Trojan horse PSW.Agent.AUET

VUUR · 15 april 2012

Hallo allemaal,

Ik heb sinds vandaag last van de trojan horse PSW.Agent.AUET. Mijn AVG krijgt hem er niet af. hieronder de log van mijn Pc. Kunnen jullie me helpen?

Groeten

VUUR

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:29:21, on 15-4-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKLM\..\Run: [AlSnqDidGxPete.exe] C:\Documents and Settings\All Users\Application Data\AlSnqDidGxPete.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pillar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--

End of file - 8428 bytes

kape · 16 april 2012

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [AlSnqDidGxPete.exe] C:\Documents and Settings\All Users\Application Data\AlSnqDidGxPete.exe

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

Download

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met het log van TDSS en een nieuw HijackThis log.

VUUR · 16 april 2012

Hallo,

Hieronder kun je de nieuwe log van de TDSSkiller en MBAM vinden. Ik had echter nog een andere vraag: Als mijn computer opnieuw opstart, en ik ga naar start zijn alle programma's weg ook het bureaublad is leeg op een paar programma's na. Alleen de MBAM is te zien. Maar als ik naar mijn computer ga kan ik alle schijven zien. Pas als ik naar mapopties ga en ik zorg ervoor verborgen mappen zichtbaar zijn, zie ik pas al mijn documenten en programma's (de tekens zijn wel doorzichtig). Hoe kan ik ervoor zorgen dat mijn documenten weer gewoon terug komen?

15:34:23.0531 1028 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

15:34:23.0796 1028 ============================================================

15:34:23.0796 1028 Current date / time: 2012/04/16 15:34:23.0796

15:34:23.0796 1028 SystemInfo:

15:34:23.0796 1028

15:34:23.0796 1028 OS Version: 5.1.2600 ServicePack: 3.0

15:34:23.0796 1028 Product type: Workstation

15:34:23.0796 1028 ComputerName: SN100485110321

15:34:23.0796 1028 UserName: Pillar

15:34:23.0796 1028 Windows directory: C:\WINDOWS

15:34:23.0796 1028 System windows directory: C:\WINDOWS

15:34:23.0796 1028 Processor architecture: Intel x86

15:34:23.0796 1028 Number of processors: 2

15:34:23.0796 1028 Page size: 0x1000

15:34:23.0796 1028 Boot type: Safe boot

15:34:23.0796 1028 ============================================================

15:34:30.0015 1028 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

15:34:30.0015 1028 Drive \Device\Harddisk1\DR6 - Size: 0x3C700000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

15:34:30.0015 1028 \Device\Harddisk0\DR0:

15:34:30.0015 1028 MBR used

15:34:30.0015 1028 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41

15:34:30.0015 1028 \Device\Harddisk1\DR6:

15:34:30.0015 1028 MBR used

15:34:30.0015 1028 \Device\Harddisk1\DR6\Partition0: MBR, Type 0x6, StartLBA 0x1B8, BlocksNum 0x1E3648

15:34:30.0531 1028 Initialize success

15:34:30.0531 1028 ============================================================

15:34:40.0156 1324 ============================================================

15:34:40.0156 1324 Scan started

15:34:40.0156 1324 Mode: Manual;

15:34:40.0156 1324 ============================================================

15:34:43.0046 1324 6qmok14n.sys - ok

15:34:43.0531 1324 Abiosdsk - ok

15:34:44.0078 1324 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

15:34:44.0078 1324 abp480n5 - ok

15:34:44.0765 1324 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:34:44.0843 1324 ACPI - ok

15:34:45.0359 1324 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

15:34:45.0359 1324 ACPIEC - ok

15:34:45.0968 1324 ADIHdAudAddService (be1423364bb05a6b1751a1e9515e6cac) C:\WINDOWS\system32\drivers\ADIHdAud.sys

15:34:46.0015 1324 ADIHdAudAddService - ok

15:34:46.0609 1324 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

15:34:46.0625 1324 adpu160m - ok

15:34:47.0281 1324 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:34:47.0343 1324 aec - ok

15:34:47.0984 1324 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

15:34:48.0031 1324 AFD - ok

15:34:48.0578 1324 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

15:34:48.0578 1324 agp440 - ok

15:34:49.0093 1324 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

15:34:49.0109 1324 agpCPQ - ok

15:34:49.0593 1324 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

15:34:49.0593 1324 Aha154x - ok

15:34:50.0125 1324 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

15:34:50.0125 1324 aic78u2 - ok

15:34:50.0671 1324 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

15:34:50.0671 1324 aic78xx - ok

15:34:51.0156 1324 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll

15:34:51.0171 1324 Alerter - ok

15:34:51.0656 1324 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe

15:34:51.0656 1324 ALG - ok

15:34:52.0187 1324 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

15:34:52.0187 1324 AliIde - ok

15:34:52.0734 1324 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

15:34:52.0734 1324 alim1541 - ok

15:34:53.0265 1324 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

15:34:53.0265 1324 amdagp - ok

15:34:53.0765 1324 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

15:34:53.0765 1324 amsint - ok

15:34:54.0218 1324 AppMgmt - ok

15:34:54.0765 1324 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

15:34:54.0765 1324 Arp1394 - ok

15:34:55.0312 1324 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

15:34:55.0312 1324 asc - ok

15:34:55.0812 1324 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

15:34:55.0812 1324 asc3350p - ok

15:34:56.0312 1324 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

15:34:56.0312 1324 asc3550 - ok

15:34:56.0671 1324 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

15:34:56.0718 1324 aspnet_state - ok

15:34:57.0296 1324 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:34:57.0296 1324 AsyncMac - ok

15:34:57.0859 1324 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:34:57.0859 1324 atapi - ok

15:34:58.0328 1324 Atdisk - ok

15:34:58.0859 1324 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:34:58.0859 1324 Atmarpc - ok

