Trojan niet te verwijderen: pws.agent.aues

[Sieg]

Hallo allemaal,

Sinds het afgelopen weekend geeft AVG aan dat ik een Trojan op mijn pc heb. AVG kan het zelf niet verwijderen en mij lukt het ook niet met andere virusscanners (avast!, spyware doctor), die soms het virus niet eens kunnen vinden. Bij iedere scan door AVG, worden steevast twee (aan elkaar gerelateerde?) infecties gevonden. De bestandnamen van deze infecties variëren steeds licht. Hieronder een aantal voorbeelden van 3 aparte scans:

Scan 1

"";"C:\WINDOWS\system32\services.exe (2028)";"Trojaans paard PSW.Agent.AUES";""

"";"C:\WINDOWS\system32\services.exe (2028):\memory_006f0000";"Trojaans paard PSW.Agent.AUES";"Object is niet toegankelijk"

Scan 2

"";"C:\WINDOWS\system32\services.exe (1076)";"Trojaans paard PSW.Agent.AUES";""

"";"C:\WINDOWS\system32\services.exe (1076):\memory_00e20000";"Trojaans paard PSW.Agent.AUES";"Object is niet toegankelijk"

Scan 3

"";"C:\WINDOWS\system32\services.exe (1048)";"Trojaans paard PSW.Agent.AUES";""

"";"C:\WINDOWS\system32\services.exe (1048):\memory_00db0000";"Trojaans paard PSW.Agent.AUES";"Object is niet toegankelijk"

AVG geeft steeds aan de bovenste van de twee infecties hersteld/verwijderd te hebben, maar bij de onderste lukt dit niet. Deze kan ik wel met behulp van mijn rechter muisknop verplaatsen naar quarantaine. Echter, bij een nieuwe scan duikt er weer een nieuwe paar op. Wat te doen?

Ik heb alvast een logje gemaakt:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:51:56, on 5-4-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe

C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: PC Tools Browser Defender - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: PC Tools Browser Defender - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sigrid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_nl;_rv:1.9.2.12)_Gecko/20101026_Firefox/3.6.12" -"http://www.neopets.com/games/dgs/play_shockwave.phtml?va=&game_id=349&nc_referer=&age=1&hiscore=291625&sp=0&questionSet=&r=4613099&&width=600&height=440&quality=high"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--

End of file - 7343 bytes

Ik hoop dat iemand bij kan helpen. Alvast bedankt!

5 april 2012 aangepast door Sieg
typfouten

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_nl;_rv:1.9.2.12)_Gecko/20101026_Firef ox/3.6.12" -"http://www.neopets.com/games/dgs/play_shockwave.phtml?va=&game_id=349&nc_refer er=&age=1&hiscore=291625&sp=0&questionSet=&r=4613099&&w idth=600&height=440&quality=high"

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

[Sieg]

Bedankt voor de reactie! Morgenochtend ga ik ermee aan de slag.

Is het noodzakelijk om AVG (tijdelijk) uit te schakelen wanneer ik scan met MBAM?

[kape]

Neen, moet niet uitgeschakeld worden !

[Sieg]

MBAM vindt niks, heb dan ook de computer niet opnieuw opgestart. AVG vindt de Trojan echter nog steeds. Hieronder de logjes.

Malwarebytes Anti-Malware 1.60.1.1000

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: v2012.04.06.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Sigrid :: D55TMB2J [administrator]

6-4-2012 10:55:21

mbam-log-2012-04-06 (10-55-21).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 222092

Verstreken tijd: 7 minuut/minuten, 31 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:13:30, on 6-4-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sigrid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--

End of file - 5746 bytes

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[Sieg]

Bij het heropstarten gaf AVG melding van een bedreiging: C:\COMBOFIX\REGT.3XE.

Verplaatsen naar quarantaine of negeren?

Ook is er plotseling een extra IE-icoon op mijn bureaublad verschenen, naast de snelkoppeling die ik al had.

Hieronder de log van combofix:

ComboFix 12-04-06.02 - Sigrid 06-04-2012 11:55:37.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.581 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Sigrid\Bureaublad\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll

c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini

c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP

c:\documents and settings\Sigrid\WINDOWS

c:\program files\mbam--setup-1.60.1.1000.exe

c:\windows\IsUn0413.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_xcpip

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-03-06 to 2012-04-06 ))))))))))))))))))))))))))))))

.

.

2012-04-06 08:54 . 2012-04-06 08:54 -------- d-----w- c:\documents and settings\Sigrid\Application Data\Malwarebytes

2012-04-06 08:53 . 2012-04-06 08:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-04-06 08:51 . 2012-04-06 08:51 -------- d-----w- c:\program files\backups

2012-04-05 13:46 . 2012-04-06 09:13 -------- d--h--r- c:\documents and settings\Sigrid\Onlangs geopend

2012-04-05 12:50 . 2012-04-05 12:50 388608 ----a-w- c:\program files\HijackThis.exe

2012-04-05 10:42 . 2012-02-24 08:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-04-05 10:42 . 2012-04-05 15:16 -------- d-----w- c:\program files\Common Files\PC Tools

2012-04-05 10:42 . 2012-04-05 12:42 -------- d-----w- c:\program files\PC Tools

2012-04-05 10:39 . 2012-04-05 10:39 -------- d-----w- c:\documents and settings\Sigrid\Application Data\TestApp

2012-04-05 10:39 . 2012-04-05 10:39 3834832 ----a-w- c:\program files\sdsetup.exe

2012-04-02 21:42 . 2012-04-02 21:44 74761776 ----a-w- c:\program files\avast_free_antivirus_setup.exe

2012-04-01 18:44 . 2012-04-01 18:44 -------- d-sh--w- c:\documents and settings\Sigrid\IECompatCache

2012-03-21 16:13 . 2012-03-21 16:13 -------- d-sh--w- c:\documents and settings\Sigrid\PrivacIE

2012-03-18 11:03 . 2012-03-18 11:03 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-18 11:03 . 2012-03-18 11:03 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-03-18 10:58 . 2012-03-18 10:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-03-18 10:58 . 2012-03-18 10:58 -------- d-sh--w- c:\documents and settings\Sigrid\IETldCache

2012-03-17 23:05 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll

2012-03-17 23:03 . 2011-12-17 19:42 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2012-03-17 23:03 . 2011-12-17 19:42 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2012-03-17 23:03 . 2011-12-17 19:42 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2012-03-17 23:01 . 2012-03-17 23:03 -------- dc-h--w- c:\windows\ie8

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-03 09:57 . 2005-09-02 01:05 1860224 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:07 . 2012-02-17 11:16 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2005-09-02 01:23 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2009-05-15 22:35 . 2011-02-22 14:03 3439918 ----a-w- c:\program files\CEP_Setup.exe

2009-01-13 16:39 . 2009-01-13 16:39 1851544 -c--a-w- c:\program files\install_flash_player2.exe

2009-01-11 08:15 . 2009-01-11 08:15 8146816 -c--a-w- c:\program files\Firefox Setup 3.0.5.exe

2008-05-01 16:58 . 2008-05-01 16:57 4585912 -c--a-w- c:\program files\Shockwave_Installer_Slim.exe

2008-04-03 17:57 . 2008-04-03 17:53 59782440 -c--a-w- c:\program files\iTunesSetup.exe

2007-12-14 10:37 . 2007-12-14 09:56 205471728 -c--a-w- c:\program files\SPSS16.0EvalVersion-a.exe

2007-09-17 14:53 . 2007-09-17 14:52 17874288 -c--a-w- c:\program files\Install_Messenger.exe

2007-09-03 13:48 . 2007-09-03 13:48 1164456 -c--a-w- c:\program files\install_flash_player.exe

2007-01-13 16:37 . 2007-09-09 11:07 9453630 -c--a-w- c:\program files\vlc-0.8.6a-win32.exe

2006-08-06 09:51 . 2007-09-09 11:07 1102865 -c--a-w- c:\program files\wrar350nl.exe

2012-03-18 11:03 . 2011-06-02 11:56 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Sigrid^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Sigrid^Menu Start^Programma's^Opstarten^PNotes.lnk]

path=c:\documents and settings\Sigrid\Menu Start\Programma's\Opstarten\PNotes.lnk

backup=c:\windows\pss\PNotes.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atwtusb]

atwtusb.exe beta [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JWOSetup]

JWOSetup.exe -en [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2005-08-05 20:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-10-14 19:46 77824 -c--a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-10-14 19:50 114688 -c--a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-10-14 19:49 94208 -c--a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-06-10 09:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-06-10 09:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 13:57 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2005-03-22 22:20 339968 -c--a-w- c:\windows\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMKRun]

2007-01-08 02:47 118784 -c--a-w- c:\program files\JustWrite Office\ScreenMark.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13-9-2010 16:27 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7-9-2010 4:48 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8-12-2010 5:12 248656]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12-11-2010 14:19 297168]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-2-2010 20:25 12872]

R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [10-5-2010 20:41 67656]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31-1-2012 16:02 7391072]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8-2-2011 5:33 269520]

R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11-5-2009 17:36 3032360]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3-8-2010 16:23 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [3-8-2010 16:23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [3-8-2010 16:23 27216]

R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [25-9-2007 20:21 22272]

S3 g71wf8dok.sys;g71wf8dok.sys;\??\c:\windows\system32\drivers\g71wf8dok.sys --> c:\windows\system32\drivers\g71wf8dok.sys [?]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11-5-2009 17:36 15144]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - xcpip

.

