Trojaans paard crypt.aqlw

[Ry1987]

Hallo,

Ik heb sinds gisteren last van dit virus ik krijg ongeveer om de 15 minuten een melding van avg dat er bestanden geinfecteerd zijn, ik kan ze altijd weer herstellen, soms na het opnieuw opstarten van mijn laptop.

Kan iemand mij hierbij helpen?

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:10:55, on 29-4-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\EeePC\ACPI\AsTray.exe

C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

C:\Program Files\EeePC\ACPI\AsEPCMon.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe

O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe

O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 8130 bytes

[kape]

Download TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

[Ry1987]

Hallo,

Alvast bedankt voor je hulp, ik heb mijn laptop gescand en moest hem daarna opnieuw opstarten. Hier is de log:

20:05:49.0578 1896 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

20:05:50.0000 1896 ============================================================

20:05:50.0000 1896 Current date / time: 2012/04/29 20:05:50.0000

20:05:50.0000 1896 SystemInfo:

20:05:50.0000 1896

20:05:50.0000 1896 OS Version: 5.1.2600 ServicePack: 3.0

20:05:50.0000 1896 Product type: Workstation

20:05:50.0000 1896 ComputerName: PC

20:05:50.0000 1896 UserName: Gebruiker

20:05:50.0000 1896 Windows directory: C:\WINDOWS

20:05:50.0000 1896 System windows directory: C:\WINDOWS

20:05:50.0000 1896 Processor architecture: Intel x86

20:05:50.0000 1896 Number of processors: 1

20:05:50.0000 1896 Page size: 0x1000

20:05:50.0000 1896 Boot type: Normal boot

20:05:50.0000 1896 ============================================================

20:05:52.0093 1896 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

20:05:52.0093 1896 ============================================================

20:05:52.0093 1896 \Device\Harddisk0\DR0:

20:05:52.0093 1896 MBR partitions:

20:05:52.0093 1896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFA10D03

20:05:52.0093 1896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFA10D42, BlocksNum 0xD7A3D3B

20:05:52.0093 1896 ============================================================

20:05:52.0125 1896 C: <-> \Device\Harddisk0\DR0\Partition0

20:05:52.0156 1896 D: <-> \Device\Harddisk0\DR0\Partition1

20:05:52.0156 1896 ============================================================

20:05:52.0156 1896 Initialize success

20:05:52.0156 1896 ============================================================

20:05:55.0609 3628 ============================================================

20:05:55.0609 3628 Scan started

20:05:55.0609 3628 Mode: Manual;

20:05:55.0609 3628 ============================================================

20:05:57.0093 3628 Abiosdsk - ok

20:05:57.0109 3628 abp480n5 - ok

20:05:57.0171 3628 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:05:57.0187 3628 ACPI - ok

20:05:57.0218 3628 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

20:05:57.0218 3628 ACPIEC - ok

20:05:57.0234 3628 admservice - ok

20:05:57.0312 3628 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

20:05:57.0328 3628 AdobeFlashPlayerUpdateSvc - ok

20:05:57.0343 3628 adpu160m - ok

20:05:57.0375 3628 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

20:05:57.0390 3628 aec - ok

20:05:57.0437 3628 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys

20:05:57.0453 3628 AFD - ok

20:05:57.0468 3628 Aha154x - ok

20:05:57.0484 3628 aic78u2 - ok

20:05:57.0500 3628 aic78xx - ok

20:05:57.0531 3628 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll

20:05:57.0531 3628 Alerter - ok

20:05:57.0562 3628 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe

20:05:57.0578 3628 ALG - ok

20:05:57.0578 3628 AliIde - ok

20:05:57.0750 3628 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

20:05:57.0812 3628 Ambfilt - ok

20:05:57.0906 3628 amsint - ok

20:05:57.0921 3628 apache - ok

20:05:57.0937 3628 AppMgmt - ok

20:05:58.0062 3628 AR5416 (dde307d6c228960df411b55765a4af90) C:\WINDOWS\system32\DRIVERS\athw.sys

20:05:58.0125 3628 AR5416 - ok

20:05:58.0203 3628 asc - ok

20:05:58.0218 3628 asc3350p - ok

20:05:58.0234 3628 asc3550 - ok

20:05:58.0343 3628 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

20:05:58.0375 3628 aspnet_state - ok

20:05:58.0406 3628 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys

20:05:58.0421 3628 AsusACPI - ok

20:05:58.0468 3628 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:05:58.0468 3628 AsyncMac - ok

20:05:58.0500 3628 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:05:58.0500 3628 atapi - ok

20:05:58.0515 3628 Atdisk - ok

20:05:58.0531 3628 ATIBTCAP - ok

20:05:58.0562 3628 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:05:58.0578 3628 Atmarpc - ok