15:34:59.0390 1324 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll

15:34:59.0437 1324 AudioSrv - ok

15:35:00.0015 1324 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:35:00.0015 1324 audstub - ok

15:35:00.0453 1324 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe

15:35:00.0625 1324 avg9wd - ok

15:35:01.0328 1324 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys

15:35:01.0437 1324 AvgLdx86 - ok

15:35:02.0046 1324 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\System32\Drivers\avgmfx86.sys

15:35:02.0046 1324 AvgMfx86 - ok

15:35:02.0593 1324 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys

15:35:02.0609 1324 AvgRkx86 - ok

15:35:03.0265 1324 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\System32\Drivers\avgtdix.sys

15:35:03.0390 1324 AvgTdiX - ok

15:35:03.0921 1324 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:35:03.0921 1324 Beep - ok

15:35:04.0656 1324 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll

15:35:05.0015 1324 BITS - ok

15:35:05.0562 1324 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll

15:35:05.0609 1324 Browser - ok

15:35:06.0156 1324 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

15:35:06.0156 1324 cbidf - ok

15:35:06.0640 1324 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:35:06.0640 1324 cbidf2k - ok

15:35:07.0171 1324 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

15:35:07.0171 1324 CCDECODE - ok

15:35:07.0687 1324 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

15:35:07.0687 1324 cd20xrnt - ok

15:35:08.0203 1324 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:35:08.0203 1324 Cdaudio - ok

15:35:08.0781 1324 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:35:08.0812 1324 Cdfs - ok

15:35:09.0359 1324 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:35:09.0359 1324 Cdrom - ok

15:35:09.0859 1324 Changer - ok

15:35:10.0328 1324 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe

15:35:10.0328 1324 CiSvc - ok

15:35:10.0812 1324 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe

15:35:10.0812 1324 ClipSrv - ok

15:35:11.0109 1324 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:35:11.0187 1324 clr_optimization_v2.0.50727_32 - ok

15:35:11.0765 1324 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

15:35:11.0765 1324 CmBatt - ok

15:35:12.0265 1324 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\system32\DRIVERS\cmdide.sys

15:35:12.0265 1324 CmdIde - ok

15:35:12.0750 1324 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

15:35:12.0765 1324 Compbatt - ok

15:35:13.0218 1324 COMSysApp - ok

15:35:13.0734 1324 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

15:35:13.0734 1324 Cpqarray - ok

15:35:14.0281 1324 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll

15:35:14.0296 1324 CryptSvc - ok

15:35:14.0906 1324 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

15:35:14.0984 1324 dac2w2k - ok

15:35:15.0484 1324 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

15:35:15.0484 1324 dac960nt - ok

15:35:16.0218 1324 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll

15:35:16.0468 1324 DcomLaunch - ok

15:35:17.0062 1324 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll

15:35:17.0156 1324 Dhcp - ok

15:35:17.0703 1324 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:35:17.0703 1324 Disk - ok

15:35:18.0140 1324 dmadmin - ok

15:35:19.0187 1324 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys

15:35:19.0687 1324 dmboot - ok

15:35:20.0328 1324 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys

15:35:20.0375 1324 dmio - ok

15:35:20.0890 1324 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:35:20.0890 1324 dmload - ok

15:35:21.0375 1324 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll

15:35:21.0390 1324 dmserver - ok

15:35:21.0937 1324 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:35:21.0937 1324 DMusic - ok

15:35:22.0468 1324 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll

15:35:22.0500 1324 Dnscache - ok

15:35:23.0093 1324 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll

15:35:23.0187 1324 Dot3svc - ok

15:35:23.0718 1324 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

15:35:23.0718 1324 dpti2o - ok

15:35:24.0250 1324 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:35:24.0250 1324 drmkaud - ok

15:35:24.0765 1324 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll

15:35:24.0781 1324 EapHost - ok

15:35:25.0359 1324 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll

15:35:25.0375 1324 ERSvc - ok

15:35:25.0937 1324 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe

15:35:25.0968 1324 Eventlog - ok

15:35:26.0609 1324 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll

15:35:26.0765 1324 EventSystem - ok

15:35:27.0406 1324 exFat (3ef58f2eae3aecab45d682152db2f67d) C:\WINDOWS\system32\drivers\exFat.sys

15:35:27.0500 1324 exFat - ok

15:35:28.0125 1324 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:35:28.0218 1324 Fastfat - ok

15:35:28.0781 1324 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

15:35:28.0875 1324 FastUserSwitchingCompatibility - ok

15:35:29.0390 1324 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:35:29.0390 1324 Fdc - ok

15:35:29.0953 1324 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys

15:35:29.0984 1324 Fips - ok

15:35:30.0515 1324 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

15:35:30.0531 1324 Flpydisk - ok

15:35:31.0140 1324 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:35:31.0171 1324 FltMgr - ok

15:35:31.0437 1324 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

15:35:31.0453 1324 FontCache3.0.0.0 - ok

15:35:32.0000 1324 Fs_Rec (c865b83411d7347627a4beec22543fb1) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:35:32.0000 1324 Fs_Rec - ok

15:35:32.0640 1324 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:35:32.0687 1324 Ftdisk - ok

15:35:33.0234 1324 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:35:33.0234 1324 Gpc - ok

15:35:33.0859 1324 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys

15:35:33.0906 1324 HdAudAddService - ok

15:35:34.0546 1324 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

15:35:34.0546 1324 HDAudBus - ok

15:35:34.0796 1324 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

15:35:34.0796 1324 helpsvc - ok

15:35:35.0296 1324 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll

15:35:35.0312 1324 HidServ - ok

15:35:35.0890 1324 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:35:35.0890 1324 HidUsb - ok

15:35:36.0437 1324 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll

15:35:36.0484 1324 hkmsvc - ok

15:35:37.0046 1324 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

15:35:37.0046 1324 hpn - ok

15:35:37.0734 1324 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:35:37.0859 1324 HTTP - ok

