Trojan horse PSW.Agent.ASJX en Trojan horse PSW.Agent.AUET verwijderen

Ik zit met (ongeveer) hetzelfde probleem als wat in andere discussies is geschetst: computer merkbaar trager en start niet meer automatisch op; kiezen voor opstarten vanaf een punt dat de computer zonder problemen opstartte (o.i.d.). AVG spoort het e.e.a. op maar de computer blijft geinfecteerd.

Ik heb een aantal acties uitgevoerd zoals herboven beschreven. Graag zou ik mijn computer weer "trojan-vrij" krijgen, wie helpt?

onderstaand de logfile van combofix, logfile van hijackthis en een overzicht van de avg-scan met de gedetecteerde bestanden.

COMBOFIX

ComboFix 12-08-07.02 - Mirjam 07-08-2012 13:10:03.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.563 [GMT 2:00]

Running from: c:\documents and settings\Mirjam\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_xcpip

-------\Service_xpsec

.

.

((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))

.

.

2012-08-06 22:59 . 2012-08-06 22:59 -------- d-----w- c:\documents and settings\Mirjam\Application Data\SUPERAntiSpyware.com

2012-08-06 22:58 . 2012-08-07 09:12 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-08-06 22:58 . 2012-08-06 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2012-08-06 22:57 . 2012-08-06 22:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-08-06 21:05 . 2012-08-06 21:05 388096 ----a-r- c:\documents and settings\Mirjam\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-08-06 21:05 . 2012-08-06 21:05 -------- d-----w- c:\program files\Trend Micro

2012-08-03 12:30 . 2012-08-03 12:30 -------- d-----w- c:\documents and settings\Mirjam\Local Settings\Application Data\Ilivid Player

2012-08-03 12:29 . 2012-08-07 09:12 -------- d-----w- c:\program files\iLivid

2012-08-03 11:51 . 2012-08-03 11:51 54016 ----a-w- c:\windows\system32\drivers\ixodm.sys

2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\Mirjam\Application Data\Malwarebytes

2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-02 22:31 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-02 21:08 . 2012-08-03 08:06 -------- d-----w- c:\documents and settings\Mirjam\Application Data\eType

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 22:25 . 2012-03-29 19:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-02 22:25 . 2011-07-31 21:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-13 13:19 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 13:19 . 2008-10-16 13:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2009-01-28 08:57 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2009-01-28 08:57 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2009-01-28 08:57 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2009-01-28 08:57 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2009-01-28 08:57 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2008-10-16 13:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2009-01-28 08:57 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2009-01-28 08:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:18 . 2010-10-13 17:07 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2010-10-13 17:07 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 13:18 . 2010-10-13 17:07 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

Cryptography Services Error !!

.

((((((((((((((((((((((((((((( SnapShot@2012-08-02_23.19.50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-15 21:15 . 2012-08-07 09:12 1137132 c:\windows\system32\Restore\rstrlog.dat

+ 2012-08-06 21:05 . 2012-08-06 21:05 1094656 c:\windows\Installer\5f2a31.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"DVDTray"="c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 65536]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 148888]

"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Mirjam\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 1:14 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11-7-2011 1:13 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 295248]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22-7-2011 18:27 12880]

R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [12-7-2011 23:55 67664]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 1:14 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 1:14 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11-7-2011 1:14 16720]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [3-5-2004 17:26 80384]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3-8-2012 0:31 22344]

R3 NetillaVPN;AEP VPN Adapter;c:\windows\system32\drivers\Netva.sys [12-8-2008 13:08 10112]

S0 cerc6;cerc6; [x]

S3 CFcatchme;CFcatchme;\??\c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys [?]

S3 rxr1z_.sys;rxr1z_.sys;\??\c:\windows\system32\drivers\rxr1z_.sys --> c:\windows\system32\drivers\rxr1z_.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 22:25]

.

2012-08-07 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 21:09]

.

2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37]

.

2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37]

.