Inhoud van de 'Gedeelde Taken' map

.

2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-32751472-543435213-70509280-1005Core.job

- c:\documents and settings\Sigrid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-14 18:46]

.

2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-32751472-543435213-70509280-1005UA.job

- c:\documents and settings\Sigrid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-14 18:46]

.

.

------- Bijkomende Scan -------

.

uStart Page = Google

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\jj468ws4.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Veoh Web Player Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-04-06 12:04

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(828)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

- - - - - - - > 'explorer.exe'(1284)

c:\windows\system32\webcheck.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\progra~1\AVG\AVG10\avgchsvx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\WTablet\Pen_TabletUser.exe

c:\program files\AVG\AVG10\avgnsx.exe

c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

c:\progra~1\AVG\AVG10\avgrsx.exe

c:\program files\AVG\AVG10\avgcsrvx.exe

.

**************************************************************************

.

Voltooingstijd: 2012-04-06 12:09:23 - machine werd herstart

ComboFix-quarantined-files.txt 2012-04-06 10:09

.

Pre-Run: 188.848.910.336 bytes beschikbaar

Post-Run: 188.846.911.488 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 2271565EB3739729E98C70D17D66D07A

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\g71wf8dok.sys

Driver::

g71wf8dok.sys

Firefox::

FF - ProfilePath - c:\documents and settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\jj468ws4.default\

FF - prefs.js: browser.search.defaulturl -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Download en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

[Sieg]

ComboFix 12-04-06.02 - Sigrid 08-04-2012 0:24.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.402 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Sigrid\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Sigrid\Bureaublad\CFScript.txt

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Nieuw herstelpunt werd aangemaakt

.

FILE ::

"c:\windows\system32\drivers\g71wf8dok.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_G71WF8DOK.SYS

-------\Service_g71wf8dok.sys

-------\Service_xcpip

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-03-07 to 2012-04-07 ))))))))))))))))))))))))))))))

.

.

2012-04-06 08:54 . 2012-04-06 08:54 -------- d-----w- c:\documents and settings\Sigrid\Application Data\Malwarebytes

2012-04-06 08:53 . 2012-04-06 08:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-04-06 08:51 . 2012-04-06 08:51 -------- d-----w- c:\program files\backups

2012-04-05 13:46 . 2012-04-07 22:20 -------- d--h--r- c:\documents and settings\Sigrid\Onlangs geopend

2012-04-05 12:50 . 2012-04-05 12:50 388608 ----a-w- c:\program files\HijackThis.exe

2012-04-05 10:42 . 2012-02-24 08:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-04-05 10:42 . 2012-04-05 15:16 -------- d-----w- c:\program files\Common Files\PC Tools

2012-04-05 10:42 . 2012-04-05 12:42 -------- d-----w- c:\program files\PC Tools

2012-04-05 10:39 . 2012-04-05 10:39 -------- d-----w- c:\documents and settings\Sigrid\Application Data\TestApp

2012-04-05 10:39 . 2012-04-05 10:39 3834832 ----a-w- c:\program files\sdsetup.exe

2012-04-02 21:42 . 2012-04-02 21:44 74761776 ----a-w- c:\program files\avast_free_antivirus_setup.exe

2012-04-01 18:44 . 2012-04-01 18:44 -------- d-sh--w- c:\documents and settings\Sigrid\IECompatCache

2012-03-21 16:13 . 2012-03-21 16:13 -------- d-sh--w- c:\documents and settings\Sigrid\PrivacIE

2012-03-18 11:03 . 2012-03-18 11:03 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-18 11:03 . 2012-03-18 11:03 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-03-18 10:58 . 2012-03-18 10:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-03-18 10:58 . 2012-03-18 10:58 -------- d-sh--w- c:\documents and settings\Sigrid\IETldCache

2012-03-17 23:05 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll

2012-03-17 23:03 . 2011-12-17 19:42 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2012-03-17 23:03 . 2011-12-17 19:42 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2012-03-17 23:03 . 2011-12-17 19:42 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2012-03-17 23:01 . 2012-03-17 23:03 -------- dc-h--w- c:\windows\ie8

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-03 09:57 . 2005-09-02 01:05 1860224 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:07 . 2012-02-17 11:16 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2005-09-02 01:23 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2009-05-15 22:35 . 2011-02-22 14:03 3439918 ----a-w- c:\program files\CEP_Setup.exe

2009-01-13 16:39 . 2009-01-13 16:39 1851544 -c--a-w- c:\program files\install_flash_player2.exe

2009-01-11 08:15 . 2009-01-11 08:15 8146816 -c--a-w- c:\program files\Firefox Setup 3.0.5.exe

2008-05-01 16:58 . 2008-05-01 16:57 4585912 -c--a-w- c:\program files\Shockwave_Installer_Slim.exe

2008-04-03 17:57 . 2008-04-03 17:53 59782440 -c--a-w- c:\program files\iTunesSetup.exe

2007-12-14 10:37 . 2007-12-14 09:56 205471728 -c--a-w- c:\program files\SPSS16.0EvalVersion-a.exe

2007-09-17 14:53 . 2007-09-17 14:52 17874288 -c--a-w- c:\program files\Install_Messenger.exe

2007-09-03 13:48 . 2007-09-03 13:48 1164456 -c--a-w- c:\program files\install_flash_player.exe

2007-01-13 16:37 . 2007-09-09 11:07 9453630 -c--a-w- c:\program files\vlc-0.8.6a-win32.exe

2006-08-06 09:51 . 2007-09-09 11:07 1102865 -c--a-w- c:\program files\wrar350nl.exe

2012-03-18 11:03 . 2011-06-02 11:56 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-06_10.04.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2001-09-06 20:27 . 2004-09-02 11:00 14336 c:\windows\system32\wowfaxui.dll

+ 1999-11-25 00:40 . 1999-11-25 00:40 40960 c:\windows\system32\VBAME.DLL

+ 2001-09-06 20:27 . 2004-09-02 11:00 49211 c:\windows\system32\usrvpa.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 45116 c:\windows\system32\usrvoica.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 49209 c:\windows\system32\usrv80a.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 41019 c:\windows\system32\usrsvpia.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 69700 c:\windows\system32\usrshuta.exe

+ 2001-09-06 20:27 . 2004-09-02 11:00 49211 c:\windows\system32\usrsdpia.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 77883 c:\windows\system32\usrrtosa.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 61508 c:\windows\system32\usrprbda.exe

+ 2001-09-06 20:27 . 2004-09-02 11:00 77891 c:\windows\system32\usrmlnka.exe

+ 2001-09-06 20:27 . 2004-09-02 11:00 53305 c:\windows\system32\usrlbva.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 86073 c:\windows\system32\usrfaxa.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 77890 c:\windows\system32\usrdpa.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 69699 c:\windows\system32\usrcoina.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 61500 c:\windows\system32\usrcntra.dll

+ 2003-02-21 04:16 . 2003-02-21 04:16 49152 c:\windows\system32\URTTemp\regtlib.exe

+ 2001-09-06 20:27 . 2004-09-02 11:00 72192 c:\windows\system32\sprio800.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 70656 c:\windows\system32\sprio600.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 69632 c:\windows\system32\spnike.dll

