows\system32\drivers\tsbvcap.sys + 2001-08-17 21:01 . 2004-09-02 11:00 51712 c:\windows\system32\drivers\tosdvd.sys + 2001-08-17 20:24 . 2004-09-02 11:00 12032 c:\windows\system32\drivers\riodrv.sys + 2001-08-17 20:24 . 2004-09-02 11:00 12032 c:\windows\system32\drivers\rio8drv.sys + 2001-08-17 20:24 . 2004-09-02 11:00 12032 c:\windows\system32\drivers\nikedrv.sys + 2001-09-06 17:20 . 2008-04-14 16:38 37760 c:\windows\system32\drivers\isapnp.sys + 2001-09-06 19:24 . 2004-09-02 11:00 12288 c:\windows\system32\drivers\fsvga.sys + 2001-08-17 20:24 . 2004-09-02 11:00 11776 c:\windows\system32\drivers\cpqdap01.sys + 2001-08-17 20:52 . 2004-09-02 11:00 18688 c:\windows\system32\drivers\cdaudio.sys + 2001-08-17 20:52 . 2001-08-17 20:52 13952 c:\windows\system32\drivers\cbidf2k.sys + 2001-09-06 17:17 . 2004-09-02 11:00 12032 c:\windows\system32\drivers\acpiec.sys + 2001-09-06 20:27 . 2004-09-02 11:00 14336 c:\windows\system32\dllcache\wowfaxui.dll + 2001-09-06 20:27 . 2004-09-02 11:00 49211 c:\windows\system32\dllcache\usrvpa.dll + 2001-09-06 20:27 . 2004-09-02 11:00 45116 c:\windows\system32\dllcache\usrvoica.dll + 2001-09-06 20:27 . 2004-09-02 11:00 49209 c:\windows\system32\dllcache\usrv80a.dll + 2001-09-06 20:27 . 2004-09-02 11:00 41019 c:\windows\system32\dllcache\usrsvpia.dll + 2001-09-06 20:27 . 2004-09-02 11:00 69700 c:\windows\system32\dllcache\usrshuta.exe + 2001-09-06 20:27 . 2004-09-02 11:00 49211 c:\windows\system32\dllcache\usrsdpia.dll + 2001-09-06 20:27 . 2004-09-02 11:00 77883 c:\windows\system32\dllcache\usrrtosa.dll + 2001-09-06 20:27 . 2004-09-02 11:00 61508 c:\windows\system32\dllcache\usrprbda.exe + 2001-09-06 20:27 . 2004-09-02 11:00 77891 c:\windows\system32\dllcache\usrmlnka.exe + 2001-09-06 20:27 . 2004-09-02 11:00 53305 c:\windows\system32\dllcache\usrlbva.dll + 2001-09-06 20:27 . 2004-09-02 11:00 86073 c:\windows\system32\dllcache\usrfaxa.dll + 2001-09-06 20:27 . 2004-09-02 11:00 77890 c:\windows\system32\dllcache\usrdpa.dll + 2001-09-06 20:27 . 2004-09-02 11:00 69699 c:\windows\system32\dllcache\usrcoina.dll + 2001-09-06 20:27 . 2004-09-02 11:00 61500 c:\windows\system32\dllcache\usrcntra.dll + 2001-09-06 20:27 . 2004-09-02 11:00 72192 c:\windows\system32\dllcache\sprio800.dll + 2001-09-06 20:27 . 2004-09-02 11:00 70656 c:\windows\system32\dllcache\sprio600.dll + 2001-09-06 20:27 . 2004-09-02 11:00 69632 c:\windows\system32\dllcache\spnike.dll + 2001-09-06 20:27 . 2004-09-02 11:00 58368 c:\windows\system32\dllcache\dvdplay.exe + 2001-01-22 01:25 . 2001-01-22 01:25 32768 c:\windows\system32\ATHPRXY.DLL + 2003-02-21 06:26 . 2003-02-21 06:26 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll + 2003-02-21 06:26 . 2003-02-21 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll + 2003-02-20 18:09 . 2003-02-20 18:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1336\_mscorsn.dll + 2003-02-21 06:25 . 2003-02-21 06:25 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe + 2003-02-21 06:25 . 2003-02-21 06:25 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe + 2003-04-07 18:23 . 2003-04-07 18:23 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\System.ServiceProcess.resources.dll + 2003-04-07 18:22 . 2003-04-07 18:22 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\System.Runtime.Remoting.resources.dll + 2003-04-07 18:24 . 2003-04-07 18:24 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\system.resources.dll + 2003-04-07 18:24 . 2003-04-07 18:24 15360 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\System.Management.resources.dll + 2003-04-07 18:23 . 2003-04-07 18:23 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\ConfigWizards.resources.dll + 2003-04-07 18:23 . 2003-04-07 18:23 36864 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\caspol.resources.dll + 2003-04-07 18:06 . 2003-04-07 18:06 45056 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\aspnet_rc.dll + 2003-02-20 18:09 . 2003-02-20 18:09 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe + 2003-04-07 18:07 . 2003-04-07 18:07 23552 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0413\mscorsecr.dll + 2003-02-20 17:43 . 2003-02-20 17:43 22528 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll + 2003-02-20 18:18 . 2003-02-20 18:18 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll + 2003-02-20 18:06 . 2003-02-20 18:06 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll + 2003-02-21 06:25 . 2003-02-21 06:25 11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2003-02-21 06:24 . 2003-02-21 06:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll + 2003-02-21 06:24 . 2003-02-21 06:24 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll + 2003-02-21 06:24 . 2003-02-21 06:24 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe + 2003-02-21 06:24 . 2003-02-21 06:24 26112 c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll + 2003-02-20 18:22 . 2003-02-20 18:22 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll + 2003-02-21 06:24 . 2003-02-21 06:24 15872 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe + 2003-02-21 03:12 . 2003-02-21 03:12 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe + 2003-02-21 06:24 . 2003-02-21 06:24 33792 c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll + 2003-02-21 06:24 . 2003-02-21 06:24 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll + 2003-02-21 06:24 . 2003-02-21 06:24 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe + 2003-02-21 06:24 . 2003-02-21 06:24 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe + 2003-02-20 18:19 . 2003-02-20 18:19 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll + 2003-02-21 04:00 . 2003-02-21 04:00 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll + 2003-04-07 18:07 . 2003-04-07 18:07 19456 c:\windows\Microsoft.NET\Framework\v1.1.4322\1043\alinkui.dll + 2003-02-21 02:55 . 2003-02-21 02:55 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll + 2003-02-21 01:59 . 2003-02-21 01:59 16896 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll + 2002-07-25 17:13 . 2002-07-25 17:13 24576 c:\windows\Downloaded Program Files\dwusplay.dll + 2001-09-06 20:26 . 2004-09-02 11:00 3200 c:\windows\system32\wowfax.dll + 2001-09-06 20:27 . 2009-11-27 16:10 8704 c:\windows\system32\tsbyuv.dll + 2001-09-06 20:27 . 2001-09-06 20:27 8192 c:\windows\system32\streamci.dll + 2003-04-07 18:07 . 2003-04-07 18:07 4096 c:\windows\system32\mui\0413\mscoreer.dll + 2003-02-20 17:43 . 2003-02-20 17:43 4096 c:\windows\system32\mui\0409\mscoreer.dll + 1999-03-25 17:30 . 1999-03-25 17:30 8192 c:\windows\system32\MSPRPNL.DLL + 2002-06-26 12:22 . 2002-06-26 12:22 5632 c:\windows\system32\mfcuia32.dll + 2001-08-17 21:03 . 2004-09-02 11:00 4736 c:\windows\system32\drivers\usbd.sys + 2001-09-06 19:14 . 2001-09-06 19:14 3328 c:\windows\system32\drivers\pciide.sys + 2001-08-17 20:57 . 2004-09-02 11:00 3456 c:\windows\system32\drivers\oprghdlr.sys + 2001-09-06 20:26 . 2004-09-02 11:00 3200 c:\windows\system32\dllcache\wowfax.dll + 2001-09-06 20:27 . 2009-11-27 16:10 8704 c:\windows\system32\dllcache\tsbyuv.dll + 2001-09-06 20:27 . 2001-09-06 20:27 8192 c:\windows\system32\dllcache\streamci.dll + 2001-09-06 19:14 . 2001-09-06 19:14 3328 c:\windows\system32\dllcache\pciide.sys + 2003-04-07 18:20 . 2003-04-07 18:20 9728 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\RegCode.resources.dll + 2003-04-07 18:23 . 2003-04-07 18:23 9728 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\Regasm.Resources.dll + 2003-04-07 18:23 . 2003-04-07 18:23 8192 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\JSC.resources.dll + 2003-04-07 18:23 . 2003-04-07 18:23 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\InstallUtil.resources.dll + 2003-02-20 18:09 . 