20:05:58.0609 3628 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll

20:05:58.0609 3628 AudioSrv - ok

20:05:58.0656 3628 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:05:58.0656 3628 audstub - ok

20:05:59.0000 3628 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

20:05:59.0078 3628 AVGIDSAgent - ok

20:05:59.0343 3628 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

20:05:59.0343 3628 AVGIDSDriver - ok

20:05:59.0375 3628 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

20:05:59.0390 3628 AVGIDSEH - ok

20:05:59.0406 3628 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

20:05:59.0406 3628 AVGIDSFilter - ok

20:05:59.0453 3628 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

20:05:59.0453 3628 AVGIDSShim - ok

20:05:59.0500 3628 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

20:05:59.0515 3628 Avgldx86 - ok

20:05:59.0531 3628 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

20:05:59.0546 3628 Avgmfx86 - ok

20:05:59.0562 3628 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

20:05:59.0578 3628 Avgrkx86 - ok

20:05:59.0609 3628 Avgtdix (1774e423c575197378ece5d7c967ffe9) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

20:05:59.0718 3628 Avgtdix ( Virus.Win32.ZAccess.k ) - infected

20:05:59.0718 3628 Avgtdix - detected Virus.Win32.ZAccess.k (0)

20:05:59.0843 3628 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

20:05:59.0843 3628 avgwd - ok

20:05:59.0859 3628 AVRec - ok

20:05:59.0875 3628 backupexecnamingservice - ok

20:05:59.0890 3628 backupexecnotificationserver - ok

20:05:59.0906 3628 beatjammusicstreamingserver - ok

20:05:59.0953 3628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:05:59.0953 3628 Beep - ok

20:06:00.0015 3628 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll

20:06:00.0093 3628 BITS - ok

20:06:00.0156 3628 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll

20:06:00.0156 3628 Browser - ok

20:06:00.0171 3628 btaudio - ok

20:06:00.0187 3628 BTDriver - ok

20:06:00.0203 3628 BTWDNDIS - ok

20:06:00.0218 3628 btwhid - ok

20:06:00.0250 3628 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:06:00.0265 3628 cbidf2k - ok

20:06:00.0296 3628 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

20:06:00.0296 3628 CCDECODE - ok

20:06:00.0312 3628 ccispwdsvc - ok

20:06:00.0328 3628 cd20xrnt - ok

20:06:00.0343 3628 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:06:00.0343 3628 Cdaudio - ok

20:06:00.0390 3628 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

20:06:00.0390 3628 Cdfs - ok

20:06:00.0421 3628 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:06:00.0421 3628 Cdrom - ok

20:06:00.0437 3628 Changer - ok

20:06:00.0468 3628 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe

20:06:00.0484 3628 CiSvc - ok

20:06:00.0515 3628 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe

20:06:00.0515 3628 ClipSrv - ok

20:06:00.0625 3628 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:06:00.0640 3628 clr_optimization_v2.0.50727_32 - ok

20:06:00.0703 3628 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

20:06:00.0703 3628 CmBatt - ok

20:06:00.0703 3628 CmdIde - ok

20:06:00.0734 3628 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

20:06:00.0734 3628 Compbatt - ok

20:06:00.0750 3628 COMSysApp - ok

20:06:00.0781 3628 Cpqarray - ok

20:06:00.0828 3628 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll

20:06:00.0843 3628 CryptSvc - ok

20:06:00.0859 3628 CVPNDRVA - ok

20:06:00.0875 3628 cwcspud - ok

20:06:00.0890 3628 dac2w2k - ok

20:06:00.0890 3628 dac960nt - ok

20:06:00.0906 3628 dbustrcm - ok

20:06:00.0984 3628 DcomLaunch (d8d28f6cabec7d42b8e487e290563b9a) C:\WINDOWS\system32\rpcss.dll

20:06:01.0000 3628 DcomLaunch - ok

20:06:01.0015 3628 dcstor32 - ok

20:06:01.0062 3628 Dhcp (99f2c23ed213c7e0c10a778cb8e98c3b) C:\WINDOWS\System32\dhcpcsvc.dll

20:06:01.0078 3628 Dhcp - ok

20:06:01.0109 3628 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys

20:06:01.0109 3628 Disk - ok

20:06:01.0125 3628 dmadmin - ok

20:06:01.0203 3628 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys

20:06:01.0250 3628 dmboot - ok

20:06:01.0281 3628 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys

20:06:01.0296 3628 dmio - ok

20:06:01.0343 3628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:06:01.0343 3628 dmload - ok

20:06:01.0359 3628 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll

20:06:01.0359 3628 dmserver - ok

20:06:01.0390 3628 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

20:06:01.0406 3628 DMusic - ok

20:06:01.0453 3628 Dnscache (f41ae23847f084f92e283d86c2a9efcc) C:\WINDOWS\System32\dnsrslvr.dll