+ 1998-03-25 03:54 . 1998-03-25 03:54 15872 c:\windows\system32\SCP32.DLL

+ 2002-06-26 17:40 . 2002-06-26 17:40 76288 c:\windows\system32\Pubole32.dll

+ 2002-05-30 16:56 . 2002-05-30 16:56 37888 c:\windows\system32\ochlp30e.dll

+ 2002-01-05 02:38 . 2002-01-05 02:38 54784 c:\windows\system32\msvci70.dll

+ 1998-08-09 17:07 . 1998-08-09 17:07 94208 c:\windows\system32\MSSTKPRP.DLL

+ 2002-06-20 03:19 . 2002-06-20 03:19 91136 c:\windows\system32\msls2.dll

+ 1998-12-14 16:33 . 1998-12-14 16:33 57344 c:\windows\system32\MFC42NLD.DLL

+ 1999-05-23 22:25 . 1999-05-23 22:25 38672 c:\windows\system32\MAPISRVR.EXE

+ 2002-06-07 03:02 . 2002-06-07 03:02 59392 c:\windows\system32\lfwmf11n.dll

+ 2002-06-07 03:02 . 2002-06-07 03:02 27648 c:\windows\system32\lftga11n.dll

+ 2002-06-07 03:02 . 2002-06-07 03:02 56320 c:\windows\system32\lfpsd11n.dll

+ 2002-06-07 03:02 . 2002-06-07 03:02 33280 c:\windows\system32\lfpcx11n.dll

+ 2002-06-07 03:02 . 2002-06-07 03:02 26112 c:\windows\system32\lfpcd11n.dll

+ 2002-06-07 03:02 . 2002-06-07 03:02 41472 c:\windows\system32\lfgif11n.dll

+ 2002-06-07 03:02 . 2002-06-07 03:02 81408 c:\windows\system32\lffax11n.dll

+ 2002-06-07 03:02 . 2002-06-07 03:02 31232 c:\windows\system32\lfeps11n.dll

+ 2002-06-07 03:02 . 2002-06-07 03:02 36864 c:\windows\system32\lfbmp11n.dll

+ 1999-09-01 11:04 . 1999-09-01 11:04 49152 c:\windows\system32\inetwh32.dll

+ 2002-07-12 16:41 . 2002-07-12 16:41 31744 c:\windows\system32\hlp95en.dll

+ 2001-03-27 08:57 . 2001-03-27 08:57 29968 c:\windows\system32\FM20NLD.DLL

+ 2001-09-06 20:27 . 2004-09-02 11:00 58368 c:\windows\system32\dvdplay.exe

+ 2001-08-17 21:02 . 2004-09-02 11:00 58112 c:\windows\system32\drivers\vdmindvd.sys

+ 2001-08-17 21:03 . 2008-04-13 18:45 25728 c:\windows\system32\drivers\usbcamd2.sys

+ 2001-08-17 21:03 . 2008-04-13 18:45 25600 c:\windows\system32\drivers\usbcamd.sys

+ 2001-08-17 21:06 . 2004-09-02 11:00 21376 c:\windows\system32\drivers\tsbvcap.sys

+ 2001-08-17 21:01 . 2004-09-02 11:00 51712 c:\windows\system32\drivers\tosdvd.sys

+ 2001-08-17 20:24 . 2004-09-02 11:00 12032 c:\windows\system32\drivers\riodrv.sys

+ 2001-08-17 20:24 . 2004-09-02 11:00 12032 c:\windows\system32\drivers\rio8drv.sys

+ 2001-08-17 20:24 . 2004-09-02 11:00 12032 c:\windows\system32\drivers\nikedrv.sys

+ 2001-09-06 17:20 . 2008-04-14 16:38 37760 c:\windows\system32\drivers\isapnp.sys

+ 2001-09-06 19:24 . 2004-09-02 11:00 12288 c:\windows\system32\drivers\fsvga.sys

+ 2001-08-17 20:24 . 2004-09-02 11:00 11776 c:\windows\system32\drivers\cpqdap01.sys

+ 2001-08-17 20:52 . 2004-09-02 11:00 18688 c:\windows\system32\drivers\cdaudio.sys

+ 2001-08-17 20:52 . 2001-08-17 20:52 13952 c:\windows\system32\drivers\cbidf2k.sys

+ 2001-09-06 17:17 . 2004-09-02 11:00 12032 c:\windows\system32\drivers\acpiec.sys

+ 2001-09-06 20:27 . 2004-09-02 11:00 14336 c:\windows\system32\dllcache\wowfaxui.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 49211 c:\windows\system32\dllcache\usrvpa.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 45116 c:\windows\system32\dllcache\usrvoica.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 49209 c:\windows\system32\dllcache\usrv80a.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 41019 c:\windows\system32\dllcache\usrsvpia.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 69700 c:\windows\system32\dllcache\usrshuta.exe

+ 2001-09-06 20:27 . 2004-09-02 11:00 49211 c:\windows\system32\dllcache\usrsdpia.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 77883 c:\windows\system32\dllcache\usrrtosa.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 61508 c:\windows\system32\dllcache\usrprbda.exe

+ 2001-09-06 20:27 . 2004-09-02 11:00 77891 c:\windows\system32\dllcache\usrmlnka.exe

+ 2001-09-06 20:27 . 2004-09-02 11:00 53305 c:\windows\system32\dllcache\usrlbva.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 86073 c:\windows\system32\dllcache\usrfaxa.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 77890 c:\windows\system32\dllcache\usrdpa.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 69699 c:\windows\system32\dllcache\usrcoina.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 61500 c:\windows\system32\dllcache\usrcntra.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 72192 c:\windows\system32\dllcache\sprio800.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 70656 c:\windows\system32\dllcache\sprio600.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 69632 c:\windows\system32\dllcache\spnike.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 58368 c:\windows\system32\dllcache\dvdplay.exe

+ 2001-01-22 01:25 . 2001-01-22 01:25 32768 c:\windows\system32\ATHPRXY.DLL

+ 2003-02-21 06:26 . 2003-02-21 06:26 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll

+ 2003-02-21 06:26 . 2003-02-21 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll

+ 2003-02-20 18:09 . 2003-02-20 18:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1336\_mscorsn.dll

+ 2003-02-21 06:25 . 2003-02-21 06:25 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe

+ 2003-02-21 06:25 . 2003-02-21 06:25 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe

+ 2003-04-07 18:23 . 2003-04-07 18:23 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\System.ServiceProcess.resources.dll

+ 2003-04-07 18:22 . 2003-04-07 18:22 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\System.Runtime.Remoting.resources.dll

+ 2003-04-07 18:24 . 2003-04-07 18:24 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\system.resources.dll

+ 2003-04-07 18:24 . 2003-04-07 18:24 15360 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\System.Management.resources.dll

+ 2003-04-07 18:23 . 2003-04-07 18:23 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\ConfigWizards.resources.dll

+ 2003-04-07 18:23 . 2003-04-07 18:23 36864 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\caspol.resources.dll

+ 2003-04-07 18:06 . 2003-04-07 18:06 45056 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\aspnet_rc.dll

+ 2003-02-20 18:09 . 2003-02-20 18:09 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe

+ 2003-04-07 18:07 . 2003-04-07 18:07 23552 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0413\mscorsecr.dll

+ 2003-02-20 17:43 . 2003-02-20 17:43 22528 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll

+ 2003-02-20 18:18 . 2003-02-20 18:18 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll

+ 2003-02-20 18:06 . 2003-02-20 18:06 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll

+ 2003-02-21 06:25 . 2003-02-21 06:25 11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2003-02-21 06:24 . 2003-02-21 06:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll

+ 2003-02-21 06:24 . 2003-02-21 06:24 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll

+ 2003-02-21 06:24 . 2003-02-21 06:24 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe

+ 2003-02-21 06:24 . 2003-02-21 06:24 26112 c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll

+ 2003-02-20 18:22 . 2003-02-20 18:22 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll

+ 2003-02-21 06:24 . 2003-02-21 06:24 15872 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe

+ 2003-02-21 03:12 . 2003-02-21 03:12 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe

+ 2003-02-21 06:24 . 2003-02-21 06:24 33792 c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll

+ 2003-02-21 06:24 . 2003-02-21 06:24 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll

+ 2003-02-21 06:24 . 2003-02-21 06:24 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe

+ 2003-02-21 06:24 . 2003-02-21 06:24 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe

+ 2003-02-20 18:19 . 2003-02-20 18:19 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll

+ 2003-02-21 04:00 . 2003-02-21 04:00 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll

+ 2003-04-07 18:07 . 2003-04-07 18:07 19456 c:\windows\Microsoft.NET\Framework\v1.1.4322\1043\alinkui.dll