2012-08-06 c:\windows\Tasks\User_Feed_Synchronization-{04FCF37C-6942-4AD6-8098-20AD25E9506F}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.nu.nl/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm

IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm

TCP: DhcpNameServer = 192.168.1.254 192.168.0.1

DPF: {37066585-F2BD-4F2E-A6C6-F2CB64EEE826} - hxxps://aloa.arcadis.nl/webapp/psvpns/VPNInstall.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-07 13:23

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]

"3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1176)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(2432)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\windows\System32\SCardSvr.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\program files\AVG\AVG2012\avgwdsvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\AVG\AVG2012\AVGIDSAgent.exe

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\Java\jre6\bin\jucheck.exe

.

**************************************************************************

.

Completion time: 2012-08-07 13:29:48 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-07 11:29

ComboFix2.txt 2012-08-02 23:35

.

Pre-Run: 14.146.965.504 bytes free

Post-Run: 14.505.811.968 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 23EFE9FAF819432F7DD132EE6C42B871

HijackThis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:48:39, on 7-8-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\21.0.1180.60\npchrome_frame.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm

O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O16 - DPF: {37066585-F2BD-4F2E-A6C6-F2CB64EEE826} (AEP SSL Tunnel Client ActiveX Control) - https://aloa.arcadis.nl/webapp/psvpns/VPNInstall.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1235246462472&h=1e17d89d0dc1d6bf9f1ace3cfaf1f2fb/&filename=jinstall-6u12-windows-i586-jc.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\21.0.1180.60\npchrome_frame.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updateservice (gupdate1c9a6233ac2f8f8) (gupdate1c9a6233ac2f8f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: AEP SSL Tunnel Helper Service (NetillaVPNService) - AEP Networks, Inc. - C:\Program Files\AEP\SSLTunnel\nvpns.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Mirjam/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--

End of file - 9800 bytes

AVG-scan result

"";"C:\WINDOWS\system32\winlogon.exe (1176)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\svchost.exe (3344)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\svchost.exe (1744)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\svchost.exe (1572)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\services.exe (1220)";"Trojan horse PSW.Agent.AUES";"Deleted"

"";"C:\WINDOWS\system32\igfxpers.exe (3644)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\WINDOWS\system32\hkcmd.exe (3608)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\WINDOWS\explorer.exe (2432)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (1732)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (644)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (676)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Java\jre6\bin\jusched.exe (3908)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Java\jre6\bin\jucheck.exe (5852)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3700)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (512)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (408)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (3156)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3776)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1860)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (5772)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (3012)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (4032)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (2240)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\AVG\AVG2012\avgui.exe (4772)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\AVG\AVG2012\avgtray.exe (4092)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (3432)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3860)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\WINDOWS\system32\winlogon.exe (1176):\memory_00da0000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (3344):\memory_00c00000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (3344):\memory_00b70000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (1744):\memory_00a90000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (1744):\memory_00a10000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (1572):\memory_00a90000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (1572):\memory_00640000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\services.exe (1220):\memory_00930000";"Trojan horse PSW.Agent.AUES";"Infected"

"";"C:\WINDOWS\system32\igfxpers.exe (3644):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\hkcmd.exe (3608):\memory_00cd0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\explorer.exe (2432):\memory_016f0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\explorer.exe (2432):\memory_00d20000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (1732):\memory_00f50000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (644):\memory_05c90000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (676):\memory_01230000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Java\jre6\bin\jusched.exe (3908):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Java\jre6\bin\jucheck.exe (5852):\memory_01860000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3700):\memory_01050000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (512):\memory_02880000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (408):\memory_00f90000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (3156):\memory_006a0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3776):\memory_00f70000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1860):\memory_00eb0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (5772):\memory_00e90000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (3012):\memory_008f0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (4032):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (2240):\memory_03090000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\AVG\AVG2012\avgui.exe (4772):\memory_01d00000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\AVG\AVG2012\avgtray.exe (4092):\memory_01aa0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (3432):\memory_01c20000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3860):\memory_00900000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"HKLM\SYSTEM\CurrentControlSet\services\atapi";"Found registry key with reference to infected file C:\WINDOWS\system32\DRIVERS\atapi.sys";"Healed"

"";"C:\WINDOWS\system32\DRIVERS\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)"