20:06:01.0453 3628 Dnscache - ok

20:06:01.0500 3628 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll

20:06:01.0500 3628 Dot3svc - ok

20:06:01.0515 3628 dpti2o - ok

20:06:01.0546 3628 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

20:06:01.0562 3628 drmkaud - ok

20:06:01.0562 3628 ds1 - ok

20:06:01.0578 3628 dwusbdnt - ok

20:06:01.0609 3628 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll

20:06:01.0625 3628 EapHost - ok

20:06:01.0671 3628 EhttpSrv (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\advservice.dll

20:06:01.0687 3628 Suspicious file (NoAccess): C:\WINDOWS\system32\advservice.dll. md5: 11028c6a84a967070cb1286550f2058f

20:06:01.0687 3628 EhttpSrv ( Backdoor.Multi.ZAccess.gen ) - infected

20:06:01.0687 3628 EhttpSrv - detected Backdoor.Multi.ZAccess.gen (0)

20:06:01.0703 3628 EIO_XP - ok

20:06:01.0718 3628 elbycdfl - ok

20:06:01.0765 3628 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll

20:06:01.0765 3628 ERSvc - ok

20:06:01.0796 3628 Eventlog (d98a222a707ffe40043e533fe7a6ba24) C:\WINDOWS\system32\services.exe

20:06:01.0812 3628 Eventlog - ok

20:06:01.0843 3628 EventSystem (f6c37073a269c163a5fdae5bff47f367) C:\WINDOWS\system32\es.dll

20:06:01.0875 3628 EventSystem - ok

20:06:01.0906 3628 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys

20:06:01.0906 3628 exFat - ok

20:06:01.0953 3628 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

20:06:01.0968 3628 Fastfat - ok

20:06:02.0000 3628 FastUserSwitchingCompatibility (c28a9e9d28acdaf8097be4578c49559b) C:\WINDOWS\System32\shsvcs.dll

20:06:02.0015 3628 FastUserSwitchingCompatibility - ok

20:06:02.0046 3628 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

20:06:02.0046 3628 Fdc - ok

20:06:02.0078 3628 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys

20:06:02.0078 3628 Fips - ok

20:06:02.0093 3628 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

20:06:02.0093 3628 Flpydisk - ok

20:06:02.0156 3628 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

20:06:02.0156 3628 FltMgr - ok

20:06:02.0250 3628 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

20:06:02.0250 3628 FontCache3.0.0.0 - ok

20:06:02.0265 3628 fsbwsys - ok

20:06:02.0312 3628 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:06:02.0312 3628 Fs_Rec - ok

20:06:02.0359 3628 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:06:02.0375 3628 Ftdisk - ok

20:06:02.0390 3628 GoToAssist - ok

20:06:02.0406 3628 govsrv - ok

20:06:02.0453 3628 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:06:02.0453 3628 Gpc - ok

20:06:02.0562 3628 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

20:06:02.0562 3628 gupdate - ok

20:06:02.0578 3628 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

20:06:02.0593 3628 gupdatem - ok

20:06:02.0640 3628 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

20:06:02.0671 3628 gusvc - ok

20:06:02.0734 3628 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:06:02.0750 3628 HDAudBus - ok

20:06:02.0781 3628 helpsvc - ok

20:06:03.0046 3628 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll

20:06:03.0046 3628 HidServ - ok

20:06:03.0093 3628 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:06:03.0109 3628 hidusb - ok

20:06:03.0156 3628 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll

20:06:03.0156 3628 hkmsvc - ok

20:06:03.0171 3628 hpn - ok

20:06:03.0187 3628 HPSLPSVC - ok

20:06:03.0312 3628 HTTP (937031c085718c1c04a9c0864625ec6b) C:\WINDOWS\system32\Drivers\HTTP.sys

20:06:03.0328 3628 HTTP - ok

20:06:03.0390 3628 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll

20:06:03.0406 3628 HTTPFilter - ok

20:06:03.0421 3628 i2omgmt - ok

20:06:03.0437 3628 i2omp - ok

20:06:03.0515 3628 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:06:03.0515 3628 i8042prt - ok

20:06:03.0531 3628 iAimFP5 - ok

20:06:03.0750 3628 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

20:06:03.0843 3628 ialm - ok

20:06:03.0859 3628 icm10blk - ok

20:06:04.0437 3628 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:06:04.0484 3628 idsvc - ok

20:06:04.0500 3628 ikhfile - ok

20:06:04.0546 3628 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:06:04.0562 3628 Imapi - ok