15:35:38.0390 1324 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll

15:35:38.0406 1324 HTTPFilter - ok

15:35:38.0921 1324 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

15:35:38.0937 1324 i2omgmt - ok

15:35:39.0484 1324 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

15:35:39.0484 1324 i2omp - ok

15:35:40.0062 1324 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:35:40.0062 1324 i8042prt - ok

15:35:40.0593 1324 ICDSPTSV (17c3ec352dfabe0670e5a3afd750891b) C:\WINDOWS\system32\IcdSptSv.exe

15:35:40.0609 1324 ICDSPTSV - ok

15:35:41.0140 1324 ICDUSB2 (60b044a221cf76cc6077b0c3e9136cff) C:\WINDOWS\system32\Drivers\ICDUSB2.sys

15:35:41.0156 1324 ICDUSB2 - ok

15:35:41.0968 1324 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:35:42.0515 1324 idsvc - ok

15:35:43.0109 1324 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:35:43.0109 1324 Imapi - ok

15:35:43.0687 1324 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe

15:35:43.0750 1324 ImapiService - ok

15:35:44.0281 1324 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

15:35:44.0281 1324 ini910u - ok

15:35:44.0796 1324 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys

15:35:44.0796 1324 IntelIde - ok

15:35:45.0359 1324 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:35:45.0359 1324 intelppm - ok

15:35:45.0890 1324 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:35:45.0906 1324 Ip6Fw - ok

15:35:46.0484 1324 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:35:46.0484 1324 IpFilterDriver - ok

15:35:47.0046 1324 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:35:47.0046 1324 IpInIp - ok

15:35:47.0812 1324 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:35:47.0875 1324 IpNat - ok

15:35:48.0468 1324 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:35:48.0484 1324 IPSec - ok

15:35:49.0000 1324 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:35:49.0000 1324 IRENUM - ok

15:35:49.0562 1324 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:35:49.0562 1324 isapnp - ok

15:35:49.0812 1324 JavaQuickStarterService (11c3efb4bac41175d03b1595db1a4a4f) C:\Program Files\Java\jre6\bin\jqs.exe

15:35:49.0875 1324 JavaQuickStarterService - ok

15:35:50.0515 1324 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:35:50.0515 1324 Kbdclass - ok

15:35:51.0046 1324 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

15:35:51.0046 1324 kbdhid - ok

15:35:51.0687 1324 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:35:51.0765 1324 kmixer - ok

15:35:52.0328 1324 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:35:52.0390 1324 KSecDD - ok

15:35:52.0937 1324 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll

15:35:53.0015 1324 lanmanserver - ok

15:35:53.0578 1324 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll

15:35:53.0671 1324 lanmanworkstation - ok

15:35:54.0156 1324 lbrtfdc - ok

15:35:54.0671 1324 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll

15:35:54.0687 1324 LmHosts - ok

15:35:55.0218 1324 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll

15:35:55.0250 1324 Messenger - ok

15:35:55.0453 1324 Microsoft SharePoint Workspace Audit Service - ok

15:35:56.0031 1324 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:35:56.0046 1324 mnmdd - ok

15:35:56.0546 1324 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe

15:35:56.0546 1324 mnmsrvc - ok

15:35:57.0078 1324 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys

15:35:57.0093 1324 Modem - ok

15:35:57.0593 1324 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:35:57.0593 1324 Mouclass - ok

15:35:58.0093 1324 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:35:58.0093 1324 mouhid - ok

15:35:58.0640 1324 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:35:58.0671 1324 MountMgr - ok

15:35:59.0171 1324 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

15:35:59.0171 1324 mraid35x - ok

15:35:59.0828 1324 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:35:59.0906 1324 MRxDAV - ok

15:36:00.0750 1324 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:36:01.0031 1324 MRxSmb - ok

15:36:01.0500 1324 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe

15:36:01.0500 1324 MSDTC - ok

15:36:02.0062 1324 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:36:02.0062 1324 Msfs - ok

15:36:02.0500 1324 MSIServer - ok

15:36:03.0000 1324 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:36:03.0000 1324 MSKSSRV - ok

15:36:03.0515 1324 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:36:03.0515 1324 MSPCLOCK - ok

15:36:04.0015 1324 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:36:04.0015 1324 MSPQM - ok

15:36:04.0531 1324 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:36:04.0531 1324 mssmbios - ok

15:36:05.0046 1324 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

15:36:05.0046 1324 MSTEE - ok

15:36:05.0578 1324 MTsensor (e333010a50bf603acc350f6019e9ce02) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys

15:36:05.0578 1324 MTsensor - ok

15:36:06.0171 1324 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:36:06.0234 1324 Mup - ok

15:36:06.0812 1324 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

15:36:06.0828 1324 NABTSFEC - ok

15:36:07.0484 1324 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll

15:36:07.0687 1324 napagent - ok

15:36:08.0343 1324 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:36:08.0468 1324 NDIS - ok

15:36:09.0000 1324 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

15:36:09.0000 1324 NdisIP - ok

15:36:09.0531 1324 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:36:09.0531 1324 NdisTapi - ok

15:36:10.0109 1324 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:36:10.0109 1324 Ndisuio - ok

15:36:10.0718 1324 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:36:10.0734 1324 NdisWan - ok

15:36:11.0265 1324 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:36:11.0296 1324 NDProxy - ok

15:36:11.0843 1324 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:36:11.0843 1324 NetBIOS - ok

15:36:12.0484 1324 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:36:12.0546 1324 NetBT - ok