2003-02-20 18:09 9216 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll + 2003-02-21 06:25 . 2003-02-21 06:25 6656 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll + 2003-02-21 06:25 . 2003-02-21 06:25 6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll + 2003-02-21 06:24 . 2003-02-21 06:24 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll + 2003-02-21 06:24 . 2003-02-21 06:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe + 2003-02-21 06:24 . 2003-02-21 06:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll + 2002-06-27 11:45 . 2002-06-27 11:45 5120 c:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll + 2002-05-14 08:42 . 2002-05-14 08:42 5632 c:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll + 2002-05-14 08:42 . 2002-05-14 08:42 5120 c:\windows\Microsoft.NET\Framework\sbs_iehost.dll + 2001-09-06 20:27 . 2004-09-02 11:00 102457 c:\windows\system32\usrv42a.dll + 2001-09-06 20:27 . 2004-09-02 11:00 323641 c:\windows\system32\usrdtea.dll + 2000-03-13 15:55 . 2000-03-13 15:55 317952 c:\windows\system32\ROBOEX32.DLL + 2000-04-03 15:52 . 2000-04-03 15:52 151552 c:\windows\system32\RDOCURS.DLL + 2002-06-07 03:02 . 2002-06-07 03:02 212480 c:\windows\system32\PCDLIB32.DLL + 2001-09-06 20:27 . 2004-09-02 11:00 157696 c:\windows\system32\paqsp.dll + 2003-02-21 03:42 . 2003-02-21 03:42 348160 c:\windows\system32\msvcr71.dll + 2002-01-05 02:37 . 2002-01-05 05:37 344064 c:\windows\system32\msvcr70.dll + 2003-03-18 19:14 . 2003-03-18 19:14 499712 c:\windows\system32\msvcp71.dll + 2002-01-05 02:40 . 2002-01-05 02:40 487424 c:\windows\system32\msvcp70.dll + 2000-05-24 04:45 . 2000-05-24 04:45 118784 c:\windows\system32\MSSTDFMT.DLL + 2000-05-11 11:06 . 2000-05-11 11:06 397312 c:\windows\system32\MSRDO20.DLL + 2002-06-26 12:22 . 2002-06-26 12:22 133904 c:\windows\system32\mfcans32.dll + 2001-09-06 20:26 . 2004-09-02 11:00 147968 c:\windows\system32\mdwmdmsp.dll + 1999-05-23 22:23 . 1999-05-23 22:23 522848 c:\windows\system32\MAPI.DLL + 2002-06-07 03:02 . 2002-06-07 03:02 716288 c:\windows\system32\Ltwvc11n.dll + 2002-06-07 03:02 . 2002-06-07 03:02 392192 c:\windows\system32\ltkrn11n.dll + 2002-06-07 03:02 . 2002-06-07 03:02 127488 c:\windows\system32\ltimg11n.dll + 2002-06-07 03:02 . 2002-06-07 03:02 118784 c:\windows\system32\ltfil11n.DLL + 2002-06-07 03:02 . 2002-06-07 03:02 262656 c:\windows\system32\LTDIS11n.dll + 2002-06-07 03:02 . 2002-06-07 03:02 152064 c:\windows\system32\lftif11n.dll + 2002-06-07 03:02 . 2002-06-07 03:02 172032 c:\windows\system32\Lfpng11n.dll + 2002-06-07 03:02 . 2002-06-07 03:02 285184 c:\windows\system32\LFCMP11n.DLL + 2001-07-13 14:09 . 2001-07-13 14:09 279552 c:\windows\system32\itiimg3.dll + 2001-09-06 19:24 . 2001-09-06 19:24 125696 c:\windows\system32\drivers\ftdisk.sys + 2001-09-06 17:59 . 2004-09-02 11:00 262528 c:\windows\system32\drivers\cinemst2.sys + 2001-09-06 20:27 . 2004-09-02 11:00 102457 c:\windows\system32\dllcache\usrv42a.dll + 2001-09-06 20:27 . 2004-09-02 11:00 323641 c:\windows\system32\dllcache\usrdtea.dll + 2001-09-06 20:27 . 2004-09-02 11:00 157696 c:\windows\system32\dllcache\paqsp.dll + 2001-09-06 20:26 . 2004-09-02 11:00 147968 c:\windows\system32\dllcache\mdwmdmsp.dll + 2003-02-20 18:09 . 2003-02-20 18:09 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll + 2003-02-20 18:09 . 2003-02-20 18:09 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll + 2003-02-21 03:42 . 2003-02-21 03:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1336\_msvcr71.dll + 2003-04-07 18:21 . 2003-04-07 18:21 200704 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\System.Windows.Forms.resources.dll + 2003-04-07 18:23 . 2003-04-07 18:23 212992 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\System.Design.resources.dll + 2003-04-07 18:06 . 2003-04-07 18:06 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\ShFusRes.dll + 2003-04-07 18:06 . 2003-04-07 18:06 172032 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\mscorrc.dll + 2003-04-07 18:23 . 2003-04-07 18:23 778240 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\mscorcfg.resources.dll + 2003-02-21 03:42 . 2003-02-21 03:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll + 2003-02-20 17:43 . 2003-02-20 17:43 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll + 2003-02-20 18:16 . 2003-02-20 18:16 798720 c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll + 2003-02-21 09:21 . 2003-02-21 09:21 524288 c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll + 2002-07-29 10:11 . 2002-07-29 10:11 219136 c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll + 2003-04-07 18:06 . 2003-04-07 18:06 180224 c:\windows\Microsoft.NET\Framework\v1.1.4322\1043\Vsavb7rtUI.dll + 2003-04-07 18:07 . 2003-04-07 18:07 151552 c:\windows\Microsoft.NET\Framework\v1.1.4322\1043\vbc7ui.dll + 2003-04-07 18:07 . 2003-04-07 18:07 106496 c:\windows\Microsoft.NET\Framework\v1.1.4322\1043\cscompui.dll + 2003-02-21 04:04 . 2003-02-21 04:04 155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll + 2003-02-21 02:02 . 2003-02-21 02:02 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll + 2002-07-25 17:13 . 2002-07-25 17:13 196608 c:\windows\Downloaded Program Files\dwusplay.exe + 2003-03-18 20:12 . 2003-03-18 20:12 1047552 c:\windows\system32\mfc71u.dll + 2003-03-18 20:20 . 2003-03-18 20:20 1060864 c:\windows\system32\mfc71.dll + 1999-10-18 02:01 . 1999-10-18 02:01 1129232 c:\windows\system32\FM20.DLL + 2003-02-21 06:25 . 2003-02-21 06:25 1564672 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Sigrid^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Sigrid^Menu Start^Programma's^Opstarten^PNotes.lnk] path=c:\documents and settings\Sigrid\Menu Start\Programma's\Opstarten\PNotes.lnk backup=c:\windows\pss\PNotes.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atwtusb] atwtusb.exe beta [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JWOSetup] JWOSetup.exe -en [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2005-08-05 20:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2005-10-14 19:46 77824 -c--a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-10-14 19:50 114688 -c--a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2005-10-14 19:49 94208 -c--a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-06-10 09:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-06-10 09:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2005-03-22 22:20 339968 -c--a-w- c:\windows\stsystra.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMKRun] 2007-01-08 02:47 118784 -c--a-w- c:\program files\JustWrite Office\ScreenMark.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13-9-2010 16:27 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7-9-2010 4:48 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8-12-2010 5:12 248656] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12-11-2010 14:19 297168] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-2-2010 20:25 12872] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [10-5-2010 20:41 67656] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31-1-2012 16:02 7391072] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8-2-2011 5:33 269520] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11-5-2009 17:36 3032360] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3-8-2010 16:23 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [3-8-2010 16:23 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [3-8-2010 16:23 27216] R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [25-9-2007 20:21 22272] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11-5-2009 17:36 15144] . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - xcpip . Inhoud van de 'Gedeelde Taken' map . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-32751472-543435213-70509280-1005Core.job - c:\documents and settings\Sigrid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-14 18:46] . 2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-32751472-543435213-70509280-1005UA.job - c:\documents and settings\Sigrid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-14 18:46] . . ------- Bijkomende Scan ------- . uStart Page = Google IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\documents and settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\jj468ws4.default\ FF - prefs.js: browser.search.selectedEngine - Veoh Web Player Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-04-08 00:36 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(992) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . - - - - - - - > 'explorer.exe'(2240) c:\windows\system32\webcheck.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\progra~1\AVG\AVG10\avgchsvx.exe c:\progra~1\AVG\AVG10\avgrsx.exe c:\windows\system32\Ati2evxx.exe c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\WTablet\Pen_TabletUser.exe c:\program files\AVG\AVG10\avgnsx.exe c:\windows\ehome\mcrdsvc.exe . ************************************************************************** . Voltooingstijd: 2012-04-08 00:39:03 - machine werd herstart ComboFix-quarantined-files.txt 2012-04-07 22:38 ComboFix2.txt 2012-04-06 10:09 . Pre-Run: 188.676.829.184 bytes beschikbaar Post-Run: 188.659.748.864 bytes beschikbaar . - - End Of File - - E2A84C8029B7C32D229578440D48D977 10:44:48.0750 1864 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02 10:44:48.0828 1864 ============================================================ 10:44:48.0828 1864 Current date / time: 2012/04/08 10:44:48.0828 10:44:48.0828 1864 SystemInfo: 10:44:48.0828 1864 10:44:48.0828 1864 OS Version: 5.1.2600 ServicePack: 3.0 10:44:48.0828 1864 Product type: Workstation 10:44:48.0828 1864 ComputerName: D55TMB2J 10:44:48.0828 1864 UserName: Sigrid 10:44:48.0828 1864 Windows directory: C:\WINDOWS 10:44:48.0828 1864 System windows directory: C:\WINDOWS 10:44:48.0828 1864 Processor architecture: Intel x86 10:44:48.0828 1864 Number of processors: 2 10:44:48.0828 1864 Page size: 0x1000 10:44:48.0828 1864 Boot type: Normal boot 10:44:48.0828 1864 ============================================================ 10:44:50.0484 1864 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 10:44:50.0484 1864 \Device\Harddisk0\DR0: 10:44:50.0484 1864 MBR used 10:44:50.0484 1864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1C844A15 10:44:50.0546 1864 Initialize success 10:44:50.0546 1864 ============================================================ 10:45:06.0406 2460 ============================================================ 10:45:06.0406 2460 Scan started 10:45:06.0406 2460 Mode: Manual; 10:45:06.0406 2460 ============================================================ 10:45:06.0640 2460 Abiosdsk - ok 10:45:06.0703 2460 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 10:45:06.0718 2460 abp480n5 - ok 10:45:06.0812 2460 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:45:06.0812 2460 ACPI - ok 10:45:06.0859 2460 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys 10:45:06.0859 2460 ACPIEC - ok 10:45:06.0937 2460 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 10:45:06.0953 2460 Adobe LM Service - ok 10:45:06.0984 2460 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 10:45:06.0984 2460 adpu160m - ok 10:45:07.0015 2460 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 10:45:07.0015 2460 aec - ok 10:45:07.0078 2460 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 10:45:07.0078 2460 AFD - ok 10:45:07.0125 2460 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 10:45:07.0125 2460 agp440 - ok 10:45:07.0187 2460 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 10:45:07.0187 2460 agpCPQ - ok 10:45:07.0203 2460 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 10:45:07.0203 2460 Aha154x - ok 10:45:07.0218 2460 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 10:45:07.0218 2460 aic78u2 - ok 10:45:07.0234 2460 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 10:45:07.0250 2460 aic78xx - ok 10:45:07.0265 2460 aiptektp (d4944a84245f67094fd4867f2c1b6993) C:\WINDOWS\system32\DRIVERS\aiptektp.sys 10:45:07.0265 2460 aiptektp - ok 10:45:07.0281 2460 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll 10:45:07.0281 2460 Alerter - ok 10:45:07.0312 2460 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe 10:45:07.0312 2460 ALG - ok 10:45:07.0390 2460 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 10:45:07.0390 2460 AliIde - ok 10:45:07.0500 2460 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 10:45:07.0500 2460 alim1541 - ok 10:45:07.0546 2460 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 10:45:07.0562 2460 amdagp - ok 10:45:07.0578 2460 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 10:45:07.0593 2460 amsint - ok 10:45:07.0671 2460 AppMgmt (434a70fa278eb3c42140e3755c2fa4f8) C:\WINDOWS\System32\appmgmts.dll 10:45:07.0671 2460 AppMgmt - ok 10:45:07.0718 2460 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 10:45:07.0734 2460 asc - ok 10:45:07.0734 2460 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 10:45:07.0750 2460 asc3350p - ok 10:45:07.0796 2460 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 10:45:07.0796 2460 asc3550 - ok 10:45:07.0828 2460 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\WINDOWS\system32\ASNDIS5.SYS 10:45:07.0828 2460 ASNDIS5 - ok 10:45:07.0953 2460 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 10:45:07.0984 2460 aspnet_state - ok 10:45:08.0015 2460 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:45:08.0015 2460 AsyncMac - ok 10:45:08.0046 2460 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 10:45:08.0046 2460 atapi - ok 10:45:08.0062 2460 Atdisk - ok 10:45:08.0125 2460 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe 10:45:08.0125 2460 Ati HotKey Poller - ok 10:45:08.0218 2460 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 10:45:08.0218 2460 ati2mtag - ok 10:45:08.0265 2460 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:45:08.0265 2460 Atmarpc - ok 10:45:08.0296 2460 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll 10:45:08.0296 2460 AudioSrv - ok 10:45:08.0406 2460 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 10:45:08.0406 2460 audstub - ok 10:45:08.0765 2460 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe 10:45:08.0828 2460 AVGIDSAgent - ok 10:45:08.0953 2460 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 10:45:08.0953 2460 AVGIDSDriver - ok 10:45:09.0000 2460 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 10:45:09.0000 2460 AVGIDSEH - ok 10:45:09.0031 2460 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 10:45:09.0031 2460 AVGIDSFilter - ok 10:45:09.0093 2460 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 10:45:09.0093 2460 AVGIDSShim - ok 10:45:09.0156 2460 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 10:45:09.0156 2460 Avgldx86 - ok 10:45:09.0171 2460 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 10:45:09.0171 2460 Avgmfx86 - ok 10:45:09.0234 2460 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 10:45:09.0234 2460 Avgrkx86 - ok 10:45:09.0296 2460 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 10:45:09.0296 2460 Avgtdix - ok 10:45:09.0343 2460 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe 10:45:09.0359 2460 avgwd - ok 10:45:09.0359 2460 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 10:45:09.0375 2460 Beep - ok 10:45:09.0421 2460 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll 10:45:09.0421 2460 BITS - ok 10:45:09.0468 