Rootkit/atapi.sys

[Brunoc]

Mijn AVG 2012(betalend) meldt mij dat ik een aantal (5) rootkits heb die hij niet kan verwijderen en weggooien mag ik ook niet?

HiJackT geeft volgende log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:45:28, on 17/04/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgfws.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\EMET\EMET_notifier.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe

C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\MI1933~1\Office10\OUTLOOK.EXE

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

O4 - HKLM\..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LaCie Desktop Manager Launcher] "C:\Program Files\LaCie\Desktop Manager\lacie_launcherd.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Akamai\netsession_win.exe"

O4 - Startup: Inktwaarschuwingen controleren - HP Photosmart 5510 series.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.dexia.be

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263571488609

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: LaCieDesktopManagerService - Unknown owner - C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: vToolbarUpdater14.0.1 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe

--

End of file - 13122 bytes

Iemand enig idee wat mij te doen staat? Ik dacht al 'iets' te kennen van PC's maar dat blijkt dan toch nog tegen te vallen.

[kweezie wabbit]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw logje van hijackthis.

[Brunoc]

Mbam geeft geen melding van aanwezige rootkits. Zijn die nu weg of hebben er nooit opgestaan en was dit dus een false positive?

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Databaseversie: v2013.04.18.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Eigenaar :: EIGENAAR-9FCAA0 [administrator]

18/04/2013 15:38:11

mbam-log-2013-04-18 (15-38-11).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 281899

Verstreken tijd: 54 minuut/minuten, 46 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 2

C:\Documents and Settings\Eigenaar\Local Settings\Temp\ICReinstall\FLVPlayerSetup[1].exe (Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Documents and Settings\Eigenaar\Local Settings\Temp\4307734.Uninstall\Uninstall.exe (Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:50:36, on 18/04/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgfws.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\EMET\EMET_notifier.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

O4 - HKLM\..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LaCie Desktop Manager Launcher] "C:\Program Files\LaCie\Desktop Manager\lacie_launcherd.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Akamai\netsession_win.exe"

O4 - Startup: Inktwaarschuwingen controleren - HP Photosmart 5510 series.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.dexia.be

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263571488609

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: LaCieDesktopManagerService - Unknown owner - C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: vToolbarUpdater14.0.1 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe

--

End of file - 12293 bytes

[Brunoc]

Nog even vermelden dat na al het vorige uitgevoerd te hebben, AVG 2012 nog steeds melding maakt van 5 aanwezige rootkits?

[juisterr]

Probeer dit eens.

Download TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\\TDSSKiller.[Version]_[Date]_[Time]_log.txt

[Brunoc]

18:20:21.0640 4508 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

18:20:21.0921 4508 ============================================================

18:20:21.0921 4508 Current date / time: 2013/04/18 18:20:21.0921

18:20:21.0921 4508 SystemInfo:

18:20:21.0921 4508

18:20:21.0921 4508 OS Version: 5.1.2600 ServicePack: 3.0

18:20:21.0921 4508 Product type: Workstation

18:20:21.0921 4508 ComputerName: EIGENAAR-9FCAA0

18:20:21.0921 4508 UserName: Eigenaar

18:20:21.0921 4508 Windows directory: C:\WINDOWS

18:20:21.0921 4508 System windows directory: C:\WINDOWS

18:20:21.0921 4508 Processor architecture: Intel x86

18:20:21.0921 4508 Number of processors: 2

18:20:21.0921 4508 Page size: 0x1000

18:20:21.0921 4508 Boot type: Normal boot

18:20:21.0921 4508 ============================================================

18:20:23.0578 4508 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

18:20:23.0640 4508 ============================================================

18:20:23.0640 4508 \Device\Harddisk0\DR0:

18:20:23.0640 4508 MBR partitions:

18:20:23.0640 4508 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1A8DFB

18:20:23.0640 4508 ============================================================

18:20:23.0687 4508 C: <-> \Device\Harddisk0\DR0\Partition1

18:20:23.0687 4508 ============================================================

18:20:23.0687 4508 Initialize success

18:20:23.0687 4508 ============================================================

18:20:26.0578 4616 ============================================================

18:20:26.0578 4616 Scan started

18:20:26.0578 4616 Mode: Manual;

18:20:26.0578 4616 ============================================================

18:20:27.0875 4616 ================ Scan system memory ========================

18:20:27.0875 4616 System memory - ok

18:20:27.0875 4616 ================ Scan services =============================

18:20:28.0218 4616 Abiosdsk - ok

18:20:28.0218 4616 abp480n5 - ok

18:20:28.0312 4616 [ 02273A448BA21A7D447DAEB47810D40C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:20:28.0390 4616 ACPI - ok

18:20:28.0468 4616 [ 63F517B1A87DABF3F5ACB8A7952FC1D1 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

18:20:28.0484 4616 ACPIEC - ok

18:20:28.0484 4616 adpu160m - ok

18:20:28.0546 4616 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

18:20:28.0562 4616 aec - ok

18:20:28.0609 4616 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

18:20:28.0671 4616 AFD - ok

18:20:28.0687 4616 Aha154x - ok

18:20:28.0687 4616 aic78u2 - ok

18:20:28.0687 4616 aic78xx - ok

18:20:29.0437 4616 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files\common files\akamai/netsession_win_ca0e279.dll

18:20:29.0437 4616 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE

18:20:29.0453 4616 Akamai ( HiddenFile.Multi.Generic ) - warning

18:20:29.0453 4616 Akamai - detected HiddenFile.Multi.Generic (1)

18:20:29.0484 4616 [ 8BED67D13DCB55B3E9FF6DAC4C6D3B49 ] Alerter C:\WINDOWS\system32\alrsvc.dll

18:20:29.0484 4616 Alerter - ok

18:20:29.0515 4616 [ DAB2A89FDE5CF791161200D90C1BCB12 ] ALG C:\WINDOWS\System32\alg.exe

18:20:29.0515 4616 ALG - ok

18:20:29.0515 4616 AliIde - ok

18:20:29.0515 4616 amsint - ok

18:20:29.0640 4616 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:20:29.0640 4616 Apple Mobile Device - ok

18:20:29.0734 4616 [ 434A70FA278EB3C42140E3755C2FA4F8 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

18:20:29.0765 4616 AppMgmt - ok

18:20:29.0765 4616 asc - ok

18:20:29.0765 4616 asc3350p - ok

18:20:29.0781 4616 asc3550 - ok

18:20:29.0953 4616 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

18:20:29.0968 4616 aspnet_state - ok

18:20:30.0000 4616 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:20:30.0015 4616 AsyncMac - ok

18:20:30.0046 4616 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

18:20:30.0046 4616 atapi - ok

18:20:30.0046 4616 Atdisk - ok

18:20:30.0171 4616 [ 39BE36B74B2D17B336146E82373E0396 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

18:20:30.0187 4616 Ati HotKey Poller - ok

18:20:30.0437 4616 [ 6B618C7764E03A78599D74E31B8AB17B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

18:20:30.0453 4616 ati2mtag - ok

18:20:30.0468 4616 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:20:30.0468 4616 Atmarpc - ok

18:20:30.0515 4616 [ F10745ED3195360E69AA4A6E7768C0E0 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

18:20:30.0531 4616 AudioSrv - ok

18:20:30.0593 4616 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

18:20:30.0625 4616 audstub - ok

18:20:30.0890 4616 [ 3A457C2F798CAD79CD30224E723E01FB ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

18:20:30.0921 4616 AVG Security Toolbar Service - ok

18:20:30.0953 4616 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

18:20:30.0968 4616 Avgfwdx - ok

18:20:30.0984 4616 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

18:20:30.0984 4616 Avgfwfd - ok

18:20:31.0312 4616 [ 6C469E3CB15CF33AD3E757096E6C7026 ] avgfws C:\Program Files\AVG\AVG2012\avgfws.exe

18:20:31.0468 4616 avgfws - ok

18:20:32.0453 4616 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

18:20:32.0484 4616 AVGIDSAgent - ok

18:20:32.0531 4616 [ EF67527CC2AD77D22AB1405C6470407E ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys

18:20:32.0546 4616 AVGIDSDriver - ok

18:20:32.0593 4616 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys

18:20:32.0593 4616 AVGIDSFilter - ok

18:20:32.0671 4616 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys

18:20:32.0687 4616 AVGIDSHX - ok

18:20:32.0734 4616 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys

18:20:32.0734 4616 AVGIDSShim - ok

18:20:32.0796 4616 [ 6671345A6E2669AF1966BAF68EC5620F ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys

18:20:32.0812 4616 Avgldx86 - ok

18:20:32.0906 4616 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

18:20:32.0921 4616 Avgmfx86 - ok

18:20:32.0968 4616 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

18:20:32.0984 4616 Avgrkx86 - ok

18:20:33.0062 4616 [ 1647C720358DCC98ACF51E597C461C4D ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys

18:20:33.0062 4616 Avgtdix - ok

18:20:33.0125 4616 [ 5B57B21B426DB09BF92889F4596FE8B5 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys

18:20:33.0125 4616 Suspicious file (Forged): C:\WINDOWS\system32\drivers\avgtpx86.sys. Real md5: 5B57B21B426DB09BF92889F4596FE8B5, Fake md5: 21800990394B3CF2CC67BA7644A6E1CE

18:20:33.0125 4616 avgtp ( ForgedFile.Multi.Generic ) - warning

18:20:33.0125 4616 avgtp - detected ForgedFile.Multi.Generic (1)

18:20:33.0234 4616 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe

18:20:33.0250 4616 avgwd - ok

18:20:33.0312 4616 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

18:20:33.0343 4616 Beep - ok

18:20:33.0484 4616 [ 5C0073A51C4873430FA8B262E92183FF ] BITS C:\WINDOWS\system32\qmgr.dll

18:20:34.0312 4616 BITS - ok

18:20:34.0484 4616 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

18:20:34.0578 4616 Bonjour Service - ok

18:20:34.0625 4616 [ 139102D1865D3C1F152A25ABD16242DB ] Browser C:\WINDOWS\System32\browser.dll

18:20:34.0687 4616 Browser - ok

18:20:34.0718 4616 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

18:20:34.0750 4616 cbidf2k - ok

18:20:34.0750 4616 cd20xrnt - ok

18:20:34.0796 4616 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

18:20:34.0812 4616 Cdaudio - ok

18:20:34.0859 4616 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

18:20:34.0890 4616 Cdfs - ok

18:20:34.0906 4616 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:20:34.0921 4616 Cdrom - ok

18:20:34.0921 4616 Changer - ok

18:20:34.0984 4616 [ BD85400700B80FBE3D4A3412BCE74861 ] CiSvc C:\WINDOWS\system32\cisvc.exe

18:20:35.0015 4616 CiSvc - ok

18:20:35.0046 4616 [ 4FB6108130829666C8FE96B442FEAD94 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

18:20:35.0062 4616 ClipSrv - ok

18:20:35.0109 4616 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:20:35.0171 4616 clr_optimization_v2.0.50727_32 - ok

18:20:35.0171 4616 CmdIde - ok

18:20:35.0171 4616 COMSysApp - ok

18:20:35.0187 4616 Cpqarray - ok

18:20:35.0218 4616 [ 0A9CF5D3CF63A8699F28C814EF821C7E ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

18:20:35.0218 4616 CryptSvc - ok

18:20:35.0281 4616 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

18:20:35.0281 4616 ctsfm2k - ok

18:20:35.0296 4616 [ 4EE8822ADB764EDD28CE44E808097995 ] CTUSFSYN C:\WINDOWS\system32\drivers\ctusfsyn.sys

18:20:35.0296 4616 CTUSFSYN - ok

18:20:35.0296 4616 dac2w2k - ok

18:20:35.0312 4616 dac960nt - ok

18:20:35.0437 4616 [ D9883335CC1C17AFC3A09C8AC3E4DBE4 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

18:20:35.0453 4616 DcomLaunch - ok

18:20:35.0984 4616 [ 146AB038F5DBB366122D28444999AB2C ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

18:20:36.0031 4616 Dhcp - ok

18:20:36.0312 4616 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

18:20:36.0531 4616 Disk - ok

18:20:36.0531 4616 dmadmin - ok

18:20:38.0437 4616 [ DEC123E0C75971D0CC7A6C6A75E28429 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

18:20:38.0562 4616 dmboot - ok

18:20:39.0078 4616 [ 7268E66259722F6228C730685B201092 ] dmio C:\WINDOWS\system32\drivers\dmio.sys

18:20:39.0125 4616 dmio - ok

18:20:39.0671 4616 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

18:20:39.0687 4616 dmload - ok

18:20:39.0734 4616 [ 127DB74184E2D3D31655DA525A5EFDE1 ] dmserver C:\WINDOWS\System32\dmserver.dll

18:20:39.0750 4616 dmserver - ok

18:20:39.0781 4616 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

18:20:39.0796 4616 DMusic - ok

18:20:39.0843 4616 [ DE6CDB6CBC5C27B9085CFA6DFE8E5025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

18:20:39.0859 4616 Dnscache - ok

18:20:39.0937 4616 [ 90EE765E1A598B578852901F74F914F1 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

18:20:39.0953 4616 Dot3svc - ok

18:20:39.0953 4616 dpti2o - ok

18:20:39.0984 4616 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

18:20:40.0000 4616 drmkaud - ok

18:20:40.0046 4616 [ D0E8DD3F56BD8488995F67B80FF51461 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys

18:20:40.0062 4616 e1express - ok

18:20:40.0109 4616 [ E6BBDEBF7081899D161C773E8D84D015 ] EapHost C:\WINDOWS\System32\eapsvc.dll

18:20:40.0125 4616 EapHost - ok

18:20:40.0250 4616 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe

18:20:40.0265 4616 ehRecvr - ok

18:20:40.0328 4616 [ 52481B2994FDFBBFF6E48392BB70136C ] ehSched C:\WINDOWS\eHome\ehSched.exe

18:20:40.0343 4616 ehSched - ok

18:20:40.0375 4616 [ 2F5C7F650B7AF178988946EE4B0D9C01 ] ERSvc C:\WINDOWS\System32\ersvc.dll

18:20:40.0390 4616 ERSvc - ok

18:20:40.0437 4616 [ 657B69389B893F440B07590C9E963F23 ] Eventlog C:\WINDOWS\system32\services.exe

18:20:40.0453 4616 Eventlog - ok

18:20:40.0500 4616 [ 97912DC0679D2DA60CCE589BBC196D72 ] EventSystem C:\WINDOWS\system32\es.dll

18:20:40.0515 4616 EventSystem - ok

18:20:40.0546 4616 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

18:20:40.0578 4616 Fastfat - ok

18:20:40.0640 4616 [ 2D5D4156292150FE571872C1B88E9299 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

18:20:40.0656 4616 FastUserSwitchingCompatibility - ok

18:20:40.0671 4616 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

18:20:40.0687 4616 Fdc - ok

18:20:40.0734 4616 [ 8BFFFB5AC954E19DFDB96D56512AA518 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

18:20:40.0734 4616 Fips - ok

18:20:40.0734 4616 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

18:20:40.0734 4616 Flpydisk - ok

18:20:40.0796 4616 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

18:20:40.0812 4616 FltMgr - ok

18:20:40.0968 4616 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

18:20:40.0984 4616 FontCache3.0.0.0 - ok

18:20:41.0000 4616 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:20:41.0015 4616 Fs_Rec - ok

18:20:41.0046 4616 [ FA8CA22E70245C81FF29C36AF56292FC ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:20:41.0062 4616 Ftdisk - ok

18:20:41.0109 4616 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

18:20:41.0125 4616 GEARAspiWDM - ok

18:20:41.0187 4616 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:20:41.0203 4616 Gpc - ok

18:20:41.0281 4616 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

18:20:41.0281 4616 gupdate - ok

18:20:41.0296 4616 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

18:20:41.0296 4616 gupdatem - ok

18:20:41.0359 4616 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

18:20:41.0406 4616 gusvc - ok

18:20:41.0468 4616 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

18:20:41.0484 4616 HDAudBus - ok

18:20:41.0578 4616 [ 5327BAD9B35C33D2A64B64E4CF282ECD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

18:20:41.0593 4616 helpsvc - ok

18:20:41.0640 4616 [ 10003105AAB8D5A7DB51A9CB3D9F55A3 ] HidServ C:\WINDOWS\System32\hidserv.dll

18:20:41.0640 4616 HidServ - ok

18:20:41.0687 4616 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:20:41.0703 4616 hidusb - ok

18:20:41.0734 4616 [ 1FF903FFA2DA1704E5A5443D37D8E49E ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