15:36:13.0109 1324 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe

15:36:13.0156 1324 NetDDE - ok

15:36:13.0250 1324 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe

15:36:13.0250 1324 NetDDEdsdm - ok

15:36:13.0734 1324 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

15:36:13.0750 1324 Netlogon - ok

15:36:14.0359 1324 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll

15:36:14.0484 1324 Netman - ok

15:36:14.0796 1324 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:36:14.0843 1324 NetTcpPortSharing - ok

15:36:15.0437 1324 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

15:36:15.0437 1324 NIC1394 - ok

15:36:16.0093 1324 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll

15:36:16.0250 1324 Nla - ok

15:36:16.0781 1324 nmwcd (28e36e677849174c910faaead3e60e9e) C:\WINDOWS\system32\drivers\ccdcmb.sys

15:36:16.0781 1324 nmwcd - ok

15:36:17.0343 1324 nmwcdc (3823deb17f9f6775de0187a98fa0536d) C:\WINDOWS\system32\drivers\ccdcmbo.sys

15:36:17.0343 1324 nmwcdc - ok

15:36:17.0921 1324 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:36:17.0953 1324 Npfs - ok

15:36:18.0843 1324 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:36:19.0218 1324 Ntfs - ok

15:36:19.0718 1324 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

15:36:19.0718 1324 NtLmSsp - ok

15:36:20.0484 1324 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll

15:36:20.0796 1324 NtmsSvc - ok

15:36:21.0312 1324 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:36:21.0312 1324 Null - ok

15:36:24.0250 1324 nv (bbe208c1b83f62ee6e4a39f18dbf373e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

15:36:26.0671 1324 nv - ok

15:36:27.0234 1324 NVSvc (35b553d57bde1d7bbeb50a0cf1dfd4ec) C:\WINDOWS\system32\nvsvc32.exe

15:36:27.0281 1324 NVSvc - ok

15:36:27.0812 1324 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:36:27.0812 1324 NwlnkFlt - ok

15:36:28.0312 1324 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:36:28.0328 1324 NwlnkFwd - ok

15:36:28.0859 1324 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

15:36:28.0859 1324 ohci1394 - ok

15:36:29.0125 1324 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:36:29.0187 1324 ose - ok

15:36:32.0359 1324 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

15:36:35.0390 1324 osppsvc - ok

15:36:36.0031 1324 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys

15:36:36.0078 1324 Parport - ok

15:36:36.0593 1324 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:36:36.0609 1324 PartMgr - ok

15:36:37.0171 1324 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys

15:36:37.0171 1324 ParVdm - ok

15:36:37.0750 1324 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

15:36:37.0750 1324 pccsmcfd - ok

15:36:38.0343 1324 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys

15:36:38.0343 1324 PCI - ok

15:36:38.0828 1324 PCIDump - ok

15:36:39.0390 1324 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:36:39.0390 1324 PCIIde - ok

15:36:40.0000 1324 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:36:40.0078 1324 Pcmcia - ok

15:36:40.0562 1324 PDCOMP - ok

15:36:41.0031 1324 PDFRAME - ok

15:36:41.0578 1324 PDRELI - ok

15:36:42.0062 1324 PDRFRAME - ok

15:36:42.0640 1324 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

15:36:42.0640 1324 perc2 - ok

15:36:43.0140 1324 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

15:36:43.0140 1324 perc2hib - ok

15:36:43.0765 1324 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe

15:36:43.0765 1324 PlugPlay - ok

15:36:44.0250 1324 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

15:36:44.0250 1324 PolicyAgent - ok

15:36:44.0828 1324 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:36:44.0828 1324 PptpMiniport - ok

15:36:45.0406 1324 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys

15:36:45.0406 1324 Processor - ok

15:36:45.0906 1324 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

15:36:45.0906 1324 ProtectedStorage - ok

15:36:46.0500 1324 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:36:46.0515 1324 PSched - ok

15:36:47.0000 1324 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:36:47.0000 1324 Ptilink - ok

15:36:47.0515 1324 PTSimBus (688983e03c0d82b2efa1db89792c4c6c) C:\WINDOWS\system32\DRIVERS\PTSimBus.sys

15:36:47.0515 1324 PTSimBus - ok

15:36:48.0031 1324 PTSimHid (fdc1a2e536b5cbce1c2245cd5ad910eb) C:\WINDOWS\system32\DRIVERS\PTSimHid.sys

15:36:48.0031 1324 PTSimHid - ok

15:36:48.0578 1324 PxHelp20 (5491e4e7d93804f43abe8ce3c39f5a86) C:\WINDOWS\system32\Drivers\PxHelp20.sys

15:36:48.0578 1324 PxHelp20 - ok

15:36:49.0109 1324 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

15:36:49.0109 1324 ql1080 - ok

15:36:49.0625 1324 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

15:36:49.0625 1324 Ql10wnt - ok

15:36:50.0156 1324 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

15:36:50.0156 1324 ql12160 - ok

15:36:50.0671 1324 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

15:36:50.0671 1324 ql1240 - ok

15:36:51.0203 1324 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

15:36:51.0203 1324 ql1280 - ok

15:36:51.0750 1324 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:36:51.0750 1324 RasAcd - ok

15:36:52.0281 1324 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll

15:36:52.0343 1324 RasAuto - ok

15:36:52.0890 1324 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:36:52.0906 1324 Rasl2tp - ok

15:36:53.0546 1324 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll

15:36:53.0671 1324 RasMan - ok

15:36:54.0234 1324 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:36:54.0234 1324 RasPppoe - ok

15:36:54.0765 1324 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:36:54.0765 1324 Raspti - ok

15:36:55.0437 1324 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:36:55.0500 1324 Rdbss - ok

15:36:56.0062 1324 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:36:56.0062 1324 RDPCDD - ok

15:36:56.0718 1324 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:36:56.0812 1324 rdpdr - ok

15:36:57.0468 1324 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

15:36:57.0562 1324 RDPWD - ok

15:36:58.0125 1324 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe

15:36:58.0171 1324 RDSessMgr - ok

15:36:58.0750 1324 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:36:58.0750 1324 redbook - ok