2460 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll 10:45:09.0468 2460 Browser - ok 10:45:09.0468 2460 catchme - ok 10:45:09.0515 2460 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 10:45:09.0515 2460 cbidf - ok 10:45:09.0515 2460 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 10:45:09.0515 2460 cbidf2k - ok 10:45:09.0546 2460 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 10:45:09.0546 2460 CCDECODE - ok 10:45:09.0578 2460 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 10:45:09.0578 2460 cd20xrnt - ok 10:45:09.0609 2460 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 10:45:09.0625 2460 Cdaudio - ok 10:45:09.0625 2460 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 10:45:09.0640 2460 Cdfs - ok 10:45:09.0656 2460 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:45:09.0656 2460 Cdrom - ok 10:45:09.0656 2460 Changer - ok 10:45:09.0703 2460 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe 10:45:09.0703 2460 CiSvc - ok 10:45:09.0781 2460 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe 10:45:09.0781 2460 ClipSrv - ok 10:45:09.0906 2460 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:45:09.0937 2460 clr_optimization_v2.0.50727_32 - ok 10:45:10.0062 2460 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\system32\DRIVERS\cmdide.sys 10:45:10.0062 2460 CmdIde - ok 10:45:10.0078 2460 COMSysApp - ok 10:45:10.0140 2460 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 10:45:10.0140 2460 Cpqarray - ok 10:45:10.0187 2460 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll 10:45:10.0187 2460 CryptSvc - ok 10:45:10.0234 2460 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 10:45:10.0234 2460 dac2w2k - ok 10:45:10.0265 2460 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 10:45:10.0265 2460 dac960nt - ok 10:45:10.0328 2460 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll 10:45:10.0328 2460 DcomLaunch - ok 10:45:10.0375 2460 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll 10:45:10.0390 2460 Dhcp - ok 10:45:10.0437 2460 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 10:45:10.0453 2460 Disk - ok 10:45:10.0453 2460 dmadmin - ok 10:45:10.0500 2460 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 10:45:10.0500 2460 dmboot - ok 10:45:10.0562 2460 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 10:45:10.0562 2460 dmio - ok 10:45:10.0562 2460 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 10:45:10.0562 2460 dmload - ok 10:45:10.0625 2460 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll 10:45:10.0625 2460 dmserver - ok 10:45:10.0687 2460 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 10:45:10.0687 2460 DMusic - ok 10:45:10.0750 2460 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll 10:45:10.0750 2460 Dnscache - ok 10:45:10.0796 2460 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll 10:45:10.0796 2460 Dot3svc - ok 10:45:10.0828 2460 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 10:45:10.0843 2460 dpti2o - ok 10:45:10.0859 2460 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 10:45:10.0859 2460 drmkaud - ok 10:45:10.0937 2460 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys 10:45:10.0937 2460 E100B - ok 10:45:10.0984 2460 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll 10:45:10.0984 2460 EapHost - ok 10:45:11.0015 2460 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll 10:45:11.0015 2460 ERSvc - ok 10:45:11.0109 2460 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 10:45:11.0109 2460 Eventlog - ok 10:45:11.0187 2460 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll 10:45:11.0187 2460 EventSystem - ok 10:45:11.0250 2460 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 10:45:11.0250 2460 Fastfat - ok 10:45:11.0312 2460 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 10:45:11.0328 2460 FastUserSwitchingCompatibility - ok 10:45:11.0390 2460 Fax (4914736e61f561dad588af2aaa0df0f0) C:\WINDOWS\system32\fxssvc.exe 10:45:11.0390 2460 Fax - ok 10:45:11.0421 2460 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 10:45:11.0437 2460 Fdc - ok 10:45:11.0468 2460 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 10:45:11.0484 2460 Fips - ok 10:45:11.0500 2460 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 10:45:11.0500 2460 Flpydisk - ok 10:45:11.0546 2460 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 10:45:11.0546 2460 FltMgr - ok 10:45:11.0718 2460 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 10:45:11.0718 2460 FontCache3.0.0.0 - ok 10:45:11.0750 2460 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:45:11.0765 2460 Fs_Rec - ok 10:45:11.0812 2460 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:45:11.0812 2460 Ftdisk - ok 10:45:11.0843 2460 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:45:11.0843 2460 Gpc - ok 10:45:11.0906 2460 hcwPP2 (ecc2b633b909448c2806ea36ffea1933) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys 10:45:11.0906 2460 hcwPP2 - ok 10:45:11.0984 2460 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 10:45:11.0984 2460 HDAudBus - ok 10:45:12.0093 2460 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 10:45:12.0093 2460 helpsvc - ok 10:45:12.0140 2460 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll 10:45:12.0140 2460 HidServ - ok 10:45:12.0250 2460 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:45:12.0250 2460 HidUsb - ok 10:45:12.0312 2460 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll 10:45:12.0312 2460 hkmsvc - ok 10:45:12.0343 2460 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 10:45:12.0359 2460 hpn - ok 10:45:12.0406 2460 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 10:45:12.0406 2460 HTTP - ok 10:45:12.0453 2460 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll 10:45:12.0453 2460 HTTPFilter - ok 10:45:12.0500 2460 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 10:45:12.0500 2460 i2omgmt - ok 10:45:12.0531 2460 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 10:45:12.0531 2460 i2omp - ok 10:45:12.0562 2460 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 10:45:12.0562 2460 i8042prt - ok 10:45:12.0625 2460 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 10:45:12.0625 2460 ialm - ok 10:45:12.0796 2460 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 10:45:12.0796 2460 IDriverT - ok 10:45:12.0984 2460 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 10:45:12.0984 2460 idsvc - ok 10:45:13.0031 2460 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 10:45:13.0031 2460 Imapi - ok 10:45:13.0093 2460 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe 10:45:13.0093 2460 ImapiService - ok 10:45:13.0187 2460 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 10:45:13.0187 2460 ini910u - ok 10:45:13.0203 2460 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys 10:45:13.0218 2460 IntelIde - ok 10:45:13.0250 2460 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys 10:45:13.0250 2460 intelppm - ok 10:45:13.0343 2460 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 10:45:13.0343 2460 Ip6Fw - ok 10:45:13.0546 2460 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:45:13.0546 2460 IpFilterDriver - ok 10:45:13.0609 2460 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:45:13.0609 2460 IpInIp - ok 10:45:13.0656 2460 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:45:13.0656 2460 IpNat - ok 10:45:13.0703 2460 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:45:13.0718 2460 IPSec - ok 10:45:13.0765 2460 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 10:45:13.0765 2460 IRENUM - ok 10:45:13.0812 2460 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:45:13.0812 2460 isapnp - ok 10:45:14.0015 2460 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe 10:45:14.0015 2460 JavaQuickStarterService - ok 10:45:14.0078 2460 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:45:14.0078 2460 Kbdclass - ok 10:45:14.0140 2460 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 10:45:14.0140 2460 kbdhid - ok 10:45:14.0187 2460 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 10:45:14.0203 2460 kmixer - ok 10:45:14.0234 2460 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 10:45:14.0234 2460 KSecDD - ok 10:45:14.0312 2460 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll 10:45:14.0312 2460 lanmanserver - ok 10:45:14.0375 2460 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll 10:45:14.0390 2460 lanmanworkstation - ok 10:45:14.0390 2460 Lbd - ok 10:45:14.0406 2460 lbrtfdc - ok 10:45:14.0468 2460 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll 10:45:14.0468 2460 LmHosts - ok 10:45:14.0515 2460 McrdSvc (88ec8e7905ec13e51884e00a3f026223) C:\WINDOWS\ehome\mcrdsvc.exe 10:45:14.0515 2460 McrdSvc - ok 10:45:14.0578 2460 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys 10:45:14.0578 2460 MDC8021X - ok 10:45:14.0609 2460 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll 10:45:14.0625 2460 Messenger - ok 10:45:14.0640 2460 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll 10:45:14.0640 2460 MHN - ok 10:45:14.0687 2460 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 10:45:14.0687 2460 MHNDRV - ok 10:45:14.0765 2460 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 10:45:14.0765 2460 mnmdd - ok 10:45:14.0828 2460 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe 10:45:14.0828 2460 mnmsrvc - ok 10:45:14.0890 2460 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 10:45:14.0906 2460 Modem - ok 10:45:14.0921 2460 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:45:14.0921 2460 Mouclass - ok 10:45:14.0953 2460 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 10:45:14.0953 2460 mouhid - ok 10:45:15.0000 2460 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 10:45:15.0000 2460 MountMgr - ok 10:45:15.0062 2460 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 10:45:15.0078 2460 mraid35x - ok 10:45:15.0093 2460 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:45:15.0093 2460 MRxDAV - ok 10:45:15.0156 2460 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:45:15.0156 2460 MRxSmb - ok 10:45:15.0203 2460 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe 10:45:15.0203 2460 MSDTC - ok 10:45:15.0234 2460 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 10:45:15.0234 2460 Msfs - ok 10:45:15.0250 2460 MSIServer - ok 10:45:15.0265 2460 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:45:15.0265 2460 MSKSSRV - ok 10:45:15.0281 2460 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:45:15.0281 2460 MSPCLOCK - ok 10:45:15.0296 2460 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 10:45:15.0296 2460 MSPQM - ok 10:45:15.0343 2460 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:45:15.0343 2460 mssmbios - ok 10:45:15.0375 2460 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 10:45:15.0375 2460 MSTEE - ok 10:45:15.0390 2460 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 10:45:15.0390 2460 Mup - ok 10:45:15.0421 2460 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 10:45:15.0421 2460 NABTSFEC - ok 10:45:15.0453 2460 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll 10:45:15.0468 2460 napagent - ok 10:45:15.0937 2460 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe 10:45:15.0953 2460 NBService - ok 10:45:16.0140 2460 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 10:45:16.0140 2460 NDIS - ok 10:45:16.0187 2460 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 10:45:16.0187 2460 NdisIP - ok 10:45:16.0218 2460 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:45:16.0218 2460 NdisTapi - ok 10:45:16.0281 2460 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:45:16.0281 2460 Ndisuio - ok 10:45:16.0281 2460 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:45:16.0281 2460 NdisWan - ok 10:45:16.0343 2460 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 10:45:16.0359 2460 NDProxy - ok 10:45:16.0359 2460 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 10:45:16.0375 2460 NetBIOS - ok 10:45:16.0421 2460 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 10:45:16.0421 2460 NetBT - ok 10:45:16.0468 2460 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 10:45:16.0468 2460 NetDDE - ok 10:45:16.0468 2460 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 10:45:16.0468 2460 NetDDEdsdm - ok 10:45:16.0515 2460 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:45:16.0515 2460 Netlogon - ok 10:45:16.0578 2460 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll 10:45:16.0578 2460 Netman - ok 10:45:16.0734 2460 NetSvc (9da26b773bd04b867a8e9f427cd048fc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe 10:45:16.0734 2460 NetSvc - ok 10:45:16.0875 2460 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 10:45:16.0875 2460 NetTcpPortSharing - ok 10:45:16.0968 2460 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll 10:45:16.0968 2460 Nla - ok 10:45:17.0078 2460 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 10:45:17.0093 2460 NMIndexingService - ok 10:45:17.0250 2460 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 10:45:17.0250 2460 Npfs - ok 10:45:17.0328 2460 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 10:45:17.0359 2460 Ntfs - ok 10:45:17.0359 2460 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:45:17.0359 2460 NtLmSsp - ok 10:45:17.0421 2460 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll 10:45:17.0421 2460 NtmsSvc - ok 10:45:17.0453 2460 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 10:45:17.0453 2460 Null - ok 10:45:17.0562 2460 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10:45:17.0578 2460 nv - ok 10:45:17.0609 2460 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:45:17.0609 2460 NwlnkFlt - ok 10:45:17.0609 2460 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:45:17.0609 2460 NwlnkFwd - ok 10:45:17.0640 2460 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys 10:45:17.0640 2460 Parport - ok 10:45:17.0671 2460 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 10:45:17.0671 2460 PartMgr - ok 10:45:17.0687 2460 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 10:45:17.0703 2460 ParVdm - ok 10:45:17.0703 2460 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 10:45:17.0703 2460 PCI - ok 10:45:17.0718 2460 PCIDump - ok 10:45:17.0718 2460 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 10:45:17.0734 2460 PCIIde - ok 10:45:17.0765 2460 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys 10:45:17.0765 2460 Pcmcia - ok 10:45:17.0765 2460 PDCOMP - ok 10:45:17.0781 2460 PDFRAME - ok 10:45:17.0796 2460 PDRELI - ok 10:45:17.0796 2460 PDRFRAME - ok 10:45:17.0812 2460 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 10:45:17.0812 2460 perc2 - ok 10:45:17.0843 2460 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 10:45:17.0843 2460 perc2hib - ok 10:45:17.0906 2460 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 10:45:17.0906 2460 PlugPlay - ok 10:45:17.0937 2460 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:45:17.0937 2460 PolicyAgent - ok 10:45:18.0015 2460 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:45:18.0031 2460 PptpMiniport - ok 10:45:18.0031 2460 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:45:18.0031 2460 ProtectedStorage - ok 10:45:18.0046 2460 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 10:45:18.0046 2460 PSched - ok 10:45:18.0046 2460 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:45:18.0062 2460 Ptilink - ok 10:45:18.0062 