18:20:41.0765 4616 hkmsvc - ok

18:20:41.0765 4616 hpn - ok

18:20:41.0843 4616 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

18:20:41.0859 4616 HSFHWBS2 - ok

18:20:42.0109 4616 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

18:20:42.0203 4616 HSF_DP - ok

18:20:42.0359 4616 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

18:20:42.0375 4616 HTTP - ok

18:20:42.0437 4616 [ 2529C7BA05242BEED0027F554D0513BB ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

18:20:42.0453 4616 HTTPFilter - ok

18:20:42.0453 4616 i2omgmt - ok

18:20:42.0468 4616 i2omp - ok

18:20:42.0625 4616 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:20:42.0671 4616 idsvc - ok

18:20:42.0703 4616 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

18:20:42.0703 4616 Imapi - ok

18:20:42.0796 4616 [ A117772F94C854DE5D1BBC1F1962B192 ] ImapiService C:\WINDOWS\system32\imapi.exe

18:20:42.0812 4616 ImapiService - ok

18:20:42.0812 4616 ini910u - ok

18:20:42.0828 4616 IntelIde - ok

18:20:42.0890 4616 [ 2D2254FAC267E6B1C7865E8EBEF60C6D ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:20:42.0890 4616 intelppm - ok

18:20:42.0953 4616 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

18:20:42.0968 4616 Ip6Fw - ok

18:20:43.0031 4616 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:20:43.0031 4616 IpFilterDriver - ok

18:20:43.0031 4616 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:20:43.0046 4616 IpInIp - ok

18:20:43.0078 4616 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:20:43.0093 4616 IpNat - ok

18:20:43.0296 4616 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

18:20:43.0328 4616 iPod Service - ok

18:20:43.0375 4616 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:20:43.0390 4616 IPSec - ok

18:20:43.0406 4616 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

18:20:43.0406 4616 IRENUM - ok

18:20:43.0421 4616 [ 0B78E1A31340E1FB1E389D5633F7C3A0 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:20:43.0421 4616 isapnp - ok

18:20:43.0609 4616 [ 6F9AE59017FAE7E111265394967E846E ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

18:20:43.0625 4616 JavaQuickStarterService - ok

18:20:43.0687 4616 [ 380397621E94B32C744E7B2CC1330390 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:20:43.0687 4616 Kbdclass - ok

18:20:43.0718 4616 [ B833B70FE639F01FB36CEDABE57EF031 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:20:43.0718 4616 kbdhid - ok

18:20:43.0734 4616 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

18:20:43.0750 4616 kmixer - ok

18:20:43.0812 4616 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

18:20:43.0828 4616 KSecDD - ok

18:20:43.0968 4616 [ 305829A60196F9DD3A9AE920059FE511 ] LaCieDesktopManagerService C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe

18:20:44.0031 4616 LaCieDesktopManagerService - ok

18:20:44.0093 4616 [ C7955E7EDAEA462D04F1C4BE1D340372 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

18:20:44.0109 4616 lanmanserver - ok

18:20:44.0140 4616 [ A936A575EAF6DCE8DC08BC0C53972ADD ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

18:20:44.0156 4616 lanmanworkstation - ok

18:20:44.0171 4616 lbrtfdc - ok

18:20:44.0281 4616 [ A0F7DC0080E4F97DC97DE08B699E231B ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

18:20:44.0296 4616 LBTServ - ok

18:20:44.0328 4616 [ 24E0DDB99AECCF86BB37702611761459 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

18:20:44.0328 4616 LHidFilt - ok

18:20:44.0390 4616 [ 91AE20C5C2776C511994AA1308C05283 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

18:20:44.0406 4616 LmHosts - ok

18:20:44.0453 4616 [ D58B330D318361A66A9FE60D7C9B4951 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

18:20:44.0453 4616 LMouFilt - ok

18:20:44.0468 4616 [ 88EC8E7905EC13E51884E00A3F026223 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe

18:20:44.0500 4616 McrdSvc - ok

18:20:44.0500 4616 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

18:20:44.0500 4616 mdmxsdk - ok

18:20:44.0562 4616 [ C56A45A03DCA11712DE9FDF98224230B ] Messenger C:\WINDOWS\System32\msgsvc.dll

18:20:44.0609 4616 Messenger - ok

18:20:44.0671 4616 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll

18:20:44.0703 4616 MHN - ok

18:20:44.0703 4616 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys

18:20:44.0703 4616 MHNDRV - ok

18:20:44.0765 4616 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

18:20:44.0796 4616 mnmdd - ok

18:20:44.0812 4616 [ 5B1D994DCF1895AFA27600E46A2F0FEA ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

18:20:44.0812 4616 mnmsrvc - ok

18:20:44.0875 4616 [ 8114EEAC353F549331AB73E9AF4219ED ] Modem C:\WINDOWS\system32\drivers\Modem.sys

18:20:44.0875 4616 Modem - ok

18:20:44.0921 4616 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys

18:20:44.0937 4616 MODEMCSA - ok

18:20:45.0078 4616 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys

18:20:45.0187 4616 monfilt - ok

18:20:45.0250 4616 [ 1A4E2214DD63E4A876463D3427EE8261 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:20:45.0250 4616 Mouclass - ok

18:20:45.0281 4616 [ 18017899254E01371E1A39754D6BF98C ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:20:45.0296 4616 mouhid - ok

18:20:45.0312 4616 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

18:20:45.0328 4616 MountMgr - ok

18:20:45.0375 4616 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

18:20:45.0390 4616 MozillaMaintenance - ok

18:20:45.0390 4616 mraid35x - ok

18:20:45.0406 4616 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:20:45.0437 4616 MRxDAV - ok

18:20:45.0562 4616 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:20:45.0593 4616 MRxSmb - ok

18:20:45.0625 4616 [ 21EA21984D7D1AD50DB2E627020AB14C ] MSDTC C:\WINDOWS\system32\msdtc.exe

18:20:45.0625 4616 MSDTC - ok

18:20:45.0656 4616 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

18:20:45.0671 4616 Msfs - ok

18:20:45.0671 4616 MSIServer - ok

18:20:45.0718 4616 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:20:45.0734 4616 MSKSSRV - ok

18:20:45.0734 4616 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:20:45.0734 4616 MSPCLOCK - ok

18:20:45.0750 4616 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

18:20:45.0750 4616 MSPQM - ok

18:20:45.0781 4616 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:20:45.0796 4616 mssmbios - ok

18:20:45.0843 4616 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

18:20:45.0859 4616 Mup - ok

18:20:45.0937 4616 [ 87E394C810794D3C70CF22E8316CB23E ] napagent C:\WINDOWS\System32\qagentrt.dll

18:20:45.0968 4616 napagent - ok

18:20:46.0015 4616 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

18:20:46.0046 4616 NDIS - ok

18:20:46.0093 4616 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:20:46.0093 4616 NdisTapi - ok

18:20:46.0109 4616 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:20:46.0125 4616 Ndisuio - ok

18:20:46.0125 4616 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:20:46.0140 4616 NdisWan - ok

18:20:46.0187 4616 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

18:20:46.0203 4616 NDProxy - ok

18:20:46.0250 4616 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

18:20:46.0265 4616 NetBIOS - ok

18:20:46.0281 4616 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

18:20:46.0296 4616 NetBT - ok

18:20:46.0343 4616 [ DC6BAE085E9B3C2F3A963ED46791FEAB ] NetDDE C:\WINDOWS\system32\netdde.exe

18:20:46.0375 4616 NetDDE - ok

18:20:46.0375 4616 [ DC6BAE085E9B3C2F3A963ED46791FEAB ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

18:20:46.0375 4616 NetDDEdsdm - ok

18:20:46.0406 4616 [ 8754210A3399D19610CE2D71E0C3E5D9 ] Netlogon C:\WINDOWS\system32\lsass.exe

18:20:46.0406 4616 Netlogon - ok

18:20:46.0453 4616 [ 5431FB616ECAE0D587C5B97D0B86CBD8 ] Netman C:\WINDOWS\System32\netman.dll

18:20:46.0468 4616 Netman - ok

18:20:46.0500 4616 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:20:46.0515 4616 NetTcpPortSharing - ok

18:20:46.0546 4616 [ 4522CBE00A9E9EEE36AA82ED4B319148 ] Nla C:\WINDOWS\System32\mswsock.dll

18:20:46.0562 4616 Nla - ok

18:20:46.0593 4616 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

18:20:46.0609 4616 Npfs - ok

18:20:46.0640 4616 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

18:20:46.0671 4616 Ntfs - ok

18:20:46.0671 4616 [ 8754210A3399D19610CE2D71E0C3E5D9 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