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\documents and settings\Mirjam\Local Settings\Application Data\Ilivid Player

c:\program files\iLivid

File::

c:\windows\system32\drivers\ixodm.sys

c:\windows\system32\drivers\rxr1z_.sys

Driver::

ixodm.sys

rxr1z_.sys

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

ComboFix 12-08-08.01 - Mirjam 08-08-2012 22:10:30.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.410 [GMT 2:00]

Running from: c:\documents and settings\Mirjam\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mirjam\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

FILE ::

"c:\windows\system32\drivers\ixodm.sys"

"c:\windows\system32\drivers\rxr1z_.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Mirjam\Local Settings\Application Data\Ilivid Player

c:\documents and settings\Mirjam\Local Settings\Application Data\Ilivid Player\script.qscript

c:\program files\iLivid

c:\program files\iLivid\fantastic\icon.ico

c:\program files\iLivid\ftalk.ico

c:\program files\iLivid\Helper.dll

c:\program files\iLivid\ilivid.exe

c:\program files\iLivid\ilivid.ico

c:\program files\iLivid\imageformats\qgif4.dll

c:\program files\iLivid\imageformats\qjpeg4.dll

c:\program files\iLivid\libeay32.dll

c:\program files\iLivid\libgcc_s_dw2-1.dll

c:\program files\iLivid\mingwm10.dll

c:\program files\iLivid\phonon4.dll

c:\program files\iLivid\QtCore4.dll

c:\program files\iLivid\QtGui4.dll

c:\program files\iLivid\QtNetwork4.dll

c:\program files\iLivid\QtScript4.dll

c:\program files\iLivid\QtSvg4.dll

c:\program files\iLivid\QtWebKit4.dll

c:\program files\iLivid\QtXmlPatterns4.dll

c:\program files\iLivid\script.qscript

c:\program files\iLivid\script1.81.qscript

c:\program files\iLivid\ssleay32.dll

c:\program files\iLivid\uninstall.exe

c:\program files\iLivid\VLC\activex\axvlc.dll

c:\program files\iLivid\VLC\activex\axvlc.dll.manifest

c:\program files\iLivid\VLC\activex\README.TXT

c:\program files\iLivid\VLC\activex\test.html

c:\program files\iLivid\VLC\AUTHORS.txt

c:\program files\iLivid\VLC\COPYING.txt

c:\program files\iLivid\VLC\http\.hosts

c:\program files\iLivid\VLC\http\dialogs\.hosts

c:\program files\iLivid\VLC\http\dialogs\browse

c:\program files\iLivid\VLC\http\dialogs\footer

c:\program files\iLivid\VLC\http\dialogs\input

c:\program files\iLivid\VLC\http\dialogs\main

c:\program files\iLivid\VLC\http\dialogs\mosaic

c:\program files\iLivid\VLC\http\dialogs\playlist

c:\program files\iLivid\VLC\http\dialogs\sout

c:\program files\iLivid\VLC\http\dialogs\vlm

c:\program files\iLivid\VLC\http\favicon.ico

c:\program files\iLivid\VLC\http\flash.html

c:\program files\iLivid\VLC\http\iehacks.css

c:\program files\iLivid\VLC\http\images\delete.png

c:\program files\iLivid\VLC\http\images\delete_small.png

c:\program files\iLivid\VLC\http\images\eject.png

c:\program files\iLivid\VLC\http\images\empty.png

c:\program files\iLivid\VLC\http\images\fullscreen.png

c:\program files\iLivid\VLC\http\images\help.png

c:\program files\iLivid\VLC\http\images\info.png

c:\program files\iLivid\VLC\http\images\loop.png

c:\program files\iLivid\VLC\http\images\minus.png

c:\program files\iLivid\VLC\http\images\next.png

c:\program files\iLivid\VLC\http\images\pause.png

c:\program files\iLivid\VLC\http\images\play.png

c:\program files\iLivid\VLC\http\images\playlist.png

c:\program files\iLivid\VLC\http\images\playlist_small.png

c:\program files\iLivid\VLC\http\images\plus.png

c:\program files\iLivid\VLC\http\images\prev.png

c:\program files\iLivid\VLC\http\images\refresh.png

c:\program files\iLivid\VLC\http\images\repeat.png

c:\program files\iLivid\VLC\http\images\sd.png

c:\program files\iLivid\VLC\http\images\shuffle.png

c:\program files\iLivid\VLC\http\images\slider_bar.png

c:\program files\iLivid\VLC\http\images\slider_left.png

c:\program files\iLivid\VLC\http\images\slider_point.png

c:\program files\iLivid\VLC\http\images\slider_right.png

c:\program files\iLivid\VLC\http\images\slow.png

c:\program files\iLivid\VLC\http\images\snapshot.png

c:\program files\iLivid\VLC\http\images\sort.png

c:\program files\iLivid\VLC\http\images\sout.png

c:\program files\iLivid\VLC\http\images\speaker.png

c:\program files\iLivid\VLC\http\images\speaker_mute.png

c:\program files\iLivid\VLC\http\images\stop.png