20:06:04.0593 3628 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe

20:06:04.0609 3628 ImapiService - ok

20:06:04.0625 3628 imaservice - ok

20:06:04.0640 3628 ini910u - ok

20:06:04.0656 3628 ino_flpy - ok

20:06:05.0031 3628 IntcAzAudAddService (921f2452a8d3a10083ddd824fc8c267f) C:\WINDOWS\system32\drivers\RtkHDAud.sys

20:06:05.0234 3628 IntcAzAudAddService - ok

20:06:05.0343 3628 IntelIde - ok

20:06:05.0390 3628 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:06:05.0390 3628 intelppm - ok

20:06:05.0421 3628 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

20:06:05.0421 3628 Ip6Fw - ok

20:06:05.0453 3628 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:06:05.0453 3628 IpFilterDriver - ok

20:06:05.0468 3628 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:06:05.0468 3628 IpInIp - ok

20:06:05.0500 3628 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:06:05.0515 3628 IpNat - ok

20:06:05.0531 3628 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:06:05.0546 3628 IPSec - ok

20:06:05.0578 3628 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:06:05.0593 3628 IRENUM - ok

20:06:05.0625 3628 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:06:05.0625 3628 isapnp - ok

20:06:05.0718 3628 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe

20:06:05.0734 3628 JavaQuickStarterService - ok

20:06:05.0781 3628 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:06:05.0781 3628 Kbdclass - ok

20:06:05.0812 3628 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

20:06:05.0828 3628 kmixer - ok

20:06:05.0859 3628 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys

20:06:05.0875 3628 KSecDD - ok

20:06:05.0906 3628 Ktp (85b6d85c044e3df77e92b5a7b265008f) C:\WINDOWS\system32\DRIVERS\ETD.sys

20:06:05.0921 3628 Ktp - ok

20:06:05.0937 3628 L1e (e384521a6715d708efaffe26fff8a3e3) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys

20:06:05.0953 3628 L1e - ok

20:06:05.0984 3628 LanmanServer (ab3c73cfc4d21540c51671edf6e2c989) C:\WINDOWS\System32\srvsvc.dll

20:06:06.0000 3628 LanmanServer - ok

20:06:06.0031 3628 lanmanworkstation (f2bb3d20cd27ee6ed1fd5954de629441) C:\WINDOWS\System32\wkssvc.dll

20:06:06.0046 3628 lanmanworkstation - ok

20:06:06.0062 3628 lbrtfdc - ok

20:06:06.0078 3628 Ld51ocnucsnp - ok

20:06:06.0125 3628 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll

20:06:06.0125 3628 LmHosts - ok

20:06:06.0140 3628 LUsbKbd - ok

20:06:06.0156 3628 LVCap138 - ok

20:06:06.0171 3628 lxbt_device - ok

20:06:06.0171 3628 M2500 - ok

20:06:06.0187 3628 mcp - ok

20:06:06.0203 3628 mediaviewer - ok

20:06:06.0218 3628 mfehidk - ok

20:06:06.0281 3628 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

20:06:06.0296 3628 Microsoft Office Groove Audit Service - ok

20:06:06.0328 3628 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

20:06:06.0328 3628 mnmdd - ok

20:06:06.0359 3628 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe

20:06:06.0375 3628 mnmsrvc - ok

20:06:06.0406 3628 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys

20:06:06.0406 3628 Modem - ok

20:06:06.0546 3628 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

20:06:06.0593 3628 Monfilt - ok

20:06:06.0593 3628 motmodem - ok

20:06:06.0625 3628 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:06:06.0625 3628 Mouclass - ok

20:06:06.0671 3628 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:06:06.0671 3628 mouhid - ok

20:06:06.0718 3628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

20:06:06.0718 3628 MountMgr - ok

20:06:06.0718 3628 mraid35x - ok

20:06:06.0765 3628 MRxDAV (4fefd389d71126ee581b9f9cb2918be4) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:06:06.0765 3628 MRxDAV - ok

20:06:06.0812 3628 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:06:06.0843 3628 MRxSmb - ok

20:06:06.0906 3628 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe

20:06:06.0906 3628 MSDTC - ok

20:06:06.0937 3628 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

20:06:06.0953 3628 Msfs - ok

20:06:06.0953 3628 MSIServer - ok

20:06:07.0000 3628 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:06:07.0000 3628 MSKSSRV - ok

20:06:07.0000 3628 msmframework - ok

20:06:07.0031 3628 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:06:07.0031 3628 MSPCLOCK - ok

20:06:07.0046 3628 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

20:06:07.0062 3628 MSPQM - ok

20:06:07.0078 3628 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:06:07.0078 3628 mssmbios - ok

20:06:07.0093 3628 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

20:06:07.0109 3628 MSTEE - ok

20:06:07.0156 3628 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINDOWS\system32\drivers\Mup.sys