+ 2003-02-21 02:55 . 2003-02-21 02:55 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll

+ 2003-02-21 01:59 . 2003-02-21 01:59 16896 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll

+ 2002-07-25 17:13 . 2002-07-25 17:13 24576 c:\windows\Downloaded Program Files\dwusplay.dll

+ 2001-09-06 20:26 . 2004-09-02 11:00 3200 c:\windows\system32\wowfax.dll

+ 2001-09-06 20:27 . 2009-11-27 16:10 8704 c:\windows\system32\tsbyuv.dll

+ 2001-09-06 20:27 . 2001-09-06 20:27 8192 c:\windows\system32\streamci.dll

+ 2003-04-07 18:07 . 2003-04-07 18:07 4096 c:\windows\system32\mui\0413\mscoreer.dll

+ 2003-02-20 17:43 . 2003-02-20 17:43 4096 c:\windows\system32\mui\0409\mscoreer.dll

+ 1999-03-25 17:30 . 1999-03-25 17:30 8192 c:\windows\system32\MSPRPNL.DLL

+ 2002-06-26 12:22 . 2002-06-26 12:22 5632 c:\windows\system32\mfcuia32.dll

+ 2001-08-17 21:03 . 2004-09-02 11:00 4736 c:\windows\system32\drivers\usbd.sys

+ 2001-09-06 19:14 . 2001-09-06 19:14 3328 c:\windows\system32\drivers\pciide.sys

+ 2001-08-17 20:57 . 2004-09-02 11:00 3456 c:\windows\system32\drivers\oprghdlr.sys

+ 2001-09-06 20:26 . 2004-09-02 11:00 3200 c:\windows\system32\dllcache\wowfax.dll

+ 2001-09-06 20:27 . 2009-11-27 16:10 8704 c:\windows\system32\dllcache\tsbyuv.dll

+ 2001-09-06 20:27 . 2001-09-06 20:27 8192 c:\windows\system32\dllcache\streamci.dll

+ 2001-09-06 19:14 . 2001-09-06 19:14 3328 c:\windows\system32\dllcache\pciide.sys

+ 2003-04-07 18:20 . 2003-04-07 18:20 9728 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\RegCode.resources.dll

+ 2003-04-07 18:23 . 2003-04-07 18:23 9728 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\Regasm.Resources.dll

+ 2003-04-07 18:23 . 2003-04-07 18:23 8192 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\JSC.resources.dll

+ 2003-04-07 18:23 . 2003-04-07 18:23 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\InstallUtil.resources.dll

+ 2003-02-20 18:09 . 2003-02-20 18:09 9216 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll

+ 2003-02-21 06:25 . 2003-02-21 06:25 6656 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll

+ 2003-02-21 06:25 . 2003-02-21 06:25 6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll

+ 2003-02-21 06:24 . 2003-02-21 06:24 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll

+ 2003-02-21 06:24 . 2003-02-21 06:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe

+ 2003-02-21 06:24 . 2003-02-21 06:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll

+ 2002-06-27 11:45 . 2002-06-27 11:45 5120 c:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll

+ 2002-05-14 08:42 . 2002-05-14 08:42 5632 c:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll

+ 2002-05-14 08:42 . 2002-05-14 08:42 5120 c:\windows\Microsoft.NET\Framework\sbs_iehost.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 102457 c:\windows\system32\usrv42a.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 323641 c:\windows\system32\usrdtea.dll

+ 2000-03-13 15:55 . 2000-03-13 15:55 317952 c:\windows\system32\ROBOEX32.DLL

+ 2000-04-03 15:52 . 2000-04-03 15:52 151552 c:\windows\system32\RDOCURS.DLL

+ 2002-06-07 03:02 . 2002-06-07 03:02 212480 c:\windows\system32\PCDLIB32.DLL

+ 2001-09-06 20:27 . 2004-09-02 11:00 157696 c:\windows\system32\paqsp.dll

+ 2003-02-21 03:42 . 2003-02-21 03:42 348160 c:\windows\system32\msvcr71.dll

+ 2002-01-05 02:37 . 2002-01-05 05:37 344064 c:\windows\system32\msvcr70.dll

+ 2003-03-18 19:14 . 2003-03-18 19:14 499712 c:\windows\system32\msvcp71.dll

+ 2002-01-05 02:40 . 2002-01-05 02:40 487424 c:\windows\system32\msvcp70.dll

+ 2000-05-24 04:45 . 2000-05-24 04:45 118784 c:\windows\system32\MSSTDFMT.DLL

+ 2000-05-11 11:06 . 2000-05-11 11:06 397312 c:\windows\system32\MSRDO20.DLL

+ 2002-06-26 12:22 . 2002-06-26 12:22 133904 c:\windows\system32\mfcans32.dll

+ 2001-09-06 20:26 . 2004-09-02 11:00 147968 c:\windows\system32\mdwmdmsp.dll

+ 1999-05-23 22:23 . 1999-05-23 22:23 522848 c:\windows\system32\MAPI.DLL

+ 2002-06-07 03:02 . 2002-06-07 03:02 716288 c:\windows\system32\Ltwvc11n.dll

+ 2002-06-07 03:02 . 2002-06-07 03:02 392192 c:\windows\system32\ltkrn11n.dll

+ 2002-06-07 03:02 . 2002-06-07 03:02 127488 c:\windows\system32\ltimg11n.dll

+ 2002-06-07 03:02 . 2002-06-07 03:02 118784 c:\windows\system32\ltfil11n.DLL

+ 2002-06-07 03:02 . 2002-06-07 03:02 262656 c:\windows\system32\LTDIS11n.dll

+ 2002-06-07 03:02 . 2002-06-07 03:02 152064 c:\windows\system32\lftif11n.dll

+ 2002-06-07 03:02 . 2002-06-07 03:02 172032 c:\windows\system32\Lfpng11n.dll

+ 2002-06-07 03:02 . 2002-06-07 03:02 285184 c:\windows\system32\LFCMP11n.DLL

+ 2001-07-13 14:09 . 2001-07-13 14:09 279552 c:\windows\system32\itiimg3.dll

+ 2001-09-06 19:24 . 2001-09-06 19:24 125696 c:\windows\system32\drivers\ftdisk.sys

+ 2001-09-06 17:59 . 2004-09-02 11:00 262528 c:\windows\system32\drivers\cinemst2.sys

+ 2001-09-06 20:27 . 2004-09-02 11:00 102457 c:\windows\system32\dllcache\usrv42a.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 323641 c:\windows\system32\dllcache\usrdtea.dll

+ 2001-09-06 20:27 . 2004-09-02 11:00 157696 c:\windows\system32\dllcache\paqsp.dll

+ 2001-09-06 20:26 . 2004-09-02 11:00 147968 c:\windows\system32\dllcache\mdwmdmsp.dll

+ 2003-02-20 18:09 . 2003-02-20 18:09 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll

+ 2003-02-20 18:09 . 2003-02-20 18:09 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll

+ 2003-02-21 03:42 . 2003-02-21 03:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1336\_msvcr71.dll

+ 2003-04-07 18:21 . 2003-04-07 18:21 200704 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\System.Windows.Forms.resources.dll

+ 2003-04-07 18:23 . 2003-04-07 18:23 212992 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\System.Design.resources.dll

+ 2003-04-07 18:06 . 2003-04-07 18:06 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\ShFusRes.dll

+ 2003-04-07 18:06 . 2003-04-07 18:06 172032 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\mscorrc.dll

+ 2003-04-07 18:23 . 2003-04-07 18:23 778240 c:\windows\Microsoft.NET\Framework\v1.1.4322\nl\mscorcfg.resources.dll

+ 2003-02-21 03:42 . 2003-02-21 03:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll

+ 2003-02-20 17:43 . 2003-02-20 17:43 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll

+ 2003-02-20 18:16 . 2003-02-20 18:16 798720 c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll

+ 2003-02-21 09:21 . 2003-02-21 09:21 524288 c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll

+ 2002-07-29 10:11 . 2002-07-29 10:11 219136 c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll

+ 2003-04-07 18:06 . 2003-04-07 18:06 180224 c:\windows\Microsoft.NET\Framework\v1.1.4322\1043\Vsavb7rtUI.dll

+ 2003-04-07 18:07 . 2003-04-07 18:07 151552 c:\windows\Microsoft.NET\Framework\v1.1.4322\1043\vbc7ui.dll