15:36:59.0296 1324 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll

15:36:59.0328 1324 RemoteAccess - ok

15:36:59.0859 1324 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

15:36:59.0859 1324 rimmptsk - ok

15:37:00.0406 1324 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

15:37:00.0406 1324 rimsptsk - ok

15:37:01.0109 1324 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

15:37:01.0281 1324 rismxdp - ok

15:37:01.0812 1324 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe

15:37:01.0812 1324 RpcLocator - ok

15:37:02.0562 1324 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll

15:37:02.0562 1324 RpcSs - ok

15:37:03.0109 1324 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe

15:37:03.0156 1324 RSVP - ok

15:37:03.0750 1324 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

15:37:03.0750 1324 RTL8023xp - ok

15:37:04.0281 1324 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

15:37:04.0281 1324 rtl8139 - ok

15:37:04.0765 1324 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

15:37:04.0781 1324 SamSs - ok

15:37:05.0296 1324 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe

15:37:05.0328 1324 SCardSvr - ok

15:37:05.0937 1324 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll

15:37:06.0062 1324 Schedule - ok

15:37:06.0718 1324 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

15:37:06.0734 1324 sdbus - ok

15:37:07.0281 1324 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:37:07.0281 1324 Secdrv - ok

15:37:07.0765 1324 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll

15:37:07.0781 1324 seclogon - ok

15:37:08.0234 1324 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll

15:37:08.0281 1324 SENS - ok

15:37:08.0843 1324 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys

15:37:08.0890 1324 Serial - ok

15:37:09.0562 1324 ServiceLayer (5bf59c6bc737baaf541168e5cb2ec1d9) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

15:37:09.0984 1324 ServiceLayer - ok

15:37:10.0625 1324 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

15:37:10.0625 1324 sffdisk - ok

15:37:11.0109 1324 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

15:37:11.0109 1324 sffp_sd - ok

15:37:11.0625 1324 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

15:37:11.0625 1324 Sfloppy - ok

15:37:12.0359 1324 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll

15:37:12.0593 1324 SharedAccess - ok

15:37:13.0156 1324 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

15:37:13.0156 1324 ShellHWDetection - ok

15:37:13.0640 1324 Simbad - ok

15:37:14.0234 1324 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

15:37:14.0234 1324 sisagp - ok

15:37:14.0734 1324 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

15:37:14.0734 1324 SLIP - ok

15:37:15.0828 1324 smserial (b8c571fbf5a4b341a95cdf0de74d7b11) C:\WINDOWS\system32\DRIVERS\smserial.sys

15:37:16.0375 1324 smserial - ok

15:37:16.0937 1324 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

15:37:16.0937 1324 Sparrow - ok

15:37:17.0515 1324 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:37:17.0515 1324 splitter - ok

15:37:18.0015 1324 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

15:37:18.0015 1324 Spooler - ok

15:37:18.0609 1324 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys

15:37:18.0609 1324 sr - ok

15:37:19.0187 1324 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll

15:37:19.0281 1324 srservice - ok

15:37:20.0031 1324 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

15:37:20.0234 1324 Srv - ok

15:37:20.0859 1324 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys

15:37:20.0906 1324 ssadbus - ok

15:37:21.0468 1324 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys

15:37:21.0468 1324 ssadmdfl - ok

15:37:22.0171 1324 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys

15:37:22.0218 1324 ssadmdm - ok

15:37:22.0859 1324 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

15:37:22.0890 1324 sscdbus - ok

15:37:23.0437 1324 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

15:37:23.0437 1324 sscdmdfl - ok

15:37:24.0015 1324 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

15:37:24.0062 1324 sscdmdm - ok

15:37:24.0578 1324 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll

15:37:24.0640 1324 SSDPSRV - ok

15:37:25.0359 1324 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll

15:37:25.0578 1324 stisvc - ok

15:37:26.0156 1324 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

15:37:26.0156 1324 streamip - ok

15:37:26.0718 1324 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:37:26.0718 1324 swenum - ok

15:37:27.0312 1324 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:37:27.0312 1324 swmidi - ok

15:37:27.0750 1324 SwPrv - ok

15:37:28.0281 1324 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

15:37:28.0281 1324 symc810 - ok

15:37:28.0781 1324 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

15:37:28.0781 1324 symc8xx - ok

15:37:29.0296 1324 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

15:37:29.0296 1324 sym_hi - ok

15:37:29.0828 1324 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

15:37:29.0828 1324 sym_u3 - ok

15:37:31.0046 1324 SynMini (472b9e75ddab952f0cd37bd9aa3e81f8) C:\WINDOWS\system32\Drivers\SynMini.sys

15:37:31.0765 1324 SynMini - ok

15:37:32.0312 1324 SynScan (bed9a41e66e9f038af6d2e487a3f2757) C:\WINDOWS\system32\Drivers\SynScan.sys

15:37:32.0312 1324 SynScan - ok

15:37:32.0968 1324 SynTP (e2112e486a1954bb81f7b844a3a039af) C:\WINDOWS\system32\DRIVERS\SynTP.sys

15:37:33.0046 1324 SynTP - ok

15:37:33.0609 1324 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:37:33.0609 1324 sysaudio - ok

15:37:34.0140 1324 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe

15:37:34.0156 1324 SysmonLog - ok

15:37:34.0687 1324 Tablet2k - ok

15:37:35.0328 1324 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll

15:37:35.0515 1324 TapiSrv - ok

15:37:36.0031 1324 TClass2k (1b3c28d36e669deeb39331255a3feeeb) C:\WINDOWS\system32\DRIVERS\TClass2k.sys

15:37:36.0031 1324 TClass2k - ok

15:37:36.0781 1324 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:37:36.0984 1324 Tcpip - ok