18:20:46.0671 4616 NtLmSsp - ok

18:20:46.0750 4616 [ AC1A78237B53044735693633F8235468 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

18:20:46.0828 4616 NtmsSvc - ok

18:20:46.0843 4616 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

18:20:46.0859 4616 Null - ok

18:20:46.0890 4616 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:20:46.0890 4616 NwlnkFlt - ok

18:20:46.0937 4616 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:20:46.0953 4616 NwlnkFwd - ok

18:20:46.0968 4616 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

18:20:46.0968 4616 ossrv - ok

18:20:47.0031 4616 [ E3934CCC20A4D24F1924E13D36D2A5BD ] Parport C:\WINDOWS\system32\drivers\Parport.sys

18:20:47.0062 4616 Parport - ok

18:20:47.0062 4616 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

18:20:47.0078 4616 PartMgr - ok

18:20:47.0140 4616 [ 1EADE28746A64C21E0A808BB12A63326 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

18:20:47.0156 4616 ParVdm - ok

18:20:47.0171 4616 [ 3B166F9F753C21AEDAA9A6BD76B49655 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

18:20:47.0203 4616 PCI - ok

18:20:47.0203 4616 PCIDump - ok

18:20:47.0203 4616 [ B31EDEBA4DA28283F6B8DC4756FB9585 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

18:20:47.0218 4616 PCIIde - ok

18:20:47.0250 4616 [ 2137FFD65F8E609A3A5ACD487C56CCE0 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

18:20:47.0281 4616 Pcmcia - ok

18:20:47.0296 4616 PDCOMP - ok

18:20:47.0296 4616 PDFRAME - ok

18:20:47.0296 4616 PDRELI - ok

18:20:47.0296 4616 PDRFRAME - ok

18:20:47.0312 4616 perc2 - ok

18:20:47.0312 4616 perc2hib - ok

18:20:47.0343 4616 [ 657B69389B893F440B07590C9E963F23 ] PlugPlay C:\WINDOWS\system32\services.exe

18:20:47.0343 4616 PlugPlay - ok

18:20:47.0375 4616 [ 8754210A3399D19610CE2D71E0C3E5D9 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

18:20:47.0375 4616 PolicyAgent - ok

18:20:47.0421 4616 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:20:47.0437 4616 PptpMiniport - ok

18:20:47.0437 4616 [ 8754210A3399D19610CE2D71E0C3E5D9 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

18:20:47.0437 4616 ProtectedStorage - ok

18:20:47.0515 4616 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe

18:20:47.0531 4616 ProtexisLicensing - ok

18:20:47.0562 4616 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

18:20:47.0578 4616 PSched - ok

18:20:47.0593 4616 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:20:47.0593 4616 Ptilink - ok

18:20:47.0640 4616 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:20:47.0656 4616 PxHelp20 - ok

18:20:47.0656 4616 ql1080 - ok

18:20:47.0656 4616 Ql10wnt - ok

18:20:47.0671 4616 ql12160 - ok

18:20:47.0671 4616 ql1240 - ok

18:20:47.0671 4616 ql1280 - ok

18:20:47.0718 4616 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:20:47.0734 4616 RasAcd - ok

18:20:47.0796 4616 [ 0575D034B1292CA3A9BB9F67A8EE289C ] RasAuto C:\WINDOWS\System32\rasauto.dll

18:20:47.0828 4616 RasAuto - ok

18:20:47.0843 4616 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:20:47.0859 4616 Rasl2tp - ok

18:20:47.0953 4616 [ 9E7E2DF6971A5F00102BE3F901CC3BDC ] RasMan C:\WINDOWS\System32\rasmans.dll

18:20:47.0968 4616 RasMan - ok

18:20:48.0000 4616 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:20:48.0000 4616 RasPppoe - ok

18:20:48.0031 4616 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

18:20:48.0046 4616 Raspti - ok

18:20:48.0062 4616 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:20:48.0078 4616 Rdbss - ok

18:20:48.0078 4616 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:20:48.0093 4616 RDPCDD - ok

18:20:48.0156 4616 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:20:48.0187 4616 rdpdr - ok

18:20:48.0234 4616 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

18:20:48.0250 4616 RDPWD - ok

18:20:48.0328 4616 [ EA9FDF71D696B532BDC44C8BFF03A737 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

18:20:48.0343 4616 RDSessMgr - ok

18:20:48.0453 4616 [ 89525CC2DBAD44F7199B9CC188B3F9C5 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

18:20:48.0453 4616 RealNetworks Downloader Resolver Service - ok

18:20:48.0484 4616 [ 4173BC66E485FD77A03C4819F60BD0DA ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

18:20:48.0500 4616 redbook - ok

18:20:48.0546 4616 [ 4007ABF5D9BF0E55451D775443D1F985 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

18:20:48.0562 4616 RemoteAccess - ok

18:20:48.0625 4616 [ 2FD5B89BF9289C774C5C730DEA96CD91 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

18:20:48.0640 4616 RemoteRegistry - ok

18:20:48.0718 4616 [ BE078F8F7EC2491EFDD79A53353A060F ] RpcLocator C:\WINDOWS\system32\locator.exe

18:20:48.0750 4616 RpcLocator - ok

18:20:48.0781 4616 [ D9883335CC1C17AFC3A09C8AC3E4DBE4 ] RpcSs C:\WINDOWS\system32\rpcss.dll

18:20:48.0796 4616 RpcSs - ok

18:20:48.0859 4616 [ AD1B5F1B99FFF08C99F443D784711A81 ] RSVP C:\WINDOWS\system32\rsvp.exe

18:20:48.0875 4616 RSVP - ok

18:20:48.0890 4616 [ 8754210A3399D19610CE2D71E0C3E5D9 ] SamSs C:\WINDOWS\system32\lsass.exe

18:20:48.0906 4616 SamSs - ok

18:20:48.0968 4616 [ 1B4CD62174E907C7EF8EC5D4D0A2A616 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

18:20:48.0984 4616 SCardSvr - ok

18:20:49.0078 4616 [ 7C288AE0F75CB18CFF1DF6179A67AD8F ] Schedule C:\WINDOWS\system32\schedsvc.dll

18:20:49.0093 4616 Schedule - ok

18:20:49.0265 4616 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

18:20:49.0296 4616 SeaPort - ok

18:20:49.0359 4616 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:20:49.0375 4616 Secdrv - ok

18:20:49.0437 4616 [ 6983665BEA867125B1DA5757CD8B2F9D ] seclogon C:\WINDOWS\System32\seclogon.dll

18:20:49.0453 4616 seclogon - ok

18:20:49.0515 4616 [ F6EC8F1E50E40237BDDEE1CB7FE20B42 ] SENS C:\WINDOWS\system32\sens.dll

18:20:49.0531 4616 SENS - ok

18:20:49.0578 4616 [ 92C21762653BB2CE51147EB8A9AA654F ] Serial C:\WINDOWS\system32\drivers\Serial.sys

18:20:49.0578 4616 Serial - ok

18:20:49.0593 4616 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

18:20:49.0609 4616 Sfloppy - ok

18:20:49.0656 4616 [ 7579C4BE909D47F10F3D8D801CB13ED9 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

18:20:49.0703 4616 SharedAccess - ok

18:20:49.0750 4616 [ 2D5D4156292150FE571872C1B88E9299 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

18:20:49.0765 4616 ShellHWDetection - ok

18:20:49.0765 4616 Simbad - ok

18:20:49.0765 4616 Sparrow - ok

18:20:49.0828 4616 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

18:20:49.0828 4616 splitter - ok

18:20:49.0890 4616 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

18:20:49.0921 4616 Spooler - ok

18:20:50.0093 4616 [ 7F1B7C4D446CD3F926AF45B8C48BD593 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys

18:20:50.0109 4616 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7F1B7C4D446CD3F926AF45B8C48BD593

18:20:50.0109 4616 sptd ( LockedFile.Multi.Generic ) - warning

18:20:50.0109 4616 sptd - detected LockedFile.Multi.Generic (1)

18:20:50.0125 4616 [ 64D2A7640E0767ECD3BCB38D3200E7CE ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

18:20:50.0140 4616 sr - ok

18:20:50.0218 4616 [ 81CBF363C414620CAA61BD6843D8FDB9 ] srservice C:\WINDOWS\system32\srsvc.dll

18:20:50.0250 4616 srservice - ok

18:20:50.0343 4616 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

18:20:50.0375 4616 Srv - ok

18:20:50.0437 4616 [ 5B9D0DE64BE96A806819516440FD211C ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