+ 2003-04-07 18:07 . 2003-04-07 18:07 106496 c:\windows\Microsoft.NET\Framework\v1.1.4322\1043\cscompui.dll

+ 2003-02-21 04:04 . 2003-02-21 04:04 155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll

+ 2003-02-21 02:02 . 2003-02-21 02:02 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll

+ 2002-07-25 17:13 . 2002-07-25 17:13 196608 c:\windows\Downloaded Program Files\dwusplay.exe

+ 2003-03-18 20:12 . 2003-03-18 20:12 1047552 c:\windows\system32\mfc71u.dll

+ 2003-03-18 20:20 . 2003-03-18 20:20 1060864 c:\windows\system32\mfc71.dll

+ 1999-10-18 02:01 . 1999-10-18 02:01 1129232 c:\windows\system32\FM20.DLL

+ 2003-02-21 06:25 . 2003-02-21 06:25 1564672 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Sigrid^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Sigrid^Menu Start^Programma's^Opstarten^PNotes.lnk]

path=c:\documents and settings\Sigrid\Menu Start\Programma's\Opstarten\PNotes.lnk

backup=c:\windows\pss\PNotes.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atwtusb]

atwtusb.exe beta [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JWOSetup]

JWOSetup.exe -en [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2005-08-05 20:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-10-14 19:46 77824 -c--a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-10-14 19:50 114688 -c--a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-10-14 19:49 94208 -c--a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-06-10 09:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-06-10 09:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 13:57 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2005-03-22 22:20 339968 -c--a-w- c:\windows\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMKRun]

2007-01-08 02:47 118784 -c--a-w- c:\program files\JustWrite Office\ScreenMark.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13-9-2010 16:27 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7-9-2010 4:48 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8-12-2010 5:12 248656]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12-11-2010 14:19 297168]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-2-2010 20:25 12872]

R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [10-5-2010 20:41 67656]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31-1-2012 16:02 7391072]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8-2-2011 5:33 269520]

R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11-5-2009 17:36 3032360]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3-8-2010 16:23 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [3-8-2010 16:23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [3-8-2010 16:23 27216]

R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [25-9-2007 20:21 22272]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11-5-2009 17:36 15144]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - xcpip

.

Inhoud van de 'Gedeelde Taken' map

.

2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-32751472-543435213-70509280-1005Core.job

- c:\documents and settings\Sigrid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-14 18:46]

.

2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-32751472-543435213-70509280-1005UA.job

- c:\documents and settings\Sigrid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-14 18:46]

.

.

------- Bijkomende Scan -------

.

uStart Page = Google

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\jj468ws4.default\

FF - prefs.js: browser.search.selectedEngine - Veoh Web Player Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-04-08 00:36

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(992)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

- - - - - - - > 'explorer.exe'(2240)

c:\windows\system32\webcheck.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\progra~1\AVG\AVG10\avgchsvx.exe

c:\progra~1\AVG\AVG10\avgrsx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\WTablet\Pen_TabletUser.exe

c:\program files\AVG\AVG10\avgnsx.exe

c:\windows\ehome\mcrdsvc.exe

.

**************************************************************************

.

Voltooingstijd: 2012-04-08 00:39:03 - machine werd herstart

ComboFix-quarantined-files.txt 2012-04-07 22:38

ComboFix2.txt 2012-04-06 10:09

.

Pre-Run: 188.676.829.184 bytes beschikbaar

Post-Run: 188.659.748.864 bytes beschikbaar

.

- - End Of File - - E2A84C8029B7C32D229578440D48D977

10:44:48.0750 1864 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02

10:44:48.0828 1864 ============================================================

10:44:48.0828 1864 Current date / time: 2012/04/08 10:44:48.0828

10:44:48.0828 1864 SystemInfo:

10:44:48.0828 1864

10:44:48.0828 1864 OS Version: 5.1.2600 ServicePack: 3.0

10:44:48.0828 1864 Product type: Workstation

10:44:48.0828 1864 ComputerName: D55TMB2J

10:44:48.0828 1864 UserName: Sigrid

10:44:48.0828 1864 Windows directory: C:\WINDOWS

10:44:48.0828 1864 System windows directory: C:\WINDOWS

10:44:48.0828 1864 Processor architecture: Intel x86

10:44:48.0828 1864 Number of processors: 2

10:44:48.0828 1864 Page size: 0x1000

10:44:48.0828 1864 Boot type: Normal boot

10:44:48.0828 1864 ============================================================

10:44:50.0484 1864 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

10:44:50.0484 1864 \Device\Harddisk0\DR0:

10:44:50.0484 1864 MBR used

10:44:50.0484 1864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1C844A15

10:44:50.0546 1864 Initialize success

10:44:50.0546 1864 ============================================================

10:45:06.0406 2460 ============================================================

10:45:06.0406 2460 Scan started

10:45:06.0406 2460 Mode: Manual;

10:45:06.0406 2460 ============================================================

10:45:06.0640 2460 Abiosdsk - ok

10:45:06.0703 2460 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

10:45:06.0718 2460 abp480n5 - ok

10:45:06.0812 2460 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:45:06.0812 2460 ACPI - ok

10:45:06.0859 2460 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys

10:45:06.0859 2460 ACPIEC - ok

10:45:06.0937 2460 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

10:45:06.0953 2460 Adobe LM Service - ok

10:45:06.0984 2460 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

10:45:06.0984 2460 adpu160m - ok

10:45:07.0015 2460 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:45:07.0015 2460 aec - ok

10:45:07.0078 2460 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

10:45:07.0078 2460 AFD - ok

10:45:07.0125 2460 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

10:45:07.0125 2460 agp440 - ok

10:45:07.0187 2460 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

10:45:07.0187 2460 agpCPQ - ok

10:45:07.0203 2460 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

10:45:07.0203 2460 Aha154x - ok

10:45:07.0218 2460 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

10:45:07.0218 2460 aic78u2 - ok

10:45:07.0234 2460 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

10:45:07.0250 2460 aic78xx - ok

10:45:07.0265 2460 aiptektp (d4944a84245f67094fd4867f2c1b6993) C:\WINDOWS\system32\DRIVERS\aiptektp.sys

10:45:07.0265 2460 aiptektp - ok

10:45:07.0281 2460 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll

10:45:07.0281 2460 Alerter - ok

10:45:07.0312 2460 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe

10:45:07.0312 2460 ALG - ok

10:45:07.0390 2460 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

10:45:07.0390 2460 AliIde - ok

10:45:07.0500 2460 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

10:45:07.0500 2460 alim1541 - ok

10:45:07.0546 2460 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

10:45:07.0562 2460 amdagp - ok

10:45:07.0578 2460 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

10:45:07.0593 2460 amsint - ok

10:45:07.0671 2460 AppMgmt (434a70fa278eb3c42140e3755c2fa4f8) C:\WINDOWS\System32\appmgmts.dll

10:45:07.0671 2460 AppMgmt - ok

10:45:07.0718 2460 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

10:45:07.0734 2460 asc - ok

10:45:07.0734 2460 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

10:45:07.0750 2460 asc3350p - ok

10:45:07.0796 2460 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

10:45:07.0796 2460 asc3550 - ok

10:45:07.0828 2460 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\WINDOWS\system32\ASNDIS5.SYS

10:45:07.0828 2460 ASNDIS5 - ok

10:45:07.0953 2460 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

10:45:07.0984 2460 aspnet_state - ok

10:45:08.0015 2460 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:45:08.0015 2460 AsyncMac - ok

10:45:08.0046 2460 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

10:45:08.0046 2460 atapi - ok

10:45:08.0062 2460 Atdisk - ok

10:45:08.0125 2460 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe

10:45:08.0125 2460 Ati HotKey Poller - ok

10:45:08.0218 2460 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

10:45:08.0218 2460 ati2mtag - ok

10:45:08.0265 2460 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:45:08.0265 2460 Atmarpc - ok

10:45:08.0296 2460 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll

10:45:08.0296 2460 AudioSrv - ok

10:45:08.0406 2460 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:45:08.0406 2460 audstub - ok