15:37:37.0609 1324 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:37:37.0625 1324 TDPIPE - ok

15:37:38.0171 1324 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:37:38.0187 1324 TDTCP - ok

15:37:38.0796 1324 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:37:38.0796 1324 TermDD - ok

15:37:39.0468 1324 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll

15:37:39.0671 1324 TermService - ok

15:37:40.0218 1324 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

15:37:40.0218 1324 Themes - ok

15:37:40.0750 1324 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\system32\DRIVERS\toside.sys

15:37:40.0750 1324 TosIde - ok

15:37:41.0281 1324 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll

15:37:41.0343 1324 TrkWks - ok

15:37:41.0875 1324 UCTblHid (051aa2bb2bd20c55a8be41b10765b621) C:\WINDOWS\system32\DRIVERS\UCTblHid.sys

15:37:41.0875 1324 UCTblHid - ok

15:37:42.0437 1324 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:37:42.0500 1324 Udfs - ok

15:37:43.0031 1324 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

15:37:43.0031 1324 ultra - ok

15:37:43.0140 1324 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys

15:37:43.0156 1324 UnlockerDriver5 - ok

15:37:43.0968 1324 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:37:44.0171 1324 Update - ok

15:37:44.0765 1324 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll

15:37:44.0890 1324 upnphost - ok

15:37:45.0484 1324 upperdev (b1b8bee26227dad9835019201552cb05) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

15:37:45.0484 1324 upperdev - ok

15:37:45.0953 1324 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe

15:37:45.0953 1324 UPS - ok

15:37:46.0500 1324 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:37:46.0500 1324 usbccgp - ok

15:37:47.0078 1324 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:37:47.0078 1324 usbehci - ok

15:37:47.0625 1324 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:37:47.0625 1324 usbhub - ok

15:37:48.0140 1324 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

15:37:48.0140 1324 usbohci - ok

15:37:48.0687 1324 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys

15:37:48.0687 1324 usbser - ok

15:37:49.0203 1324 UsbserFilt (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

15:37:49.0203 1324 UsbserFilt - ok

15:37:49.0750 1324 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:37:49.0750 1324 USBSTOR - ok

15:37:50.0281 1324 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:37:50.0281 1324 usbuhci - ok

15:37:50.0781 1324 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:37:50.0781 1324 VgaSave - ok

15:37:51.0359 1324 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

15:37:51.0359 1324 viaagp - ok

15:37:51.0859 1324 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

15:37:51.0859 1324 ViaIde - ok

15:37:52.0390 1324 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys

15:37:52.0421 1324 VolSnap - ok

15:37:53.0093 1324 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe

15:37:53.0234 1324 VSS - ok

15:37:53.0828 1324 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll

15:37:53.0937 1324 W32Time - ok

15:37:55.0421 1324 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys

15:37:56.0328 1324 w39n51 - ok

15:37:56.0890 1324 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:37:56.0890 1324 Wanarp - ok

15:37:57.0765 1324 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

15:37:58.0046 1324 Wdf01000 - ok

15:37:58.0531 1324 WDICA - ok

15:37:59.0109 1324 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:37:59.0125 1324 wdmaud - ok

15:37:59.0656 1324 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll

15:37:59.0703 1324 WebClient - ok

15:38:00.0328 1324 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll

15:38:00.0406 1324 winmgmt - ok

15:38:01.0000 1324 WinTabService (23f319bea6f2b85489ca458ca0cce7ad) C:\WINDOWS\System32\Drivers\WTSRV.EXE

15:38:01.0000 1324 WinTabService - ok

15:38:01.0515 1324 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

15:38:01.0531 1324 WmdmPmSN - ok

15:38:02.0140 1324 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe

15:38:02.0187 1324 WmiApSrv - ok

15:38:03.0000 1324 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe

15:38:03.0562 1324 WMPNetworkSvc - ok

15:38:04.0234 1324 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

15:38:04.0234 1324 WpdUsb - ok

15:38:04.0781 1324 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll

15:38:04.0828 1324 wscsvc - ok

15:38:05.0406 1324 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

15:38:05.0406 1324 WSTCODEC - ok

15:38:05.0906 1324 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll

15:38:05.0968 1324 wuauserv - ok

15:38:06.0578 1324 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:38:06.0593 1324 WudfPf - ok

15:38:07.0171 1324 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:38:07.0187 1324 WudfRd - ok

15:38:07.0718 1324 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

15:38:07.0765 1324 WudfSvc - ok

15:38:08.0562 1324 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll

15:38:08.0890 1324 WZCSVC - ok

15:38:09.0437 1324 xcpip - ok

15:38:10.0000 1324 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll

15:38:10.0171 1324 xmlprov - ok

15:38:10.0671 1324 xpsec - ok

15:38:10.0812 1324 MBR (0x1B8) (25fdd3b61791a226676b12dc5bddef71) \Device\Harddisk0\DR0

15:38:10.0812 1324 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected

15:38:10.0812 1324 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)

15:38:10.0828 1324 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR6

15:38:10.0828 1324 \Device\Harddisk1\DR6 - ok

15:38:10.0859 1324 Boot (0x1200) (225fe5ad0b96fe37bd53283f1fd477c3) \Device\Harddisk0\DR0\Partition0

15:38:10.0859 1324 \Device\Harddisk0\DR0\Partition0 - ok

15:38:10.0875 1324 Boot (0x1200) (2c9f0db534ce25c719b32de63721f92e) \Device\Harddisk1\DR6\Partition0