20:06:07.0156 3628 Mup - ok

20:06:07.0203 3628 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

20:06:07.0203 3628 NABTSFEC - ok

20:06:07.0265 3628 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll

20:06:07.0296 3628 napagent - ok

20:06:07.0328 3628 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

20:06:07.0359 3628 NDIS - ok

20:06:07.0375 3628 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

20:06:07.0375 3628 NdisIP - ok

20:06:07.0421 3628 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:06:07.0437 3628 NdisTapi - ok

20:06:07.0468 3628 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:06:07.0484 3628 Ndisuio - ok

20:06:07.0500 3628 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:06:07.0500 3628 NdisWan - ok

20:06:07.0531 3628 NDProxy (816460bd4b4acd27937d1d0813e2e9e9) C:\WINDOWS\system32\drivers\NDProxy.sys

20:06:07.0531 3628 NDProxy - ok

20:06:07.0562 3628 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:06:07.0562 3628 NetBIOS - ok

20:06:07.0593 3628 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:06:07.0593 3628 NetBT - ok

20:06:07.0640 3628 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe

20:06:07.0640 3628 NetDDE - ok

20:06:07.0656 3628 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe

20:06:07.0656 3628 NetDDEdsdm - ok

20:06:07.0703 3628 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

20:06:07.0703 3628 Netlogon - ok

20:06:07.0750 3628 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll

20:06:07.0781 3628 Netman - ok

20:06:07.0796 3628 NETMDUSB - ok

20:06:07.0890 3628 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:06:07.0906 3628 NetTcpPortSharing - ok

20:06:07.0921 3628 networkx - ok

20:06:07.0937 3628 nicconfigsvc - ok

20:06:07.0937 3628 NIPALK - ok

20:06:07.0984 3628 Nla (18740e8ec5be4b6d66fa0e4cbfd3b9c6) C:\WINDOWS\System32\mswsock.dll

20:06:08.0000 3628 Nla - ok

20:06:08.0015 3628 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

20:06:08.0015 3628 Npfs - ok

20:06:08.0031 3628 npkcusb - ok

20:06:08.0140 3628 Ntfs (a0857c97770034fd2af17dc4014b5abd) C:\WINDOWS\system32\drivers\Ntfs.sys

20:06:08.0171 3628 Ntfs - ok

20:06:08.0187 3628 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

20:06:08.0203 3628 NtLmSsp - ok

20:06:08.0250 3628 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll

20:06:08.0281 3628 NtmsSvc - ok

20:06:08.0453 3628 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:06:08.0484 3628 Null - ok

20:06:08.0515 3628 nvnforce - ok

20:06:08.0593 3628 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:06:08.0625 3628 NwlnkFlt - ok

20:06:08.0718 3628 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:06:08.0781 3628 NwlnkFwd - ok

20:06:08.0781 3628 NWSNS - ok

20:06:09.0500 3628 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

20:06:09.0593 3628 odserv - ok

20:06:09.0625 3628 oraclesnmppeerencapsulator - ok

20:06:09.0828 3628 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:06:09.0890 3628 ose - ok

20:06:09.0921 3628 ownershipprotocol - ok

20:06:10.0062 3628 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys

20:06:10.0078 3628 Parport - ok

20:06:10.0140 3628 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

20:06:10.0171 3628 PartMgr - ok

20:06:10.0234 3628 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys

20:06:10.0250 3628 ParVdm - ok

20:06:10.0359 3628 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys

20:06:10.0390 3628 PCI - ok

20:06:10.0406 3628 PCIDump - ok

20:06:10.0453 3628 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys

20:06:10.0484 3628 PCIIde - ok

20:06:10.0625 3628 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys

20:06:10.0671 3628 Pcmcia - ok

20:06:10.0703 3628 PDCOMP - ok

20:06:10.0734 3628 PDFRAME - ok

20:06:10.0765 3628 PDRELI - ok

20:06:10.0796 3628 PDRFRAME - ok

20:06:10.0828 3628 perc2 - ok

20:06:10.0843 3628 perc2hib - ok

20:06:11.0062 3628 PlugPlay (d98a222a707ffe40043e533fe7a6ba24) C:\WINDOWS\system32\services.exe

20:06:11.0062 3628 PlugPlay - ok

20:06:11.0093 3628 PNRPSvc - ok

20:06:11.0125 3628 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

20:06:11.0140 3628 PolicyAgent - ok

20:06:11.0187 3628 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:06:11.0234 3628 PptpMiniport - ok

20:06:11.0250 3628 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

20:06:11.0250 3628 ProtectedStorage - ok

20:06:11.0343 3628 PSched (d8e11d311785f89f1d70a28b0e879127) C:\WINDOWS\system32\DRIVERS\psched.sys

20:06:11.0375 3628 PSched - ok

20:06:11.0421 3628 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:06:11.0468 3628 Ptilink - ok