18:20:50.0453 4616 SSDPSRV - ok

18:20:50.0546 4616 [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

18:20:50.0562 4616 StarWindServiceAE - ok

18:20:50.0796 4616 [ 797FCC1D859B203958E915BB82528DA9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys

18:20:50.0968 4616 STHDA - ok

18:20:51.0015 4616 [ 5AE996186D2DC694FEF88F14A3FC9242 ] stisvc C:\WINDOWS\system32\wiaservc.dll

18:20:51.0046 4616 stisvc - ok

18:20:51.0093 4616 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

18:20:51.0109 4616 swenum - ok

18:20:51.0140 4616 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

18:20:51.0140 4616 swmidi - ok

18:20:51.0156 4616 SwPrv - ok

18:20:51.0156 4616 symc810 - ok

18:20:51.0156 4616 symc8xx - ok

18:20:51.0171 4616 sym_hi - ok

18:20:51.0171 4616 sym_u3 - ok

18:20:51.0234 4616 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

18:20:51.0250 4616 sysaudio - ok

18:20:51.0281 4616 [ 251EAE7C56C6AB9490311A3C9757E18D ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

18:20:51.0312 4616 SysmonLog - ok

18:20:51.0375 4616 [ 2BC9FB448F0C2394FF53C83A7BB04731 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

18:20:51.0406 4616 TapiSrv - ok

18:20:51.0515 4616 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:20:51.0546 4616 Tcpip - ok

18:20:51.0609 4616 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

18:20:51.0609 4616 TDPIPE - ok

18:20:51.0718 4616 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

18:20:51.0734 4616 TDTCP - ok

18:20:51.0750 4616 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

18:20:51.0765 4616 TermDD - ok

18:20:51.0875 4616 [ E0AEF86A594C9990D6321C5CA239C5B7 ] TermService C:\WINDOWS\System32\termsrv.dll

18:20:51.0968 4616 TermService - ok

18:20:52.0000 4616 [ 2D5D4156292150FE571872C1B88E9299 ] Themes C:\WINDOWS\System32\shsvcs.dll

18:20:52.0000 4616 Themes - ok

18:20:52.0046 4616 [ 78A2FE13662A119875F10E9FFCB49A8F ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

18:20:52.0078 4616 TlntSvr - ok

18:20:52.0078 4616 TosIde - ok

18:20:52.0125 4616 [ 20655E8CA1C78BC7088B18E93806D21B ] TrkWks C:\WINDOWS\system32\trkwks.dll

18:20:52.0140 4616 TrkWks - ok

18:20:52.0156 4616 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

18:20:52.0156 4616 Udfs - ok

18:20:52.0171 4616 ultra - ok

18:20:52.0281 4616 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

18:20:52.0359 4616 Update - ok

18:20:52.0421 4616 [ 01653D6C9604F1FB31A76EC94E08954F ] upnphost C:\WINDOWS\System32\upnphost.dll

18:20:52.0453 4616 upnphost - ok

18:20:52.0484 4616 [ A89796DD0DE24CF03B3A39407E1F46A3 ] UPS C:\WINDOWS\System32\ups.exe

18:20:52.0500 4616 UPS - ok

18:20:52.0593 4616 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

18:20:52.0593 4616 USBAAPL - ok

18:20:52.0625 4616 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:20:52.0625 4616 usbccgp - ok

18:20:52.0656 4616 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:20:52.0687 4616 usbehci - ok

18:20:52.0718 4616 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:20:52.0750 4616 usbhub - ok

18:20:52.0781 4616 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:20:52.0796 4616 usbprint - ok

18:20:52.0843 4616 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:20:52.0875 4616 usbscan - ok

18:20:52.0890 4616 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:20:52.0906 4616 usbstor - ok

18:20:52.0937 4616 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:20:52.0953 4616 usbuhci - ok

18:20:52.0968 4616 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

18:20:52.0984 4616 VgaSave - ok

18:20:53.0000 4616 ViaIde - ok

18:20:53.0015 4616 [ 8AB662B3C4691E6DDF61C96BB5B7D103 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

18:20:53.0046 4616 VolSnap - ok

18:20:53.0156 4616 [ A585EDD6965B301DE8A45C6768C7C215 ] VSS C:\WINDOWS\System32\vssvc.exe

18:20:53.0218 4616 VSS - ok

18:20:53.0484 4616 [ 50D3941555FEFDF46424431702EC5FB6 ] vToolbarUpdater14.0.1 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe

18:20:53.0718 4616 vToolbarUpdater14.0.1 - ok

18:20:53.0781 4616 [ 390D8E65F362327AD510B08971478301 ] W32Time C:\WINDOWS\system32\w32time.dll

18:20:53.0796 4616 W32Time - ok

18:20:53.0859 4616 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:20:53.0875 4616 Wanarp - ok

18:20:54.0000 4616 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

18:20:54.0031 4616 Wdf01000 - ok

18:20:54.0031 4616 WDICA - ok

18:20:54.0093 4616 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

18:20:54.0109 4616 wdmaud - ok

18:20:54.0156 4616 [ 33D8E2812054D97A0AEC9B8F04277927 ] WebClient C:\WINDOWS\System32\webclnt.dll

18:20:54.0171 4616 WebClient - ok

18:20:54.0296 4616 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

18:20:54.0328 4616 winachsf - ok

18:20:54.0531 4616 [ F9E105F369C18E4001E0C05AAF600D73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

18:20:54.0531 4616 winmgmt - ok

18:20:54.0578 4616 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

18:20:54.0578 4616 WmdmPmSN - ok

18:20:54.0718 4616 [ 93F8EB8C7CD4E325EC92EDBFC545103D ] Wmi C:\WINDOWS\System32\advapi32.dll

18:20:54.0750 4616 Wmi - ok

18:20:54.0796 4616 [ 87F11D161207C7063EDABAC0AADC33C3 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

18:20:54.0812 4616 WmiApSrv - ok

18:20:55.0093 4616 [ 79A01ACD485687EE602411A06B63A9A5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

18:20:55.0140 4616 WMPNetworkSvc - ok

18:20:55.0203 4616 [ 843F7FA8EA38E6A4262976DCC994C81A ] wscsvc C:\WINDOWS\system32\wscsvc.dll

18:20:55.0218 4616 wscsvc - ok

18:20:55.0234 4616 WSearch - ok

18:20:55.0312 4616 [ 1E8FDDDEF3FE260BADAB06DAE10D753A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

18:20:55.0328 4616 wuauserv - ok

18:20:55.0437 4616 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:20:55.0484 4616 WudfPf - ok

18:20:55.0515 4616 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:20:55.0546 4616 WudfRd - ok

18:20:55.0593 4616 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

18:20:55.0609 4616 WudfSvc - ok

18:20:55.0750 4616 [ E99782DBB8FFA2AEE72B31DAC8D8D887 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

18:20:55.0953 4616 WZCSVC - ok

18:20:56.0000 4616 [ FD3C38635808920F8235BF2FED642F54 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

18:20:56.0031 4616 xmlprov - ok

18:20:56.0046 4616 ================ Scan global ===============================

18:20:56.0093 4616 [ 953AD498333B03F7CE547151F96EF241 ] C:\WINDOWS\system32\basesrv.dll

18:20:56.0312 4616 [ 6D43938F4980D62E091AE2F755FC259B ] C:\WINDOWS\system32\winsrv.dll

18:20:56.0343 4616 [ 6D43938F4980D62E091AE2F755FC259B ] C:\WINDOWS\system32\winsrv.dll

18:20:56.0406 4616 [ 657B69389B893F440B07590C9E963F23 ] C:\WINDOWS\system32\services.exe

18:20:56.0406 4616 [Global] - ok

18:20:56.0406 4616 ================ Scan MBR ==================================

18:20:56.0468 4616 [ 3051207086651214E435112E51817DC5 ] \Device\Harddisk0\DR0

18:20:57.0890 4616 \Device\Harddisk0\DR0 - ok

18:20:57.0890 4616 ================ Scan VBR ==================================

18:20:57.0906 4616 [ 10AE94F753D1810C0E309C30586D84F9 ] \Device\Harddisk0\DR0\Partition1

18:20:57.0906 4616 \Device\Harddisk0\DR0\Partition1 - ok

18:20:57.0906 4616 ============================================================

18:20:57.0906 4616 Scan finished

18:20:57.0906 4616 ============================================================

18:20:57.0921 4608 Detected object count: 3

18:20:57.0921 4608 Actual detected object count: 3

18:21:10.0828 4608 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

18:21:10.0828 4608 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

18:21:10.0828 4608 avgtp ( ForgedFile.Multi.Generic ) - skipped by user

18:21:10.0828 4608 avgtp ( ForgedFile.Multi.Generic ) - User select action: Skip

18:21:10.0828 4608 sptd ( LockedFile.Multi.Generic ) - skipped by user

18:21:10.0828 4608 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

18:21:36.0265 4504 Deinitialize success

[juisterr]

Download zoek.exe naar het bureaublad.

• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
  (hier of hier) kan je lezen hoe je dat doet.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
  

  startupall;
  filesrcm;
  emptyclsid; 
  autoclean; 
  iedefaults; 
  
  
  
  
  

  
  

• Klik daarna op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post nu de inhoud van het geopende logje in het volgende bericht.
  

[Brunoc]

Zoek.exe Version 4.0.0.2 Updated 17-April-2013

Tool run by Eigenaar on do 18/04/2013 at 22:13:13,01.

Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1957994488-682003330-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-1957994488-682003330-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully

HKEY_USERS\S-1-5-21-1957994488-682003330-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully

HKEY_USERS\S-1-5-21-1957994488-682003330-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1957994488-682003330-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully

HKEY_USERS\S-1-5-21-1957994488-682003330-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\j1l9xnro.default

user.js not found

---- Lines BabylonToolbar removed from prefs.js ----

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar.babTrack", "affID=100474");

user_pref("extensions.BabylonToolbar.bbDpng", 27);

user_pref("extensions.BabylonToolbar.dfltLng", "en");

user_pref("extensions.BabylonToolbar.dfltSrch", true);

user_pref("extensions.BabylonToolbar.hmpg", true);

user_pref("extensions.BabylonToolbar.id", "503792f6000000000000001676d03543");

user_pref("extensions.BabylonToolbar.instlDay", "15247");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.keyWordUrl", "Babylon Search");

user_pref("extensions.BabylonToolbar.lastDP", 27);

user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.109:26:58");

user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");

user_pref("extensions.BabylonToolbar.newTab", true);

user_pref("extensions.BabylonToolbar.newTabUrl", "Babylon Search");

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.propectorlck", 84658610);

user_pref("extensions.BabylonToolbar.prtkHmpg", 1);

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.ptch_0717", true);

user_pref("extensions.BabylonToolbar.smplGrp", "none");

user_pref("extensions.BabylonToolbar.srcExt", "ss");

user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");

user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");

user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.109:26:58");

---- Lines BabylonToolbar modified from prefs.js ----

---- Lines CT2865317 removed from prefs.js ----

user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2865317", "\"1334671211\"");

user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2865317", "\"c912886ea3ba021d3a9ef2d6ad700899\"");

user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2865317/CT2865317", "\"3966e9eb5c0456342b012ee51fb84d752\"");

user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2865317");

user_pref("CommunityToolbar.ToolbarsList", "CT2865317");

user_pref("CommunityToolbar.ToolbarsList2", "CT2865317");

user_pref("CommunityToolbar.ToolbarsList4", "CT2865317");

user_pref("CT2865317..clientLogIsEnabled", false);

user_pref("CT2865317..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");

user_pref("CT2865317..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

user_pref("CT2865317.AboutPrivacyUrl", "Website Privacy Overview | Conduit");

user_pref("CT2865317.alertChannelId", "1257316");

user_pref("CT2865317.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

user_pref("CT2865317.AppTrackingLastCheckTime", "Sun Aug 19 2012 14:25:23 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.backendstorage.cbcountry_001", "4245");

user_pref("CT2865317.backendstorage.cbfirsttime", "5361742041756720303420323031322032323A35313A333920474D542B303230302028526F6D616E636520287A6F6D657274696A642929");

user_pref("CT2865317.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");

user_pref("CT2865317.backendstorage.url_history0001", "687474703A2F2F75736572732E62656C6761636F6D2E6E65742F6D6F73746164652F736974652F746172696625323025433325413974254333254139323031322E7064663A3A3A636C69636B68616E646C65723A3A3A313334343131333534313632332C2C2C6A6176617363726970743A253230766F69642830293B3A3A3A636C69636B68616E646C65723A3A3A313334353337393133383036332C2C2C6A6176617363726970743A253230766F69642830293B3A3A3A636C69636B68616E646C65723A3A3A313334353337393133383036352C2C2C687474703A2F2F7365617263682E626162796C6F6E2E636F6D2F3F733D776562266261627372633D48505F737326726C7A3D302675696C3D6E6C3A3A3A636C69636B68616E646C65723A3A3A313334353337393134303635372C2C2C687474703A2F2F7365617263682E626162796C6F6E2E636F6D2F3F733D776562266261627372633D48505F737326726C7A3D302675696C3D6E6C3A3A3A636C69636B68616E646C65723A3A3A31333435333739313430363539");

user_pref("CT2865317.CTID", "CT2865317");

user_pref("CT2865317.CurrentServerDate", "19-8-2012");

user_pref("CT2865317.DialogsAlignMode", "LTR");

user_pref("CT2865317.DialogsGetterLastCheckTime", "Sun Aug 19 2012 14:25:13 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.DownloadReferralCookieData", "");

user_pref("CT2865317.DSInstall", false);

user_pref("CT2865317.EMailNotifierPollDate", "Sun Aug 19 2012 14:25:12 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.FeedLastCount5397019970362056034", 301);

user_pref("CT2865317.FeedPollDate2429156812186649977", "Sun Aug 19 2012 14:25:14 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.FeedPollDate2429156813040823546", "Sun Aug 19 2012 14:25:14 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.FeedPollDate2429156813130095866", "Sun Aug 19 2012 14:25:13 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.FeedPollDate2429156813224203613", "Sun Aug 19 2012 14:25:13 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.FeedPollDate2429156813230837251", "Sun Aug 19 2012 14:25:14 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.FeedPollDate2429156813454291735", "Sun Aug 19 2012 14:25:14 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.FeedPollDate2429156813729834876", "Sun Aug 19 2012 14:25:13 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.FeedPollDate2429156813860870021", "Sun Aug 19 2012 14:25:14 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.FeedPollDate2429156814264681793", "Sun Aug 19 2012 14:25:14 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.FeedPollDate2429156814863075366", "Sun Aug 19 2012 14:25:14 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.FeedPollDate2429156815257761081", "Sun Aug 19 2012 14:25:14 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.FeedTTL2429156813040823546", 15);

user_pref("CT2865317.FeedTTL2429156813130095866", 10);

user_pref("CT2865317.FeedTTL2429156813454291735", 5);

user_pref("CT2865317.FeedTTL2429156814264681793", 5);

user_pref("CT2865317.FirstServerDate", "4-8-2012");

user_pref("CT2865317.FirstTime", true);

user_pref("CT2865317.FirstTimeFF3", true);

user_pref("CT2865317.FixPageNotFoundErrors", true);

user_pref("CT2865317.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"http://appdownload.conduit.com/\",\"RevertSettingsEnabled\":\"FALSE\"}");

user_pref("CT2865317.globalFirstTimeInfoLastCheckTime", "Sun Aug 19 2012 14:25:12 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.GroupingServerCheckInterval", 1440);

user_pref("CT2865317.GroupingServiceUrl", "http://grouping.services.conduit.com/");

user_pref("CT2865317.HasUserGlobalKeys", true);

user_pref("CT2865317.HomepageBeforeUnload", "Babylon Search");

user_pref("CT2865317.homepageProtectorEnableByLogin", true);

user_pref("CT2865317.HomePageProtectorEnabled", false);

user_pref("CT2865317.HPInstall", false);

user_pref("CT2865317.initDone", true);

user_pref("CT2865317.Initialize", true);

user_pref("CT2865317.InitializeCommonPrefs", true);

user_pref("CT2865317.InstallationAndCookieDataSentCount", 2);

user_pref("CT2865317.InstallationId", "ConduitXPEIntegration");

user_pref("CT2865317.InstallationType", "ConduitXPEIntegration");

user_pref("CT2865317.InstalledDate", "Sat Aug 04 2012 22:51:33 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.IsAlertDBUpdated", true);

user_pref("CT2865317.isAppTrackingManagerOn", true);

user_pref("CT2865317.IsGrouping", false);

user_pref("CT2865317.IsInitSetupIni", true);

user_pref("CT2865317.IsMulticommunity", false);

user_pref("CT2865317.IsOpenThankYouPage", true);