15:38:10.0875 1324 \Device\Harddisk1\DR6\Partition0 - ok

15:38:10.0890 1324 ============================================================

15:38:10.0890 1324 Scan finished

15:38:10.0890 1324 ============================================================

15:38:10.0937 1376 Detected object count: 1

15:38:10.0937 1376 Actual detected object count: 1

15:41:34.0546 1376 \Device\Harddisk0\DR0\# - copied to quarantine

15:41:34.0546 1376 \Device\Harddisk0\DR0 - copied to quarantine

15:41:34.0546 1376 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot

15:41:34.0593 1376 \Device\Harddisk0\DR0 - ok

15:41:34.0593 1376 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure

Malwarebytes Anti-Malware (-evaluatieversie-) 1.61.0.1400

www.malwarebytes.org

Databaseversie: v2012.04.04.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Pillar :: SN100485110321 [administrator]

Realtime bescherming: Ingeschakeld

16-4-2012 16:10:17

mbam-log-2012-04-16 (16-10-17).txt

Scantype: Snelle scan

Uitgeschakelde scanopties: P2P

Objecten gescand: 201627

Verstreken tijd: 10 minuut/minuten, 35 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 7

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Slecht: (0) Goed: (1) -> Succesvol in quarantaine geplaatst en gerepareerd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Slecht: (0) Goed: (1) -> Succesvol in quarantaine geplaatst en gerepareerd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Slecht: (0) Goed: (1) -> Succesvol in quarantaine geplaatst en gerepareerd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Slecht: (0) Goed: (1) -> Succesvol in quarantaine geplaatst en gerepareerd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Slecht: (0) Goed: (1) -> Succesvol in quarantaine geplaatst en gerepareerd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Slecht: (0) Goed: (1) -> Succesvol in quarantaine geplaatst en gerepareerd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 2

C:\Documents and Settings\All Users\Application Data\AlSnqDidGxPete.exe (Backdoor.Agent.RCGen) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Documents and Settings\All Users\Application Data\JTiCagiPTU5LLZ.exe (Backdoor.Agent.RCGen) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

kape · 16 april 2012

Sluit de PC af en start opnieuw op.

Download Unhide.exe naar het bureaublad, als u een melding krijgt dat het bestand mogelijk onveilig is kunt u dit negeren.

Dubbelklik op "Unhide.exe" om de tool te starten.
Let op!!! Windows Vista & 7 gebruikers dienen "Unhide.exe" als administrator uit te voeren "Rechtermuisknop uitvoeren als administrator",
Wacht rustig af totdat de tool gereed is en doe in de tussentijd verder niets op de computer.
Als de tool gereed is krijgt u het onderstaande scherm te zien, met de melding "Your files should now be visible"
[*] Vermeld in uw volgende bericht of u deze melding heeft gekregen.

Laat ook AVG nog eens opnieuw scannen. Benieuwd wat die nu te vertellen heeft ?

16 april 2012 aangepast door kape

VUUR · 16 april 2012

Hallo,

Bij het unhiden kreeg ik de melding en al mijn programma's en documenten werden zichtbaar. Ik kreeg ook een icon van smart hdd op mijn bureaublad, kan ik dit gewoon van mijn bureaublad verwijderen of moet dit op een speciale manier?

Mijn pc voert nu de avg scan uit, als dit voltooid is zal ik het resultaat hier op het forum zetten.

kape · 16 april 2012

Indien dit enkel een snelkoppeling is naar je map van Smart HDD (en je die normaal niet gebruikt) mag je die gewoon verwijderen.

VUUR · 16 april 2012

Hallo,

De AVG heeft niks gevonden. Toen ik office wilde openen in menu start, zag ik het mapje wel maar de programma's waren er niet. Toen ben ik alle tabjes van menu start langs gegaan en ze waren allemaal leeg. Nu heb ik in de c-schijf, program files gekeken en daar zag ik een bestand genaamd: Markany, daarin zat een mapje "Contentsafer", daarin zat "Updateclient" waarin MAUpdateBoot zat. Nu heb ik even op internet gezocht en ik zag dat dit de computer langzaam maakt, wat bij mij nog steeds het geval is. Is dit ook een virus?

kape · 16 april 2012

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

VUUR · 16 april 2012

Hoi Kape,

Bedankt voor de snelle reactie, hieronder de comboFix logbestand.

ComboFix 12-04-16.02 - Pillar 16-04-2012 23:07:54.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.520 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Pillar\Mijn documenten\Downloads\ComboFix.exe

AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\Pillar\LOCALS~1\Temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll

c:\documents and settings\All Users\Application Data\JTiCagiPTU5LLZ

c:\documents and settings\Pillar\Local Settings\Temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll

c:\documents and settings\Pillar\ntuser.tmp

c:\windows\IsUn0413.exe

c:\windows\system32\system32

c:\windows\system32\system32\3DAudio.ax

c:\windows\system32\system32\avrt.dll

c:\windows\system32\system32\cis-2.4.dll

c:\windows\system32\system32\issacapi_bs-2.3.dll

c:\windows\system32\system32\issacapi_pe-2.3.dll

c:\windows\system32\system32\issacapi_se-2.3.dll

c:\windows\system32\system32\MACXMLProto.dll

c:\windows\system32\system32\MaDRM.dll

c:\windows\system32\system32\MaJGUILib.dll

c:\windows\system32\system32\MAMACExtract.dll

c:\windows\system32\system32\MASetupCleaner.exe

c:\windows\system32\system32\MaXMLProto.dll

c:\windows\system32\system32\mfplat.dll

c:\windows\system32\system32\MK_Lyric.dll

c:\windows\system32\system32\MSCLib.dll

c:\windows\system32\system32\MSFLib.dll

c:\windows\system32\system32\MSLUR71.dll

c:\windows\system32\system32\msvcp60.dll

c:\windows\system32\system32\MTTELECHIP.dll

c:\windows\system32\system32\MTXSYNCICON.dll

c:\windows\system32\system32\muzaf1.dll

c:\windows\system32\system32\muzapp.dll

c:\windows\system32\system32\muzapp.exe

c:\windows\system32\system32\muzdecode.ax

c:\windows\system32\system32\muzeffect.ax

c:\windows\system32\system32\muzmp4sp.ax

c:\windows\system32\system32\muzmpgsp.ax

c:\windows\system32\system32\muzoggsp.ax

c:\windows\system32\system32\muzwmts.dll

c:\windows\system32\system32\psapi.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_xcpip

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-03-16 to 2012-04-16 ))))))))))))))))))))))))))))))

.