20:06:11.0500 3628 PXRDDriver - ok

20:06:11.0531 3628 ql1080 - ok

20:06:11.0562 3628 Ql10wnt - ok

20:06:11.0593 3628 ql12160 - ok

20:06:11.0625 3628 ql1240 - ok

20:06:11.0640 3628 ql1280 - ok

20:06:11.0796 3628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:06:11.0812 3628 RasAcd - ok

20:06:12.0421 3628 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll

20:06:12.0453 3628 RasAuto - ok

20:06:12.0515 3628 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:06:12.0531 3628 Rasl2tp - ok

20:06:12.0640 3628 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll

20:06:12.0703 3628 RasMan - ok

20:06:12.0750 3628 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:06:12.0750 3628 RasPppoe - ok

20:06:12.0812 3628 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:06:12.0812 3628 Raspti - ok

20:06:12.0828 3628 rbfilter - ok

20:06:12.0875 3628 Rdbss (9629383f70db691cb6aa5bbd828cd9a9) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:06:12.0937 3628 Rdbss - ok

20:06:12.0968 3628 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:06:12.0968 3628 RDPCDD - ok

20:06:13.0250 3628 RDPWD (2d293b720c206473a05950ce007db12a) C:\WINDOWS\system32\drivers\RDPWD.sys

20:06:13.0296 3628 RDPWD - ok

20:06:13.0453 3628 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe

20:06:13.0500 3628 RDSessMgr - ok

20:06:13.0578 3628 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:06:13.0578 3628 redbook - ok

20:06:13.0703 3628 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll

20:06:13.0718 3628 RemoteAccess - ok

20:06:13.0750 3628 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe

20:06:13.0781 3628 RpcLocator - ok

20:06:13.0859 3628 RpcSs (d8d28f6cabec7d42b8e487e290563b9a) C:\WINDOWS\System32\rpcss.dll

20:06:13.0875 3628 RpcSs - ok

20:06:13.0906 3628 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys

20:06:13.0921 3628 rspndr - ok

20:06:13.0953 3628 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe

20:06:13.0984 3628 RSVP - ok

20:06:13.0984 3628 RTL8169 - ok

20:06:14.0000 3628 RTSTOR - ok

20:06:14.0015 3628 s217mdm - ok

20:06:14.0046 3628 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

20:06:14.0046 3628 SamSs - ok

20:06:14.0093 3628 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe

20:06:14.0125 3628 SCardSvr - ok

20:06:14.0171 3628 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll

20:06:14.0203 3628 Schedule - ok

20:06:14.0218 3628 SE27bus - ok

20:06:14.0234 3628 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:06:14.0234 3628 Secdrv - ok

20:06:14.0265 3628 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll

20:06:14.0265 3628 seclogon - ok

20:06:14.0296 3628 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\System32\sens.dll

20:06:14.0296 3628 SENS - ok

20:06:14.0328 3628 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys

20:06:14.0328 3628 Serial - ok

20:06:14.0359 3628 servidor - ok

20:06:14.0375 3628 SetupNT - ok

20:06:14.0406 3628 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:06:14.0406 3628 Sfloppy - ok

20:06:14.0500 3628 SharedAccess (fb728cfe87ff4a3aba0aa526b553d877) C:\WINDOWS\System32\ipnathlp.dll

20:06:14.0515 3628 SharedAccess - ok

20:06:14.0562 3628 ShellHWDetection (c28a9e9d28acdaf8097be4578c49559b) C:\WINDOWS\System32\shsvcs.dll

20:06:14.0562 3628 ShellHWDetection - ok

20:06:14.0578 3628 Simbad - ok

20:06:14.0593 3628 slimsvc - ok

20:06:14.0640 3628 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

20:06:14.0640 3628 SLIP - ok

20:06:14.0656 3628 sonypvu1 - ok

20:06:14.0687 3628 Sparrow - ok

20:06:14.0718 3628 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

20:06:14.0718 3628 splitter - ok

20:06:14.0765 3628 Spooler (258dd5d4283fd9f9a7166be9ae45ce73) C:\WINDOWS\system32\spoolsv.exe

20:06:14.0765 3628 Spooler - ok

20:06:14.0812 3628 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys

20:06:14.0812 3628 sr - ok

20:06:14.0859 3628 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll

20:06:14.0875 3628 srservice - ok

20:06:14.0921 3628 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys

20:06:14.0953 3628 Srv - ok

20:06:14.0984 3628 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll

20:06:14.0984 3628 SSDPSRV - ok

20:06:15.0046 3628 Steam Client Service - ok

20:06:15.0062 3628 STEC3 - ok

20:06:15.0109 3628 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll

20:06:15.0125 3628 stisvc - ok

20:06:15.0187 3628 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

20:06:15.0187 3628 streamip - ok

20:06:15.0203 3628 STV680 - ok

20:06:15.0265 3628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:06:15.0265 3628 swenum - ok