2460 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 10:45:18.0062 2460 PxHelp20 - ok 10:45:18.0093 2460 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 10:45:18.0093 2460 ql1080 - ok 10:45:18.0109 2460 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 10:45:18.0109 2460 Ql10wnt - ok 10:45:18.0125 2460 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 10:45:18.0125 2460 ql12160 - ok 10:45:18.0125 2460 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 10:45:18.0125 2460 ql1240 - ok 10:45:18.0203 2460 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 10:45:18.0218 2460 ql1280 - ok 10:45:18.0437 2460 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys 10:45:18.0437 2460 QV2KUX - ok 10:45:18.0484 2460 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:45:18.0484 2460 RasAcd - ok 10:45:18.0531 2460 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll 10:45:18.0531 2460 RasAuto - ok 10:45:18.0562 2460 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:45:18.0562 2460 Rasl2tp - ok 10:45:18.0625 2460 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll 10:45:18.0625 2460 RasMan - ok 10:45:18.0640 2460 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:45:18.0640 2460 RasPppoe - ok 10:45:18.0687 2460 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 10:45:18.0687 2460 Raspti - ok 10:45:18.0718 2460 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:45:18.0718 2460 Rdbss - ok 10:45:18.0734 2460 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:45:18.0734 2460 RDPCDD - ok 10:45:18.0765 2460 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 10:45:18.0765 2460 rdpdr - ok 10:45:18.0828 2460 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 10:45:18.0828 2460 RDPWD - ok 10:45:18.0890 2460 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe 10:45:18.0906 2460 RDSessMgr - ok 10:45:18.0953 2460 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 10:45:18.0953 2460 redbook - ok 10:45:19.0000 2460 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll 10:45:19.0000 2460 RemoteAccess - ok 10:45:19.0031 2460 RemoteRegistry (2fd5b89bf9289c774c5c730dea96cd91) C:\WINDOWS\system32\regsvc.dll 10:45:19.0031 2460 RemoteRegistry - ok 10:45:19.0078 2460 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe 10:45:19.0078 2460 RpcLocator - ok 10:45:19.0187 2460 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\System32\rpcss.dll 10:45:19.0187 2460 RpcSs - ok 10:45:19.0234 2460 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe 10:45:19.0250 2460 RSVP - ok 10:45:19.0343 2460 RT2500USB (6f6ce24f243458c92b54e0016ad46bd7) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys 10:45:19.0343 2460 RT2500USB - ok 10:45:19.0406 2460 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:45:19.0406 2460 SamSs - ok 10:45:19.0531 2460 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 10:45:19.0531 2460 SASDIFSV - ok 10:45:19.0546 2460 SAS***IL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS 10:45:19.0546 2460 SAS***IL - ok 10:45:19.0578 2460 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe 10:45:19.0593 2460 SCardSvr - ok 10:45:19.0640 2460 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll 10:45:19.0640 2460 Schedule - ok 10:45:19.0687 2460 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:45:19.0687 2460 Secdrv - ok 10:45:19.0703 2460 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll 10:45:19.0718 2460 seclogon - ok 10:45:19.0750 2460 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll 10:45:19.0750 2460 SENS - ok 10:45:19.0796 2460 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 10:45:19.0796 2460 serenum - ok 10:45:19.0843 2460 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys 10:45:19.0843 2460 Serial - ok 10:45:19.0875 2460 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 10:45:19.0875 2460 Sfloppy - ok 10:45:19.0937 2460 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll 10:45:19.0953 2460 SharedAccess - ok 10:45:20.0000 2460 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 10:45:20.0015 2460 ShellHWDetection - ok 10:45:20.0078 2460 Simbad - ok 10:45:20.0109 2460 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 10:45:20.0109 2460 sisagp - ok 10:45:20.0140 2460 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 10:45:20.0140 2460 SLIP - ok 10:45:20.0171 2460 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 10:45:20.0171 2460 Sparrow - ok 10:45:20.0218 2460 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 10:45:20.0218 2460 splitter - ok 10:45:20.0265 2460 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 10:45:20.0265 2460 Spooler - ok 10:45:20.0312 2460 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 10:45:20.0312 2460 sr - ok 10:45:20.0343 2460 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll 10:45:20.0343 2460 srservice - ok 10:45:20.0390 2460 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 10:45:20.0406 2460 Srv - ok 10:45:20.0468 2460 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll 10:45:20.0468 2460 SSDPSRV - ok 10:45:20.0640 2460 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys 10:45:20.0640 2460 STHDA - ok 10:45:20.0812 2460 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll 10:45:20.0812 2460 stisvc - ok 10:45:20.0906 2460 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 10:45:20.0906 2460 streamip - ok 10:45:20.0937 2460 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 10:45:20.0937 2460 swenum - ok 10:45:20.0984 2460 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 10:45:21.0000 2460 swmidi - ok 10:45:21.0000 2460 SwPrv - ok 10:45:21.0046 2460 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 10:45:21.0062 2460 symc810 - ok 10:45:21.0093 2460 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 10:45:21.0093 2460 symc8xx - ok 10:45:21.0109 2460 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 10:45:21.0109 2460 sym_hi - ok 10:45:21.0109 2460 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 10:45:21.0109 2460 sym_u3 - ok 10:45:21.0156 2460 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 10:45:21.0156 2460 sysaudio - ok 10:45:21.0203 2460 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe 10:45:21.0203 2460 SysmonLog - ok 10:45:21.0328 2460 TabletServicePen (5781d4c12d0d204447f9936d421c1b80) C:\WINDOWS\system32\Pen_Tablet.exe 10:45:21.0343 2460 TabletServicePen - ok 10:45:21.0406 2460 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll 10:45:21.0421 2460 TapiSrv - ok 10:45:21.0484 2460 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:45:21.0484 2460 Tcpip - ok 10:45:21.0531 2460 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 10:45:21.0531 2460 TDPIPE - ok 10:45:21.0593 2460 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 10:45:21.0593 2460 TDTCP - ok 10:45:21.0625 2460 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 10:45:21.0625 2460 TermDD - ok 10:45:21.0703 2460 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll 10:45:21.0703 2460 TermService - ok 10:45:21.0765 2460 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 10:45:21.0765 2460 Themes - ok 10:45:21.0812 2460 TlntSvr (78a2fe13662a119875f10e9ffcb49a8f) C:\WINDOWS\system32\tlntsvr.exe 10:45:21.0812 2460 TlntSvr - ok 10:45:21.0875 2460 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\system32\DRIVERS\toside.sys 10:45:21.0875 2460 TosIde - ok 10:45:21.0890 2460 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll 10:45:21.0890 2460 TrkWks - ok 10:45:21.0953 2460 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 10:45:21.0953 2460 Udfs - ok 10:45:21.0984 2460 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 10:45:21.0984 2460 ultra - ok 10:45:22.0046 2460 