2012-04-16 20:20 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-16 20:05 . 2012-04-16 20:05 -------- d-----w- c:\windows\system32\wbem\Repository

2012-04-16 20:05 . 2012-04-16 20:05 -------- d--h--r- c:\documents and settings\Pillar\Onlangs geopend

2012-04-16 14:09 . 2012-04-16 14:09 -------- d-----w- c:\documents and settings\Pillar\Application Data\Malwarebytes

2012-04-16 14:09 . 2012-04-16 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-04-16 14:09 . 2012-04-16 20:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-15 20:22 . 2012-04-16 20:02 -------- d-----w- C:\hijackthis(2)

2012-04-15 19:46 . 2012-04-16 20:02 -------- d-s---w- c:\documents and settings\Administrator

2012-04-15 18:38 . 2012-04-15 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia

2012-04-15 18:37 . 2012-04-15 18:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Nokia

2012-04-15 18:15 . 2012-04-15 18:40 -------- d-----w- c:\documents and settings\Pillar\Local Settings\Application Data\Nokia

2012-04-15 18:15 . 2012-04-15 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite

2012-04-15 18:15 . 2012-04-15 18:37 -------- d-----w- c:\documents and settings\Pillar\Application Data\PC Suite

2012-04-15 18:13 . 2012-04-16 20:04 -------- d-----w- c:\documents and settings\Pillar\Application Data\Nokia

2012-04-15 18:00 . 2012-04-16 20:04 -------- d-----w- c:\program files\Common Files\Nokia

2012-04-15 17:58 . 2012-04-16 20:06 -------- d-----w- c:\program files\PC Connectivity Solution

2012-04-15 17:55 . 2012-04-16 20:04 -------- d-----w- c:\program files\Nokia

2012-04-15 17:55 . 2012-04-15 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache

2012-04-14 19:57 . 2012-04-16 20:04 -------- d-----w- c:\program files\SopCast

2012-04-11 22:41 . 2012-04-11 22:41 -------- d-----w- c:\documents and settings\Pillar\Local Settings\Application Data\Microsoft Help

2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-01 11:00 . 2004-09-10 15:23 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:00 . 2004-09-10 15:23 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:00 . 2004-09-10 15:23 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2004-09-10 15:23 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-09-10 15:23 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-09-10 15:22 385024 ----a-w- c:\windows\system32\html.iec

2012-02-14 10:09 . 2012-02-14 10:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-02-04 00:30 . 2012-02-04 00:27 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-02-04 00:30 . 2012-02-04 00:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2012-02-04 00:30 . 2012-02-04 00:27 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2012-02-04 00:30 . 2012-02-04 00:27 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2012-02-04 00:30 . 2012-02-04 00:27 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2012-02-03 09:57 . 2004-09-10 15:23 1860224 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-02-17 21416]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-02-03 943504]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-12 774233]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7573504]

"nwiz"="nwiz.exe" [2006-05-08 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-08 86016]

"HControl"="c:\windows\ATK0100\HControl.exe" [2006-02-23 106496]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-02-04 2077536]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2012-02-04 00:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\muzapp.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"%windir%\explorer.exe"= %windir%\explorer.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4-2-2012 2:27 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4-2-2012 2:27 216400]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4-2-2012 2:27 243152]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4-2-2012 2:30 308136]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16-4-2012 22:20 654408]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16-4-2012 22:20 22344]

R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [23-8-2011 10:38 18944]

R3 SynMini;USB2.0 VGA WebCam;c:\windows\system32\drivers\SynMini.sys [19-4-2011 8:25 1056512]

R3 SynScan;USB2.0 VGA WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [19-4-2011 8:25 8064]

S3 6qmok14n.sys;6qmok14n.sys;\??\c:\windows\system32\drivers\6qmok14n.sys --> c:\windows\system32\drivers\6qmok14n.sys [?]

S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [25-5-2011 22:38 39048]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12-6-2011 12:15 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9-1-2010 22:37 4640000]

S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [23-8-2011 10:38 10752]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10-10-2011 10:34 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10-10-2011 10:34 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10-10-2011 10:34 136808]

S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - IPFILTERDRIVER

*NewlyCreated* - MBAMPROTECTOR

*NewlyCreated* - MBAMSERVICE

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3643520768-4114035612-1401401595-1006Core.job

- c:\documents and settings\Pillar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-23 20:20]

.

2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3643520768-4114035612-1401401595-1006UA.job

- c:\documents and settings\Pillar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-23 20:20]

.

2012-04-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3643520768-4114035612-1401401595-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]

.

2012-04-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3643520768-4114035612-1401401595-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-04-16 23:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(3944)

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\progra~1\MICROS~2\Office14\1043\GrooveIntlResource.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\System32\Drivers\WTSRV.EXE

c:\windows\system32\WTClient.exe

c:\program files\AVG\AVG9\avgam.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\system32\WISPTIS.EXE

c:\windows\system32\wscntfy.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\ATK0100\ATKOSD.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

.

**************************************************************************

.

Voltooingstijd: 2012-04-16 23:28:16 - machine werd herstart

ComboFix-quarantined-files.txt 2012-04-16 21:28

.

Pre-Run: 57.090.850.816 bytes beschikbaar

Post-Run: 57.031.634.944 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 0C1E70CE13829D052A8086998767DE9C

kape · 16 april 2012

En hoe is de toestand van de PC nu ?

Inloggen

Trojan horse PSW.Agent.AUET

Aanbevolen berichten

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Belangrijke informatie