10:45:08.0765 2460 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

10:45:08.0828 2460 AVGIDSAgent - ok

10:45:08.0953 2460 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

10:45:08.0953 2460 AVGIDSDriver - ok

10:45:09.0000 2460 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

10:45:09.0000 2460 AVGIDSEH - ok

10:45:09.0031 2460 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

10:45:09.0031 2460 AVGIDSFilter - ok

10:45:09.0093 2460 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

10:45:09.0093 2460 AVGIDSShim - ok

10:45:09.0156 2460 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

10:45:09.0156 2460 Avgldx86 - ok

10:45:09.0171 2460 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

10:45:09.0171 2460 Avgmfx86 - ok

10:45:09.0234 2460 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

10:45:09.0234 2460 Avgrkx86 - ok

10:45:09.0296 2460 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

10:45:09.0296 2460 Avgtdix - ok

10:45:09.0343 2460 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe

10:45:09.0359 2460 avgwd - ok

10:45:09.0359 2460 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:45:09.0375 2460 Beep - ok

10:45:09.0421 2460 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll

10:45:09.0421 2460 BITS - ok

10:45:09.0468 2460 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll

10:45:09.0468 2460 Browser - ok

10:45:09.0468 2460 catchme - ok

10:45:09.0515 2460 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

10:45:09.0515 2460 cbidf - ok

10:45:09.0515 2460 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:45:09.0515 2460 cbidf2k - ok

10:45:09.0546 2460 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

10:45:09.0546 2460 CCDECODE - ok

10:45:09.0578 2460 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

10:45:09.0578 2460 cd20xrnt - ok

10:45:09.0609 2460 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:45:09.0625 2460 Cdaudio - ok

10:45:09.0625 2460 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:45:09.0640 2460 Cdfs - ok

10:45:09.0656 2460 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:45:09.0656 2460 Cdrom - ok

10:45:09.0656 2460 Changer - ok

10:45:09.0703 2460 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe

10:45:09.0703 2460 CiSvc - ok

10:45:09.0781 2460 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe

10:45:09.0781 2460 ClipSrv - ok

10:45:09.0906 2460 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:45:09.0937 2460 clr_optimization_v2.0.50727_32 - ok

10:45:10.0062 2460 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\system32\DRIVERS\cmdide.sys

10:45:10.0062 2460 CmdIde - ok

10:45:10.0078 2460 COMSysApp - ok

10:45:10.0140 2460 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

10:45:10.0140 2460 Cpqarray - ok

10:45:10.0187 2460 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll

10:45:10.0187 2460 CryptSvc - ok

10:45:10.0234 2460 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

10:45:10.0234 2460 dac2w2k - ok

10:45:10.0265 2460 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

10:45:10.0265 2460 dac960nt - ok

10:45:10.0328 2460 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll

10:45:10.0328 2460 DcomLaunch - ok

10:45:10.0375 2460 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll

10:45:10.0390 2460 Dhcp - ok

10:45:10.0437 2460 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:45:10.0453 2460 Disk - ok

10:45:10.0453 2460 dmadmin - ok

10:45:10.0500 2460 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys

10:45:10.0500 2460 dmboot - ok

10:45:10.0562 2460 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys

10:45:10.0562 2460 dmio - ok

10:45:10.0562 2460 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:45:10.0562 2460 dmload - ok

10:45:10.0625 2460 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll

10:45:10.0625 2460 dmserver - ok

10:45:10.0687 2460 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:45:10.0687 2460 DMusic - ok

10:45:10.0750 2460 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll

10:45:10.0750 2460 Dnscache - ok

10:45:10.0796 2460 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll

10:45:10.0796 2460 Dot3svc - ok

10:45:10.0828 2460 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

10:45:10.0843 2460 dpti2o - ok

10:45:10.0859 2460 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:45:10.0859 2460 drmkaud - ok

10:45:10.0937 2460 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys

10:45:10.0937 2460 E100B - ok

10:45:10.0984 2460 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll

10:45:10.0984 2460 EapHost - ok

10:45:11.0015 2460 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll

10:45:11.0015 2460 ERSvc - ok

10:45:11.0109 2460 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe

10:45:11.0109 2460 Eventlog - ok

10:45:11.0187 2460 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll

10:45:11.0187 2460 EventSystem - ok

10:45:11.0250 2460 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:45:11.0250 2460 Fastfat - ok

10:45:11.0312 2460 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

10:45:11.0328 2460 FastUserSwitchingCompatibility - ok

10:45:11.0390 2460 Fax (4914736e61f561dad588af2aaa0df0f0) C:\WINDOWS\system32\fxssvc.exe

10:45:11.0390 2460 Fax - ok

10:45:11.0421 2460 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

10:45:11.0437 2460 Fdc - ok

10:45:11.0468 2460 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys

10:45:11.0484 2460 Fips - ok

10:45:11.0500 2460 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

10:45:11.0500 2460 Flpydisk - ok

10:45:11.0546 2460 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

10:45:11.0546 2460 FltMgr - ok

10:45:11.0718 2460 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

10:45:11.0718 2460 FontCache3.0.0.0 - ok

10:45:11.0750 2460 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:45:11.0765 2460 Fs_Rec - ok

10:45:11.0812 2460 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:45:11.0812 2460 Ftdisk - ok

10:45:11.0843 2460 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:45:11.0843 2460 Gpc - ok

10:45:11.0906 2460 hcwPP2 (ecc2b633b909448c2806ea36ffea1933) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys

10:45:11.0906 2460 hcwPP2 - ok

10:45:11.0984 2460 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

10:45:11.0984 2460 HDAudBus - ok

10:45:12.0093 2460 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

10:45:12.0093 2460 helpsvc - ok

10:45:12.0140 2460 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll

10:45:12.0140 2460 HidServ - ok

10:45:12.0250 2460 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:45:12.0250 2460 HidUsb - ok

10:45:12.0312 2460 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll

10:45:12.0312 2460 hkmsvc - ok

10:45:12.0343 2460 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

10:45:12.0359 2460 hpn - ok

10:45:12.0406 2460 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

10:45:12.0406 2460 HTTP - ok

10:45:12.0453 2460 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll

10:45:12.0453 2460 HTTPFilter - ok

10:45:12.0500 2460 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

10:45:12.0500 2460 i2omgmt - ok

10:45:12.0531 2460 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

10:45:12.0531 2460 i2omp - ok

10:45:12.0562 2460 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

10:45:12.0562 2460 i8042prt - ok

10:45:12.0625 2460 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

10:45:12.0625 2460 ialm - ok

10:45:12.0796 2460 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

10:45:12.0796 2460 IDriverT - ok

10:45:12.0984 2460 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

10:45:12.0984 2460 idsvc - ok

10:45:13.0031 2460 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:45:13.0031 2460 Imapi - ok

10:45:13.0093 2460 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe

10:45:13.0093 2460 ImapiService - ok

10:45:13.0187 2460 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

10:45:13.0187 2460 ini910u - ok

10:45:13.0203 2460 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys

10:45:13.0218 2460 IntelIde - ok

10:45:13.0250 2460 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys

10:45:13.0250 2460 intelppm - ok

10:45:13.0343 2460 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

10:45:13.0343 2460 Ip6Fw - ok

10:45:13.0546 2460 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:45:13.0546 2460 IpFilterDriver - ok

10:45:13.0609 2460 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:45:13.0609 2460 IpInIp - ok

10:45:13.0656 2460 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:45:13.0656 2460 IpNat - ok

10:45:13.0703 2460 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:45:13.0718 2460 IPSec - ok

10:45:13.0765 2460 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:45:13.0765 2460 IRENUM - ok

10:45:13.0812 2460 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:45:13.0812 2460 isapnp - ok

10:45:14.0015 2460 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe

10:45:14.0015 2460 JavaQuickStarterService - ok

10:45:14.0078 2460 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:45:14.0078 2460 Kbdclass - ok

10:45:14.0140 2460 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

10:45:14.0140 2460 kbdhid - ok

10:45:14.0187 2460 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:45:14.0203 2460 kmixer - ok

10:45:14.0234 2460 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

10:45:14.0234 2460 KSecDD - ok

10:45:14.0312 2460 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll

10:45:14.0312 2460 lanmanserver - ok

10:45:14.0375 2460 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll

10:45:14.0390 2460 lanmanworkstation - ok

10:45:14.0390 2460 Lbd - ok

10:45:14.0406 2460 lbrtfdc - ok

10:45:14.0468 2460 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll

10:45:14.0468 2460 LmHosts - ok

10:45:14.0515 2460 McrdSvc (88ec8e7905ec13e51884e00a3f026223) C:\WINDOWS\ehome\mcrdsvc.exe