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe 10:45:22.0046 2460 UMWdf - ok 10:45:22.0140 2460 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 10:45:22.0156 2460 Update - ok 10:45:22.0312 2460 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll 10:45:22.0312 2460 upnphost - ok 10:45:22.0718 2460 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe 10:45:22.0718 2460 UPS - ok 10:45:23.0656 2460 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 10:45:23.0656 2460 usbehci - ok 10:45:24.0156 2460 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:45:24.0156 2460 usbhub - ok 10:45:24.0593 2460 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 10:45:24.0593 2460 usbprint - ok 10:45:24.0734 2460 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:45:24.0734 2460 USBSTOR - ok 10:45:24.0765 2460 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 10:45:24.0765 2460 usbuhci - ok 10:45:24.0828 2460 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 10:45:24.0828 2460 VgaSave - ok 10:45:24.0875 2460 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 10:45:24.0875 2460 viaagp - ok 10:45:24.0890 2460 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 10:45:24.0890 2460 ViaIde - ok 10:45:24.0937 2460 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 10:45:24.0953 2460 VolSnap - ok 10:45:25.0015 2460 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe 10:45:25.0015 2460 VSS - ok 10:45:25.0062 2460 w32time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll 10:45:25.0078 2460 w32time - ok 10:45:25.0156 2460 wacmoumonitor (85f2115fea646693c195c101e15f5667) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys 10:45:25.0156 2460 wacmoumonitor - ok 10:45:25.0187 2460 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys 10:45:25.0187 2460 wacommousefilter - ok 10:45:25.0250 2460 wacomvhid (a45bc72e1bbf4286a58ef9b894871394) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys 10:45:25.0250 2460 wacomvhid - ok 10:45:25.0265 2460 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys 10:45:25.0265 2460 WacomVKHid - ok 10:45:25.0312 2460 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:45:25.0312 2460 Wanarp - ok 10:45:25.0312 2460 WDICA - ok 10:45:25.0359 2460 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 10:45:25.0359 2460 wdmaud - ok 10:45:25.0421 2460 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll 10:45:25.0437 2460 WebClient - ok 10:45:25.0531 2460 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll 10:45:25.0531 2460 winmgmt - ok 10:45:25.0656 2460 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll 10:45:25.0656 2460 WmdmPmSN - ok 10:45:25.0843 2460 Wmi (93f8eb8c7cd4e325ec92edbfc545103d) C:\WINDOWS\System32\advapi32.dll 10:45:25.0843 2460 Wmi - ok 10:45:25.0968 2460 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe 10:45:25.0968 2460 WmiApSrv - ok 10:45:26.0093 2460 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 10:45:26.0093 2460 WS2IFSL - ok 10:45:26.0156 2460 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll 10:45:26.0156 2460 wscsvc - ok 10:45:26.0203 2460 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 10:45:26.0203 2460 WSTCODEC - ok 10:45:26.0250 2460 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll 10:45:26.0250 2460 wuauserv - ok 10:45:26.0343 2460 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll 10:45:26.0359 2460 WZCSVC - ok 10:45:26.0359 2460 xcpip - ok 10:45:26.0390 2460 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll 10:45:26.0406 2460 xmlprov - ok 10:45:26.0406 2460 xpsec - ok 10:45:26.0437 2460 MBR (0x1B8) (01d0f71795f2cd0dc04f3eac61d62b4f) \Device\Harddisk0\DR0 10:45:26.0437 2460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected 10:45:26.0437 2460 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0) 10:45:26.0453 2460 Boot (0x1200) (2e69ab54a9837c332529ca38373478c0) \Device\Harddisk0\DR0\Partition0 10:45:26.0453 2460 \Device\Harddisk0\DR0\Partition0 - ok 10:45:26.0453 2460 ============================================================ 10:45:26.0453 2460 Scan finished 10:45:26.0453 2460 ============================================================ 10:45:26.0468 3760 Detected object count: 1 10:45:26.0468 3760 Actual detected object count: 1 10:46:16.0343 3760 \Device\Harddisk0\DR0\# - copied to quarantine 10:46:16.0343 3760 \Device\Harddisk0\DR0 - copied to quarantine 10:46:16.0343 3760 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot 10:46:16.0359 3760 \Device\Harddisk0\DR0 - ok 10:46:16.0359 3760 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure 10:46:27.0500 3844 Deinitialize success

Bij het heropstarten gaf AVG melding van een bedreiging: C:\COMBOFIX\REGT.3XE. Verplaatsen naar quarantaine of negeren? Ook is er plotseling een extra IE-icoon op mijn bureaublad verschenen, naast de snelkoppeling die ik al had. Hieronder de log van combofix: ComboFix 12-04-06.02 - Sigrid 06-04-2012 11:55:37.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.581 [GMT 2:00] Gestart vanuit: c:\documents and settings\Sigrid\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP c:\documents and settings\Sigrid\WINDOWS c:\program files\mbam--setup-1.60.1.1000.exe c:\windows\IsUn0413.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_xcpip . . (((((((((((((((((((( Bestanden Gemaakt van 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))) . . 2012-04-06 08:54 . 2012-04-06 08:54 -------- d-----w- c:\documents and settings\Sigrid\Application Data\Malwarebytes 2012-04-06 08:53 . 2012-04-06 08:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-04-06 08:51 . 2012-04-06 08:51 -------- d-----w- c:\program files\backups 2012-04-05 13:46 . 2012-04-06 09:13 -------- d--h--r- c:\documents and settings\Sigrid\Onlangs geopend 2012-04-05 12:50 . 2012-04-05 12:50 388608 ----a-w- c:\program files\HijackThis.exe 2012-04-05 10:42 . 2012-02-24 08:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-04-05 10:42 . 2012-04-05 15:16 -------- d-----w- c:\program files\Common Files\PC Tools 2012-04-05 10:42 . 2012-04-05 12:42 -------- d-----w- c:\program files\PC Tools 2012-04-05 10:39 . 2012-04-05 10:39 -------- d-----w- c:\documents and settings\Sigrid\Application Data\TestApp 2012-04-05 10:39 . 2012-04-05 10:39 3834832 ----a-w- c:\program files\sdsetup.exe 2012-04-02 21:42 . 2012-04-02 21:44 74761776 ----a-w- c:\program files\avast_free_antivirus_setup.exe 2012-04-01 18:44 . 2012-04-01 18:44 -------- d-sh--w- c:\documents and settings\Sigrid\IECompatCache 2012-03-21 16:13 . 2012-03-21 16:13 -------- d-sh--w- c:\documents and settings\Sigrid\PrivacIE 2012-03-18 11:03 . 2012-03-18 11:03 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-18 11:03 . 2012-03-18 11:03 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll 2012-03-18 10:58 . 2012-03-18 10:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2012-03-18 10:58 . 2012-03-18 10:58 -------- d-sh--w- c:\documents and settings\Sigrid\IETldCache 2012-03-17 23:05 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll 2012-03-17 23:03 . 2011-12-17 19:42 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2012-03-17 23:03 . 2011-12-17 19:42 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2012-03-17 23:03 . 2011-12-17 19:42 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2012-03-17 23:01 . 2012-03-17 23:03 -------- dc-h--w- c:\windows\ie8 . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-03 09:57 . 2005-09-02 01:05 1860224 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:07 . 2012-02-17 11:16 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2005-09-02 01:23 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2009-05-15 22:35 . 2011-02-22 14:03 3439918 ----a-w- c:\program files\CEP_Setup.exe 2009-01-13 16:39 . 