20:06:15.0328 3628 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

20:06:15.0328 3628 swmidi - ok

20:06:15.0343 3628 SwPrv - ok

20:06:15.0359 3628 symc810 - ok

20:06:15.0375 3628 symc8xx - ok

20:06:15.0390 3628 sym_hi - ok

20:06:15.0406 3628 sym_u3 - ok

20:06:15.0437 3628 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

20:06:15.0453 3628 sysaudio - ok

20:06:15.0484 3628 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe

20:06:15.0500 3628 SysmonLog - ok

20:06:15.0546 3628 TapiSrv (abaec91155e18be1215b9170ee6b2f13) C:\WINDOWS\System32\tapisrv.dll

20:06:15.0562 3628 TapiSrv - ok

20:06:15.0609 3628 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:06:15.0625 3628 Tcpip - ok

20:06:15.0671 3628 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:06:15.0687 3628 TDPIPE - ok

20:06:15.0703 3628 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys

20:06:15.0718 3628 TDTCP - ok

20:06:15.0734 3628 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:06:15.0750 3628 TermDD - ok

20:06:15.0781 3628 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll

20:06:15.0812 3628 TermService - ok

20:06:15.0828 3628 tfsnudfa - ok

20:06:15.0875 3628 Themes (c28a9e9d28acdaf8097be4578c49559b) C:\WINDOWS\System32\shsvcs.dll

20:06:15.0890 3628 Themes - ok

20:06:15.0906 3628 TosIde - ok

20:06:15.0953 3628 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll

20:06:15.0968 3628 TrkWks - ok

20:06:15.0984 3628 trufos - ok

20:06:16.0000 3628 tsdhd - ok

20:06:16.0031 3628 twotrack - ok

20:06:16.0046 3628 UDFReadr - ok

20:06:16.0078 3628 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

20:06:16.0093 3628 Udfs - ok

20:06:16.0109 3628 ultra - ok

20:06:16.0171 3628 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

20:06:16.0203 3628 Update - ok

20:06:16.0250 3628 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll

20:06:16.0265 3628 upnphost - ok

20:06:16.0296 3628 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe

20:06:16.0296 3628 UPS - ok

20:06:16.0312 3628 USB28xxOEM - ok

20:06:16.0343 3628 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:06:16.0343 3628 usbccgp - ok

20:06:16.0390 3628 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:06:16.0390 3628 usbehci - ok

20:06:16.0453 3628 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:06:16.0453 3628 usbhub - ok

20:06:16.0484 3628 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:06:16.0484 3628 usbstor - ok

20:06:16.0500 3628 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:06:16.0500 3628 usbuhci - ok

20:06:16.0546 3628 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

20:06:16.0562 3628 usbvideo - ok

20:06:16.0609 3628 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

20:06:16.0609 3628 VgaSave - ok

20:06:16.0625 3628 ViaIde - ok

20:06:16.0656 3628 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys

20:06:16.0687 3628 VolSnap - ok

20:06:16.0718 3628 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe

20:06:16.0734 3628 VSS - ok

20:06:16.0781 3628 W32Time (99bdd2dff6f04482b738a90d74688212) C:\WINDOWS\system32\w32time.dll

20:06:16.0796 3628 W32Time - ok

20:06:16.0812 3628 w800obex - ok

20:06:16.0843 3628 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:06:16.0859 3628 Wanarp - ok

20:06:16.0875 3628 WDICA - ok

20:06:16.0921 3628 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

20:06:16.0937 3628 wdmaud - ok

20:06:16.0953 3628 WDM_YAMAHAAC97 - ok

20:06:17.0000 3628 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll

20:06:17.0015 3628 WebClient - ok

20:06:17.0031 3628 win32sl - ok

20:06:17.0109 3628 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll

20:06:17.0125 3628 winmgmt - ok

20:06:17.0187 3628 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll

20:06:17.0187 3628 WmdmPmSN - ok

20:06:17.0234 3628 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe

20:06:17.0250 3628 WmiApSrv - ok

20:06:17.0375 3628 WMPNetworkSvc (e3f091c0f8fcf97ccd86fb6c1beef185) C:\Program Files\Windows Media Player\wmpnetwk.exe

20:06:17.0421 3628 WMPNetworkSvc - ok

20:06:17.0468 3628 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

20:06:17.0468 3628 WSTCODEC - ok

20:06:17.0515 3628 wuauserv (02e4055488047729b333f99d93877038) C:\WINDOWS\system32\wuauserv.dll