10:45:14.0515 2460 McrdSvc - ok

10:45:14.0578 2460 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys

10:45:14.0578 2460 MDC8021X - ok

10:45:14.0609 2460 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll

10:45:14.0625 2460 Messenger - ok

10:45:14.0640 2460 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll

10:45:14.0640 2460 MHN - ok

10:45:14.0687 2460 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

10:45:14.0687 2460 MHNDRV - ok

10:45:14.0765 2460 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:45:14.0765 2460 mnmdd - ok

10:45:14.0828 2460 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe

10:45:14.0828 2460 mnmsrvc - ok

10:45:14.0890 2460 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys

10:45:14.0906 2460 Modem - ok

10:45:14.0921 2460 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:45:14.0921 2460 Mouclass - ok

10:45:14.0953 2460 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:45:14.0953 2460 mouhid - ok

10:45:15.0000 2460 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:45:15.0000 2460 MountMgr - ok

10:45:15.0062 2460 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

10:45:15.0078 2460 mraid35x - ok

10:45:15.0093 2460 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:45:15.0093 2460 MRxDAV - ok

10:45:15.0156 2460 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:45:15.0156 2460 MRxSmb - ok

10:45:15.0203 2460 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe

10:45:15.0203 2460 MSDTC - ok

10:45:15.0234 2460 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:45:15.0234 2460 Msfs - ok

10:45:15.0250 2460 MSIServer - ok

10:45:15.0265 2460 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:45:15.0265 2460 MSKSSRV - ok

10:45:15.0281 2460 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:45:15.0281 2460 MSPCLOCK - ok

10:45:15.0296 2460 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:45:15.0296 2460 MSPQM - ok

10:45:15.0343 2460 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:45:15.0343 2460 mssmbios - ok

10:45:15.0375 2460 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

10:45:15.0375 2460 MSTEE - ok

10:45:15.0390 2460 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

10:45:15.0390 2460 Mup - ok

10:45:15.0421 2460 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

10:45:15.0421 2460 NABTSFEC - ok

10:45:15.0453 2460 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll

10:45:15.0468 2460 napagent - ok

10:45:15.0937 2460 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

10:45:15.0953 2460 NBService - ok

10:45:16.0140 2460 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:45:16.0140 2460 NDIS - ok

10:45:16.0187 2460 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

10:45:16.0187 2460 NdisIP - ok

10:45:16.0218 2460 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:45:16.0218 2460 NdisTapi - ok

10:45:16.0281 2460 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:45:16.0281 2460 Ndisuio - ok

10:45:16.0281 2460 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:45:16.0281 2460 NdisWan - ok

10:45:16.0343 2460 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

10:45:16.0359 2460 NDProxy - ok

10:45:16.0359 2460 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:45:16.0375 2460 NetBIOS - ok

10:45:16.0421 2460 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:45:16.0421 2460 NetBT - ok

10:45:16.0468 2460 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe

10:45:16.0468 2460 NetDDE - ok

10:45:16.0468 2460 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe

10:45:16.0468 2460 NetDDEdsdm - ok

10:45:16.0515 2460 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

10:45:16.0515 2460 Netlogon - ok

10:45:16.0578 2460 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll

10:45:16.0578 2460 Netman - ok

10:45:16.0734 2460 NetSvc (9da26b773bd04b867a8e9f427cd048fc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

10:45:16.0734 2460 NetSvc - ok

10:45:16.0875 2460 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:45:16.0875 2460 NetTcpPortSharing - ok

10:45:16.0968 2460 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll

10:45:16.0968 2460 Nla - ok

10:45:17.0078 2460 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

10:45:17.0093 2460 NMIndexingService - ok

10:45:17.0250 2460 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

10:45:17.0250 2460 Npfs - ok

10:45:17.0328 2460 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

10:45:17.0359 2460 Ntfs - ok

10:45:17.0359 2460 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

10:45:17.0359 2460 NtLmSsp - ok

10:45:17.0421 2460 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll

10:45:17.0421 2460 NtmsSvc - ok

10:45:17.0453 2460 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

10:45:17.0453 2460 Null - ok

10:45:17.0562 2460 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

10:45:17.0578 2460 nv - ok

10:45:17.0609 2460 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:45:17.0609 2460 NwlnkFlt - ok

10:45:17.0609 2460 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:45:17.0609 2460 NwlnkFwd - ok

10:45:17.0640 2460 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys

10:45:17.0640 2460 Parport - ok

10:45:17.0671 2460 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

10:45:17.0671 2460 PartMgr - ok

10:45:17.0687 2460 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys

10:45:17.0703 2460 ParVdm - ok

10:45:17.0703 2460 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys

10:45:17.0703 2460 PCI - ok

10:45:17.0718 2460 PCIDump - ok

10:45:17.0718 2460 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys

10:45:17.0734 2460 PCIIde - ok

10:45:17.0765 2460 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys

10:45:17.0765 2460 Pcmcia - ok

10:45:17.0765 2460 PDCOMP - ok

10:45:17.0781 2460 PDFRAME - ok

10:45:17.0796 2460 PDRELI - ok

10:45:17.0796 2460 PDRFRAME - ok

10:45:17.0812 2460 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

10:45:17.0812 2460 perc2 - ok

10:45:17.0843 2460 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

10:45:17.0843 2460 perc2hib - ok

10:45:17.0906 2460 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe

10:45:17.0906 2460 PlugPlay - ok

10:45:17.0937 2460 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

10:45:17.0937 2460 PolicyAgent - ok

10:45:18.0015 2460 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:45:18.0031 2460 PptpMiniport - ok

10:45:18.0031 2460 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

10:45:18.0031 2460 ProtectedStorage - ok

10:45:18.0046 2460 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

10:45:18.0046 2460 PSched - ok

10:45:18.0046 2460 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:45:18.0062 2460 Ptilink - ok

10:45:18.0062 2460 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

10:45:18.0062 2460 PxHelp20 - ok

10:45:18.0093 2460 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

10:45:18.0093 2460 ql1080 - ok

10:45:18.0109 2460 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

10:45:18.0109 2460 Ql10wnt - ok

10:45:18.0125 2460 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

10:45:18.0125 2460 ql12160 - ok

10:45:18.0125 2460 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

10:45:18.0125 2460 ql1240 - ok

10:45:18.0203 2460 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

10:45:18.0218 2460 ql1280 - ok

10:45:18.0437 2460 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys

10:45:18.0437 2460 QV2KUX - ok

10:45:18.0484 2460 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:45:18.0484 2460 RasAcd - ok

10:45:18.0531 2460 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll

10:45:18.0531 2460 RasAuto - ok

10:45:18.0562 2460 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:45:18.0562 2460 Rasl2tp - ok

10:45:18.0625 2460 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll

10:45:18.0625 2460 RasMan - ok

10:45:18.0640 2460 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:45:18.0640 2460 RasPppoe - ok

10:45:18.0687 2460 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

10:45:18.0687 2460 Raspti - ok

10:45:18.0718 2460 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:45:18.0718 2460 Rdbss - ok

10:45:18.0734 2460 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:45:18.0734 2460 RDPCDD - ok

10:45:18.0765 2460 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

10:45:18.0765 2460 rdpdr - ok

10:45:18.0828 2460 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

10:45:18.0828 2460 RDPWD - ok

10:45:18.0890 2460 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe

10:45:18.0906 2460 RDSessMgr - ok

10:45:18.0953 2460 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys

10:45:18.0953 2460 redbook - ok

10:45:19.0000 2460 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll

10:45:19.0000 2460 RemoteAccess - ok

10:45:19.0031 2460 RemoteRegistry (2fd5b89bf9289c774c5c730dea96cd91) C:\WINDOWS\system32\regsvc.dll

10:45:19.0031 2460 RemoteRegistry - ok

10:45:19.0078 2460 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe

10:45:19.0078 2460 RpcLocator - ok

10:45:19.0187 2460 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\System32\rpcss.dll

10:45:19.0187 2460 RpcSs - ok

10:45:19.0234 2460 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe

10:45:19.0250 2460 RSVP - ok

10:45:19.0343 2460 RT2500USB (6f6ce24f243458c92b54e0016ad46bd7) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys

10:45:19.0343 2460 RT2500USB - ok

10:45:19.0406 2460 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

10:45:19.0406 2460 SamSs - ok

10:45:19.0531 2460 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

10:45:19.0531 2460 SASDIFSV - ok

10:45:19.0546 2460 SAS***IL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS

10:45:19.0546 2460 SAS***IL - ok

10:45:19.0578 2460 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe

10:45:19.0593 2460 SCardSvr - ok

10:45:19.0640 2460 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll

10:45:19.0640 2460 Schedule - ok

10:45:19.0687 2460 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:45:19.0687 2460 Secdrv - ok