2009-01-13 16:39 1851544 -c--a-w- c:\program files\install_flash_player2.exe 2009-01-11 08:15 . 2009-01-11 08:15 8146816 -c--a-w- c:\program files\Firefox Setup 3.0.5.exe 2008-05-01 16:58 . 2008-05-01 16:57 4585912 -c--a-w- c:\program files\Shockwave_Installer_Slim.exe 2008-04-03 17:57 . 2008-04-03 17:53 59782440 -c--a-w- c:\program files\iTunesSetup.exe 2007-12-14 10:37 . 2007-12-14 09:56 205471728 -c--a-w- c:\program files\SPSS16.0EvalVersion-a.exe 2007-09-17 14:53 . 2007-09-17 14:52 17874288 -c--a-w- c:\program files\Install_Messenger.exe 2007-09-03 13:48 . 2007-09-03 13:48 1164456 -c--a-w- c:\program files\install_flash_player.exe 2007-01-13 16:37 . 2007-09-09 11:07 9453630 -c--a-w- c:\program files\vlc-0.8.6a-win32.exe 2006-08-06 09:51 . 2007-09-09 11:07 1102865 -c--a-w- c:\program files\wrar350nl.exe 2012-03-18 11:03 . 2011-06-02 11:56 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Sigrid^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Sigrid^Menu Start^Programma's^Opstarten^PNotes.lnk] path=c:\documents and settings\Sigrid\Menu Start\Programma's\Opstarten\PNotes.lnk backup=c:\windows\pss\PNotes.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atwtusb] atwtusb.exe beta [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JWOSetup] JWOSetup.exe -en [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2005-08-05 20:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2005-10-14 19:46 77824 -c--a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-10-14 19:50 114688 -c--a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2005-10-14 19:49 94208 -c--a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-06-10 09:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-06-10 09:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2005-03-22 22:20 339968 -c--a-w- c:\windows\stsystra.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMKRun] 2007-01-08 02:47 118784 -c--a-w- c:\program files\JustWrite Office\ScreenMark.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13-9-2010 16:27 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7-9-2010 4:48 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8-12-2010 5:12 248656] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12-11-2010 14:19 297168] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-2-2010 20:25 12872] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [10-5-2010 20:41 67656] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31-1-2012 16:02 7391072] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8-2-2011 5:33 269520] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11-5-2009 17:36 3032360] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3-8-2010 16:23 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [3-8-2010 16:23 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [3-8-2010 16:23 27216] R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [25-9-2007 20:21 22272] S3 g71wf8dok.sys;g71wf8dok.sys;\??\c:\windows\system32\drivers\g71wf8dok.sys --> c:\windows\system32\drivers\g71wf8dok.sys [?] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11-5-2009 17:36 15144] . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - xcpip . Inhoud van de 'Gedeelde Taken' map . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-32751472-543435213-70509280-1005Core.job - c:\documents and settings\Sigrid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-14 18:46] . 2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-32751472-543435213-70509280-1005UA.job - c:\documents and settings\Sigrid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-14 18:46] . . ------- Bijkomende Scan ------- . uStart Page = Google IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\documents and settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\jj468ws4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Veoh Web Player Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-04-06 12:04 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(828) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . - - - - - - - > 'explorer.exe'(1284) c:\windows\system32\webcheck.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\progra~1\AVG\AVG10\avgchsvx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\WTablet\Pen_TabletUser.exe c:\program files\AVG\AVG10\avgnsx.exe c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe c:\progra~1\AVG\AVG10\avgrsx.exe c:\program files\AVG\AVG10\avgcsrvx.exe . ************************************************************************** . Voltooingstijd: 2012-04-06 12:09:23 - machine werd herstart ComboFix-quarantined-files.txt 2012-04-06 10:09 . Pre-Run: 188.848.910.336 bytes beschikbaar Post-Run: 188.846.911.488 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 2271565EB3739729E98C70D17D66D07A

MBAM vindt niks, heb dan ook de computer niet opnieuw opgestart. AVG vindt de Trojan echter nog steeds. Hieronder de logjes. Malwarebytes Anti-Malware 1.60.1.1000 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.04.06.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Sigrid :: D55TMB2J [administrator] 6-4-2012 10:55:21 mbam-log-2012-04-06 (10-55-21).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 222092 Verstreken tijd: 7 minuut/minuten, 31 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:13:30, on 6-4-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sigrid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe -- End of file - 5746 bytes

Bedankt voor de reactie! Morgenochtend ga ik ermee aan de slag. Is het noodzakelijk om AVG (tijdelijk) uit te schakelen wanneer ik scan met MBAM?

Hallo allemaal, Sinds het afgelopen weekend geeft AVG aan dat ik een Trojan op mijn pc heb. AVG kan het zelf niet verwijderen en mij lukt het ook niet met andere virusscanners (avast!, spyware doctor), die soms het virus niet eens kunnen vinden. Bij iedere scan door AVG, worden steevast twee (aan elkaar gerelateerde?) infecties gevonden. De bestandnamen van deze infecties variëren steeds licht. Hieronder een aantal voorbeelden van 3 aparte scans: Scan 1 "";"C:\WINDOWS\system32\services.exe (2028)";"Trojaans paard PSW.Agent.AUES";"" "";"C:\WINDOWS\system32\services.exe (2028):\memory_006f0000";"Trojaans paard PSW.Agent.AUES";"Object is niet toegankelijk" Scan 2 "";"C:\WINDOWS\system32\services.exe (1076)";"Trojaans paard PSW.Agent.AUES";"" "";"C:\WINDOWS\system32\services.exe (1076):\memory_00e20000";"Trojaans paard PSW.Agent.AUES";"Object is niet toegankelijk" Scan 3 "";"C:\WINDOWS\system32\services.exe (1048)";"Trojaans paard PSW.Agent.AUES";"" "";"C:\WINDOWS\system32\services.exe (1048):\memory_00db0000";"Trojaans paard PSW.Agent.AUES";"Object is niet toegankelijk" AVG geeft steeds aan de bovenste van de twee infecties hersteld/verwijderd te hebben, maar bij de onderste lukt dit niet. Deze kan ik wel met behulp van mijn rechter muisknop verplaatsen naar quarantaine. Echter, bij een nieuwe scan duikt er weer een nieuwe paar op. Wat te doen? Ik heb alvast een logje gemaakt: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:51:56, on 5-4-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: PC Tools Browser Defender - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: PC Tools Browser Defender - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sigrid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_nl;_rv:1.9.2.12)_Gecko/20101026_Firefox/3.6.12" -"http://www.neopets.com/games/dgs/play_shockwave.phtml?va=&game_id=349&nc_referer=&age=1&hiscore=291625&sp=0&questionSet=&r=4613099&&width=600&height=440&quality=high" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe -- End of file - 7343 bytes Ik hoop dat iemand bij kan helpen. Alvast bedankt!