user_pref("CT2865317.IsOpenUninstallPage", false);

user_pref("CT2865317.LanguagePackLastCheckTime", "Sun Aug 19 2012 14:25:12 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.LanguagePackReloadIntervalMM", 1440);

user_pref("CT2865317.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");

user_pref("CT2865317.LastLogin_3.8.1.0", "Sun Aug 19 2012 14:25:13 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.LatestVersion", "3.14.1.0");

user_pref("CT2865317.Locale", "nl");

user_pref("CT2865317.MCDetectTooltipHeight", "83");

user_pref("CT2865317.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

user_pref("CT2865317.MCDetectTooltipWidth", "295");

user_pref("CT2865317.myStuffEnabled", true);

user_pref("CT2865317.MyStuffEnabledAtInstallation", true);

user_pref("CT2865317.myStuffPublihserMinWidth", 400);

user_pref("CT2865317.myStuffSearchUrl", "SEARCH_TERM| Conduit Apps");

user_pref("CT2865317.myStuffServiceIntervalMM", 1440);

user_pref("CT2865317.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");

user_pref("CT2865317.oldAppsList", "129363015615025603,129363015615338104,1000234,129791448105653660,1000034,129416029873125873,129363015616119359,5397019970362056034,129363015617994372,129363015617994373,129544682758064198,1000080,1000082,1000515,111,1000,1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1011,1012");

user_pref("CT2865317.OriginalFirstVersion", "3.8.1.0");

user_pref("CT2865317.revertSettingsEnabled", true);

user_pref("CT2865317.SearchCaption", "uTorrentBar_NL Customized Web Search");

user_pref("CT2865317.SearchEngineBeforeUnload", "AVG Secure Search");

user_pref("CT2865317.SearchFromAddressBarIsInit", true);

user_pref("CT2865317.SearchFromAddressBarUrl", "Zoeken=");

user_pref("CT2865317.SearchInNewTabEnabled", true);

user_pref("CT2865317.SearchInNewTabIntervalMM", 1440);

user_pref("CT2865317.SearchInNewTabLastCheckTime", "Sun Aug 19 2012 14:25:12 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");

user_pref("CT2865317.SearchInNewTabUsageUrl", "http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");

user_pref("CT2865317.searchProtectorDialogDelayInSec", 10);

user_pref("CT2865317.searchProtectorEnableByLogin", true);

user_pref("CT2865317.SearchProtectorEnabled", false);

user_pref("CT2865317.SearchProtectorToolbarDisabled", false);

user_pref("CT2865317.SendProtectorDataViaLogin", true);

user_pref("CT2865317.ServiceMapLastCheckTime", "Sun Aug 19 2012 14:25:12 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.SettingsLastCheckTime", "Sun Aug 19 2012 14:25:11 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.SettingsLastUpdate", "1345149440");

user_pref("CT2865317.SHRINK_TOOLBAR", 1);

user_pref("CT2865317.TBHomePageUrl", "Zoeken");

user_pref("CT2865317.testingCtid", "");

user_pref("CT2865317.ThirdPartyComponentsInterval", 504);

user_pref("CT2865317.ThirdPartyComponentsLastCheck", "Sat Aug 04 2012 22:51:31 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.ThirdPartyComponentsLastUpdate", "1331805997");

user_pref("CT2865317.toolbarAppMetaDataLastCheckTime", "Sun Aug 19 2012 14:25:12 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.toolbarContextMenuLastCheckTime", "Sun Aug 19 2012 14:25:12 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.ToolbarShrinkedFromSetup", false);

user_pref("CT2865317.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm");

user_pref("CT2865317.TrusteLinkUrl", "Validation Page for Online Privacy Certification by TRUSTe");

user_pref("CT2865317.usagesFlag", 2);

user_pref("CT2865317.UserID", "UN03625852742968338");

user_pref("CT2865317.ValidationData_Toolbar", 0);

user_pref("CT2865317.WeatherNetwork", "");

user_pref("CT2865317.WeatherPollDate", "Sun Aug 19 2012 14:25:14 GMT+0200 (Romance (zomertijd))");

user_pref("CT2865317.WeatherUnit", "C");

---- Lines CT2865317 modified from prefs.js ----

---- Lines conduit removed from prefs.js ----

user_pref("browser.search.defaulturl", "Zoeken {searchTerms}");

user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1257316/1252989/BE", "\"0\"");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=nl", "PsT51tvJkTNvspgWuRmFBw==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=nl", "Cr7nJbPQVW8V9b6n1MWmqw==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=nl", "c++qsbHBE/35rdF5NaLh1Q==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=nl", "FbVnzYidRFcfIE6FPIcUMA==");

user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");

user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"0e0a4327275cd1:0\"");

user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=nl", "\"440743e79ed88bda90923d3200bc6b12\"");

user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Eigenaar\\Application Data\\Mozilla\\Firefox\\Profiles\\j1l9xnro.default\\conduitCommon\\modules\\3.8.1.0");

user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");

user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");

---- Lines conduit modified from prefs.js ----

---- Lines Web Search removed from prefs.js ----

user_pref("browser.search.defaultthis.engineName", "MyAshampoo Customized Web Search");

---- Lines Web Search modified from prefs.js ----

---- Lines Customized removed from prefs.js ----

---- Lines Customized modified from prefs.js ----

---- Lines CommunityToolbar removed from prefs.js ----

user_pref("CommunityToolbar.globalUserId", "6331308e-7458-4448-af1f-12e7fe6ed376");

user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");

user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Aug 19 2012 14:25:12 GMT+0200 (Romance (zomertijd))");

user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Aug 19 2012 14:25:20 GMT+0200 (Romance (zomertijd))");

user_pref("CommunityToolbar.notifications.locale", "en");

user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Aug 19 2012 14:25:12 GMT+0200 (Romance (zomertijd))");

user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

user_pref("CommunityToolbar.notifications.showTrayIcon", false);

user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

user_pref("CommunityToolbar.notifications.userId", "6871530e-ca9e-42aa-bb02-836787d5ed3f");

user_pref("CommunityToolbar.originalHomepage", "Babylon Search");

user_pref("CommunityToolbar.originalSearchEngine", "AVG Secure Search");

user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "Zoek=");

---- Lines CommunityToolbar modified from prefs.js ----

---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 removed from prefs.js ----

---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 modified from prefs.js ----

user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.1,jqs@sun.com:1.0,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99,{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26,{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33,ffxtlbr@babylon.com:1.1.9,{87775fdb-6972-41f9-ae51-8326e38cb206}:3.8.1.0,{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912,avg@toolbar:11.1.0.12,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13");

---- FireFox user.js and prefs.js backups ----

prefs_20131804_2215_.backup

==== Deleting Files \ Folders ======================

"C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\j1l9xnro.default\searchplugins\conduit.xml" deleted

"C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" deleted

"C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml" deleted

"C:\Documents and Settings\Eigenaar\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk" deleted

"C:\WINDOWS\System32\ConduitEngine.tmp" deleted

"C:\Documents and Settings\Eigenaar\Application Data\Lite" deleted

"C:\Program Files\Application Updater" deleted

"C:\Program Files\DealPly" deleted

"C:\Program Files\Conduit" deleted

"C:\Documents and Settings\Eigenaar\Application Data\Babylon" deleted

"C:\Documents and Settings\Eigenaar\Application Data\BabylonToolbar" deleted

"C:\Documents and Settings\Eigenaar\Application Data\Search Settings" deleted

"C:\Documents and Settings\Eigenaar\Application Data\PriceGong" deleted

"C:\Documents and Settings\All Users\Menu Start\Programma's\DealPly" deleted

"C:\Documents and Settings\All Users\Application Data\Babylon" deleted

"C:\Documents and Settings\Eigenaar\Local Settings\Application Data\iLivid" deleted

"C:\Documents and Settings\Eigenaar\Local Settings\Application Data\PackageAware" deleted

"C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Conduit" deleted

"C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\j1l9xnro.default\extensions\ffxtlbr@babylon.com" deleted

"C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\j1l9xnro.default\CT2865317" deleted

"C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\j1l9xnro.default\CT2865317" deleted

"C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\j1l9xnro.default\conduitCommon" deleted

"C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\j1l9xnro.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}" deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====

====== C:\DOCUME~1\Eigenaar\LOCALS~1\Temp ====

====== C:\WINDOWS\system32 =====

====== C:\WINDOWS\system32\drivers =====

2013-04-18 13:37:05 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys

====== C:\WINDOWS\Tasks ======

2013-04-10 09:03:16 9EB0C4EE8C4946AB407687BE9677844E 496 ----a-w- C:\WINDOWS\Tasks\HP Photo Creations Communicator.job