10:45:19.0703 2460 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll

10:45:19.0718 2460 seclogon - ok

10:45:19.0750 2460 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll

10:45:19.0750 2460 SENS - ok

10:45:19.0796 2460 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

10:45:19.0796 2460 serenum - ok

10:45:19.0843 2460 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys

10:45:19.0843 2460 Serial - ok

10:45:19.0875 2460 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

10:45:19.0875 2460 Sfloppy - ok

10:45:19.0937 2460 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll

10:45:19.0953 2460 SharedAccess - ok

10:45:20.0000 2460 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

10:45:20.0015 2460 ShellHWDetection - ok

10:45:20.0078 2460 Simbad - ok

10:45:20.0109 2460 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

10:45:20.0109 2460 sisagp - ok

10:45:20.0140 2460 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

10:45:20.0140 2460 SLIP - ok

10:45:20.0171 2460 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

10:45:20.0171 2460 Sparrow - ok

10:45:20.0218 2460 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

10:45:20.0218 2460 splitter - ok

10:45:20.0265 2460 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

10:45:20.0265 2460 Spooler - ok

10:45:20.0312 2460 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys

10:45:20.0312 2460 sr - ok

10:45:20.0343 2460 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll

10:45:20.0343 2460 srservice - ok

10:45:20.0390 2460 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

10:45:20.0406 2460 Srv - ok

10:45:20.0468 2460 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll

10:45:20.0468 2460 SSDPSRV - ok

10:45:20.0640 2460 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys

10:45:20.0640 2460 STHDA - ok

10:45:20.0812 2460 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll

10:45:20.0812 2460 stisvc - ok

10:45:20.0906 2460 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

10:45:20.0906 2460 streamip - ok

10:45:20.0937 2460 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

10:45:20.0937 2460 swenum - ok

10:45:20.0984 2460 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

10:45:21.0000 2460 swmidi - ok

10:45:21.0000 2460 SwPrv - ok

10:45:21.0046 2460 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

10:45:21.0062 2460 symc810 - ok

10:45:21.0093 2460 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

10:45:21.0093 2460 symc8xx - ok

10:45:21.0109 2460 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

10:45:21.0109 2460 sym_hi - ok

10:45:21.0109 2460 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

10:45:21.0109 2460 sym_u3 - ok

10:45:21.0156 2460 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

10:45:21.0156 2460 sysaudio - ok

10:45:21.0203 2460 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe

10:45:21.0203 2460 SysmonLog - ok

10:45:21.0328 2460 TabletServicePen (5781d4c12d0d204447f9936d421c1b80) C:\WINDOWS\system32\Pen_Tablet.exe

10:45:21.0343 2460 TabletServicePen - ok

10:45:21.0406 2460 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll

10:45:21.0421 2460 TapiSrv - ok

10:45:21.0484 2460 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:45:21.0484 2460 Tcpip - ok

10:45:21.0531 2460 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

10:45:21.0531 2460 TDPIPE - ok

10:45:21.0593 2460 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

10:45:21.0593 2460 TDTCP - ok

10:45:21.0625 2460 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

10:45:21.0625 2460 TermDD - ok

10:45:21.0703 2460 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll

10:45:21.0703 2460 TermService - ok

10:45:21.0765 2460 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

10:45:21.0765 2460 Themes - ok

10:45:21.0812 2460 TlntSvr (78a2fe13662a119875f10e9ffcb49a8f) C:\WINDOWS\system32\tlntsvr.exe

10:45:21.0812 2460 TlntSvr - ok

10:45:21.0875 2460 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\system32\DRIVERS\toside.sys

10:45:21.0875 2460 TosIde - ok

10:45:21.0890 2460 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll

10:45:21.0890 2460 TrkWks - ok

10:45:21.0953 2460 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

10:45:21.0953 2460 Udfs - ok

10:45:21.0984 2460 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

10:45:21.0984 2460 ultra - ok

10:45:22.0046 2460 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe

10:45:22.0046 2460 UMWdf - ok

10:45:22.0140 2460 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

10:45:22.0156 2460 Update - ok

10:45:22.0312 2460 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll

10:45:22.0312 2460 upnphost - ok

10:45:22.0718 2460 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe

10:45:22.0718 2460 UPS - ok

10:45:23.0656 2460 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:45:23.0656 2460 usbehci - ok

10:45:24.0156 2460 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:45:24.0156 2460 usbhub - ok

10:45:24.0593 2460 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

10:45:24.0593 2460 usbprint - ok

10:45:24.0734 2460 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:45:24.0734 2460 USBSTOR - ok

10:45:24.0765 2460 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:45:24.0765 2460 usbuhci - ok

10:45:24.0828 2460 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

10:45:24.0828 2460 VgaSave - ok

10:45:24.0875 2460 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

10:45:24.0875 2460 viaagp - ok

10:45:24.0890 2460 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

10:45:24.0890 2460 ViaIde - ok

10:45:24.0937 2460 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys

10:45:24.0953 2460 VolSnap - ok

10:45:25.0015 2460 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe

10:45:25.0015 2460 VSS - ok

10:45:25.0062 2460 w32time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll

10:45:25.0078 2460 w32time - ok

10:45:25.0156 2460 wacmoumonitor (85f2115fea646693c195c101e15f5667) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys

10:45:25.0156 2460 wacmoumonitor - ok

10:45:25.0187 2460 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys

10:45:25.0187 2460 wacommousefilter - ok

10:45:25.0250 2460 wacomvhid (a45bc72e1bbf4286a58ef9b894871394) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys

10:45:25.0250 2460 wacomvhid - ok

10:45:25.0265 2460 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys

10:45:25.0265 2460 WacomVKHid - ok

10:45:25.0312 2460 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:45:25.0312 2460 Wanarp - ok

10:45:25.0312 2460 WDICA - ok

10:45:25.0359 2460 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

10:45:25.0359 2460 wdmaud - ok

10:45:25.0421 2460 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll

10:45:25.0437 2460 WebClient - ok

10:45:25.0531 2460 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll

10:45:25.0531 2460 winmgmt - ok

10:45:25.0656 2460 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll

10:45:25.0656 2460 WmdmPmSN - ok

10:45:25.0843 2460 Wmi (93f8eb8c7cd4e325ec92edbfc545103d) C:\WINDOWS\System32\advapi32.dll

10:45:25.0843 2460 Wmi - ok

10:45:25.0968 2460 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe

10:45:25.0968 2460 WmiApSrv - ok

10:45:26.0093 2460 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

10:45:26.0093 2460 WS2IFSL - ok

10:45:26.0156 2460 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll

10:45:26.0156 2460 wscsvc - ok

10:45:26.0203 2460 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

10:45:26.0203 2460 WSTCODEC - ok

10:45:26.0250 2460 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll

10:45:26.0250 2460 wuauserv - ok

10:45:26.0343 2460 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll

10:45:26.0359 2460 WZCSVC - ok

10:45:26.0359 2460 xcpip - ok

10:45:26.0390 2460 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll

10:45:26.0406 2460 xmlprov - ok

10:45:26.0406 2460 xpsec - ok

10:45:26.0437 2460 MBR (0x1B8) (01d0f71795f2cd0dc04f3eac61d62b4f) \Device\Harddisk0\DR0

10:45:26.0437 2460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected

10:45:26.0437 2460 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)

10:45:26.0453 2460 Boot (0x1200) (2e69ab54a9837c332529ca38373478c0) \Device\Harddisk0\DR0\Partition0

10:45:26.0453 2460 \Device\Harddisk0\DR0\Partition0 - ok

10:45:26.0453 2460 ============================================================

10:45:26.0453 2460 Scan finished

10:45:26.0453 2460 ============================================================

10:45:26.0468 3760 Detected object count: 1

10:45:26.0468 3760 Actual detected object count: 1

10:46:16.0343 3760 \Device\Harddisk0\DR0\# - copied to quarantine

10:46:16.0343 3760 \Device\Harddisk0\DR0 - copied to quarantine

10:46:16.0343 3760 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot

10:46:16.0359 3760 \Device\Harddisk0\DR0 - ok

10:46:16.0359 3760 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure

10:46:27.0500 3844 Deinitialize success

[kape]

Sluit de PC af, start opnieuw op en laat dan AVG eens opnieuw scannen. Benieuwd of die nog iets te vertellen heeft ?