20:06:17.0515 3628 wuauserv - ok

20:06:17.0562 3628 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

20:06:17.0562 3628 WudfPf - ok

20:06:17.0578 3628 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

20:06:17.0593 3628 WudfRd - ok

20:06:17.0609 3628 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

20:06:17.0625 3628 WudfSvc - ok

20:06:17.0640 3628 WUSB54Gv4SVC - ok

20:06:17.0703 3628 WZCSVC (991e417c2d3d07260757f165a8f40589) C:\WINDOWS\System32\wzcsvc.dll

20:06:17.0734 3628 WZCSVC - ok

20:06:17.0765 3628 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll

20:06:17.0843 3628 xmlprov - ok

20:06:17.0859 3628 YMIDUSB - ok

20:06:17.0890 3628 zpcollector - ok

20:06:17.0906 3628 ZSMC301b - ok

20:06:18.0000 3628 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0

20:06:18.0125 3628 \Device\Harddisk0\DR0 - ok

20:06:18.0140 3628 Boot (0x1200) (d73a231c047517db2c5ba77a8b34e68f) \Device\Harddisk0\DR0\Partition0

20:06:18.0140 3628 \Device\Harddisk0\DR0\Partition0 - ok

20:06:18.0171 3628 Boot (0x1200) (c6a41ba4145dc40bd881b3a9cf03dc17) \Device\Harddisk0\DR0\Partition1

20:06:18.0187 3628 \Device\Harddisk0\DR0\Partition1 - ok

20:06:18.0187 3628 ============================================================

20:06:18.0187 3628 Scan finished

20:06:18.0187 3628 ============================================================

20:06:18.0218 3772 Detected object count: 2

20:06:18.0218 3772 Actual detected object count: 2

20:06:53.0062 3772 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - copied to quarantine

20:06:53.0078 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\@ - copied to quarantine

20:06:53.0093 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\cfg.ini - copied to quarantine

20:06:53.0140 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\Desktop.ini - copied to quarantine

20:06:53.0203 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\L\beqegeup - copied to quarantine

20:06:53.0218 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\oemid - copied to quarantine

20:06:53.0250 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\U\00000001.@ - copied to quarantine

20:06:53.0328 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\U\00000002.@ - copied to quarantine

20:06:53.0359 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\U\00000004.@ - copied to quarantine

20:06:53.0390 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\U\80000000.@ - copied to quarantine

20:06:53.0406 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\U\80000004.@ - copied to quarantine

20:06:53.0453 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\U\80000032.@ - copied to quarantine

20:06:53.0500 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\version - copied to quarantine

20:06:53.0578 3772 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\avgtdix.sys) error 1813

20:06:53.0906 3772 Backup copy not found, trying to cure infected file..

20:06:53.0906 3772 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - Cure failed (FFFFFFFF)

20:06:53.0906 3772 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - processing error

20:06:54.0968 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\@ - will be deleted on reboot

20:06:54.0984 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\cfg.ini - will be deleted on reboot

20:06:54.0984 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\Desktop.ini - will be deleted on reboot

20:06:55.0015 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\oemid - will be deleted on reboot

20:06:55.0078 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\U\00000001.@ - will be deleted on reboot

20:06:55.0078 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\U\00000002.@ - will be deleted on reboot

20:06:55.0078 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\U\00000004.@ - will be deleted on reboot

20:06:55.0078 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\U\80000000.@ - will be deleted on reboot

20:06:55.0078 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\U\80000004.@ - will be deleted on reboot

20:06:55.0078 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\U\80000032.@ - will be deleted on reboot

20:06:55.0078 3772 C:\WINDOWS\$NtUninstallKB55222$\2728817936\version - will be deleted on reboot

20:06:55.0078 3772 C:\WINDOWS\$NtUninstallKB55222$\539704333 - will be deleted on reboot

20:06:55.0093 3772 Avgtdix ( Virus.Win32.ZAccess.k ) - User select action: Cure

20:06:55.0109 3772 HKLM\SYSTEM\ControlSet001\services\EhttpSrv - will be deleted on reboot

20:06:55.0125 3772 HKLM\SYSTEM\ControlSet002\services\EhttpSrv - will be deleted on reboot

20:06:55.0125 3772 C:\WINDOWS\system32\advservice.dll - will be deleted on reboot

20:06:55.0125 3772 EhttpSrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete

20:07:04.0906 1640 Deinitialize success

[kape]

Sluit PC af, start opnieuw op en laat dan scannen. En wat heeft AVG nu nog te vertellen ?

[Ry1987]

AVG heeft helemaal niks meer gevonden en ik heb sindsdien ook geen enkele melding meer gekregen. Super bedankt!

Zijn er nog dingen die ik nu nog moet doen?

[kape]

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder manueel TDSS Killer.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Indien dit allemaal probleemloos verlopen is, mag je hieronder op "markeer als opgelost" tokkelen !

[Ry1987]

Hij doet het weer helemaal als voorheen. Heel erg bedankt voor je hulp!