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

2013-04-10 09:03:02 -------- d-----w- C:\Program Files\HP Photo Creations

2013-04-01 17:37:44 -------- d-----w- C:\Program Files\RealNetworks

2013-04-01 17:36:34 -------- d-----w- C:\Program Files\Common Files\xing shared

======= C: =====

====== C:\Documents and Settings\Eigenaar\Application Data ======

2013-04-17 07:28:13 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG

2013-04-10 09:03:16 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\HP\HP Photo Creations

2013-04-10 09:03:02 -------- d-----w- C:\Documents and Settings\All Users\Application Data\HP Photo Creations

2013-04-01 17:37:44 -------- d-----w- C:\Documents and Settings\All Users\Application Data\RealNetworks

2013-03-22 07:02:34 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\Google Earth

====== C:\Documents and Settings\Eigenaar ======

====== C: exe-files ==

2013-04-18 16:13:14 178A34E5554DCE485E1262DDF027960C 2237968 ----a-w- C:\Documents and Settings\Eigenaar\Bureaublad\tdsskiller\TDSSKiller.exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1957994488-682003330-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount"

"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup"

"Akamai NetSession Interface"="C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Akamai\netsession_win.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe"

"SigmatelSysTrayApp"="stsystra.exe"

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"

"AVG_TRAY"="C:\Program Files\AVG\AVG2012\avgtray.exe"

"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"vProt"="C:\Program Files\AVG Secure Search\vprot.exe"

"Microsoft Default Manager"="C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume"

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"

"ROC_roc_dec12"="C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe /PROMPT /CMPID=roc_dec12"

"EMET Notifier"="C:\Program Files\EMET\EMET_notifier.exe"

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime"

"LaCie Desktop Manager Launcher"="C:\Program Files\LaCie\Desktop Manager\lacie_launcherd.exe"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"TkBellExe"="C:\program files\real\realplayer\update\realsched.exe -osboot"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount"

"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup"

"Akamai NetSession Interface"="C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Akamai\netsession_win.exe"

==== Startup Folders ======================

2010-01-20 15:07:20 1687 ----a-w- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech SetPoint.lnk

2010-01-20 10:04:57 1734 ----a-w- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk

2010-01-16 09:22:03 1791 ----a-w- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk

2012-01-15 10:40:51 1683 ----a-w- C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Opstarten\Inktwaarschuwingen controleren - HP Photosmart 5510 series.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\AppleC:oftware Update\SoftwareUpdate.exe []

C:\WINDOWS\tasks\At1.job --a------ C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [25/05/2011 18:13]

C:\WINDOWS\tasks\At2.job --a------ C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [25/05/2011 18:13]

C:\WINDOWS\tasks\At3.job --a------ C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [25/05/2011 18:13]

C:\WINDOWS\tasks\At4.job --a------ C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [25/05/2011 18:13]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [31/05/2012 09:29]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [31/05/2012 09:29]

C:\WINDOWS\tasks\HP Photo Creations Communicator.job --a------ C:\Documents and Settings\All Users\Application Data\HP Photo Creations\Communicator.exe [22/01/2011 12:11]

C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1957994488-682003330-839522115-1003.job --a------ [undertermined Task]

C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1957994488-682003330-839522115-1003.job --a------ C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [06/03/2013 02:21]

C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1957994488-682003330-839522115-1003.job --a------ C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [06/03/2013 02:21]

C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1957994488-682003330-839522115-1003.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [06/03/2013 11:36]

C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1957994488-682003330-839522115-1003.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [06/03/2013 11:36]

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-682003330-839522115-1003.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [06/03/2013 11:36]

C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-682003330-839522115-1003.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [06/03/2013 11:36]

C:\WINDOWS\tasks\switchShakeIcon.job --a------ C:\Program Files\NCH Swift Sound\Switch\switch.exe [04/06/2010 12:16]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\j1l9xnro.default

- British English Dictionary - %ProfilePath%\extensions\en-GB@dictionaries.addons.mozilla.org

- DealPly - %ProfilePath%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\j1l9xnro.default

9F01950A89FF64D16CEC2836785FA600 - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll - RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)

B90EE25DEF386CD4D8D8D4CEFB7B5E9C - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll - RealPlayer Download Plugin

47299371607DC2FB234444EEACB1639E - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash

F7015E6C5FE1E74C0E029A291E732787 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit)

BF115DE08783E9FA8A9BB83DAA39149B - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit)

395BB0421E1C57D201DCE4D48E05E0BA - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit)

A56B8E622037E6D57480F16F4B8F472C - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin

E971E06DDE68684CB3957C5D0E133CB0 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

F00A0EF5835E1B96F783D617F1948704 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

E0FF893763BA82BAABB869A351F0C455 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update

F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat

A5C14075B571AF1C9592595BE724D9D2 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In

CB058B7AEC8BA542570678C4BE9F339A - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U10

7D35CB60201CED2F01AE06F1816231E2 - C:\WINDOWS\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.100.18

AF87C7A3D391F5F5534167546D7DDE30 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3

2034E977759F4EB2226914BFC58F2758 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3

B14417814FCA3A5D4AB170E1823D5484 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3

3EFF190EC0E333DFBD2F5499858044B6 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3

C4EB1B18B39BD2F76A64F75D01DEAB61 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3

45CC6EFE643FCB97D986BBE2D21E2491 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3

9FCA15CC38F2E2C6F5E722ED0E1A9E7A - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3

C7794A997CEC29173A4401F3AE16C51F - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin

10737B44923217BC0E67D26A9FC1F0AA - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks Chrome Background Extension Plug-In (32-bit)

2645990C521342DCD08963D2DF6CD0D2 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer HTML5VideoShim Plug-In (32-bit)

F98B0B2789436E072D7ED979C4E44D07 - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

605473FD8D50CCDFD5EA357F72683410 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in

472DAEA6EEE84240DEA132C95C57EB68 - C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer

3509063A268A4197CF8E713BD22B0978 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery

AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

AF87C7A3D391F5F5534167546D7DDE30 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3

2034E977759F4EB2226914BFC58F2758 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3

B14417814FCA3A5D4AB170E1823D5484 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3

3EFF190EC0E333DFBD2F5499858044B6 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3

C4EB1B18B39BD2F76A64F75D01DEAB61 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3

45CC6EFE643FCB97D986BBE2D21E2491 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3

9FCA15CC38F2E2C6F5E722ED0E1A9E7A - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3

F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat

DB988B4550DB9BCE86F9199D961057FC - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

B90EE25DEF386CD4D8D8D4CEFB7B5E9C - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin

9F01950A89FF64D16CEC2836785FA600 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)

2AA3703D87E1327A2290C9D416D89A28 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight

3EA079023D32054BFD73D08E77C72609 - C:\WINDOWS\system32\npptools.dll - Besturingssysteem Microsoft® Windows®

15E1FAAAEA76F53F72B6ACB25A7B0EC7 - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\npsitesafety.dll - ------

==== Deleting Files \ Folders ======================

"C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\j1l9xnro.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

cjofdnhdkbflacojpfpkchgafjahijbb - C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\ccex.crx[09/11/2011 15:05]

gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]

idhngdhcfkoamngbedgpaokgjbnpdiji - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[06/03/2013 02:26]

jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx[26/07/2012 03:23]

ndibdjnfmopecpmkdieinmbadjfpblof - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\14.0.2.14\avg.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]

==== Chrome Fix ======================

C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\ccex.crx deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

{95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="Zoek"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Eigenaar\Bureaublad\Backup\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Eigenaar\Bureaublad\Backup\Documents and Settings\Bruno Claes\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Eigenaar\Bureaublad\Backup\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Eigenaar\Bureaublad\Backup\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Eigenaar\Bureaublad\Backup\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Eigenaar\Bureaublad\Backup\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Eigenaar\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Mozilla\Firefox\Profiles\j1l9xnro.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\DOCUME~1\Eigenaar\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

[juisterr]

Dat ruimt lekker op zo, hoe is het met de klachten ?

[Brunoc]

Hmm. Een ietwat vreemd beeld. Deze ochtend PC opgestart en AVG laten draaien. AVG gaf 5 aanwezige rootkits. 4 uur later AVG opnieuw laten draaien. AVG geeft 1 rootkit aanwezig.

???