c:\program files\iLivid\VLC\http\images\vlc16x16.png

c:\program files\iLivid\VLC\http\images\volume_down.png

c:\program files\iLivid\VLC\http\images\volume_up.png

c:\program files\iLivid\VLC\http\images\white.png

c:\program files\iLivid\VLC\http\images\white_cross_small.png

c:\program files\iLivid\VLC\http\index.html

c:\program files\iLivid\VLC\http\js\functions.js

c:\program files\iLivid\VLC\http\js\mosaic.js

c:\program files\iLivid\VLC\http\js\vlm.js

c:\program files\iLivid\VLC\http\mosaic.html

c:\program files\iLivid\VLC\http\requests\browse.xml

c:\program files\iLivid\VLC\http\requests\playlist.xml

c:\program files\iLivid\VLC\http\requests\readme.txt

c:\program files\iLivid\VLC\http\requests\status.xml

c:\program files\iLivid\VLC\http\requests\vlm.xml

c:\program files\iLivid\VLC\http\requests\vlm_cmd.xml

c:\program files\iLivid\VLC\http\style.css

c:\program files\iLivid\VLC\http\vlm.html

c:\program files\iLivid\VLC\http\vlm_export.html

c:\program files\iLivid\VLC\languages\bengali.nsh

c:\program files\iLivid\VLC\languages\brazilian_portuguese.nsh

c:\program files\iLivid\VLC\languages\bulgarian.nsh

c:\program files\iLivid\VLC\languages\catalan.nsh

c:\program files\iLivid\VLC\languages\danish.nsh

c:\program files\iLivid\VLC\languages\declaration.nsh

c:\program files\iLivid\VLC\languages\dutch.nsh

c:\program files\iLivid\VLC\languages\english.nsh

c:\program files\iLivid\VLC\languages\estonian.nsh

c:\program files\iLivid\VLC\languages\finnish.nsh

c:\program files\iLivid\VLC\languages\french.nsh

c:\program files\iLivid\VLC\languages\german.nsh

c:\program files\iLivid\VLC\languages\hungarian.nsh

c:\program files\iLivid\VLC\languages\italian.nsh

c:\program files\iLivid\VLC\languages\japanese.nsh

c:\program files\iLivid\VLC\languages\lithuanian.nsh

c:\program files\iLivid\VLC\languages\occitan.nsh

c:\program files\iLivid\VLC\languages\polish.nsh

c:\program files\iLivid\VLC\languages\punjabi.nsh

c:\program files\iLivid\VLC\languages\romanian.nsh

c:\program files\iLivid\VLC\languages\schinese.nsh

c:\program files\iLivid\VLC\languages\slovak.nsh

c:\program files\iLivid\VLC\languages\slovenian.nsh

c:\program files\iLivid\VLC\languages\sorani.nsh

c:\program files\iLivid\VLC\languages\spanish.nsh

c:\program files\iLivid\VLC\libvlc.dll

c:\program files\iLivid\VLC\libvlc.dll.manifest

c:\program files\iLivid\VLC\libvlccore.dll

c:\program files\iLivid\VLC\locale\ach\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\af\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\am\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ar\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ast\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\be\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\bg\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\bn\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\br\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ca\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\cgg\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ckb\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\co\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\cs\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\da\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\de\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\el\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\en_GB\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\es\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\et\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\eu\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\fa\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ff\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\fi\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\fr\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\fur\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ga\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\gl\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\he\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\hi\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\hr\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\hu\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\hy\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\id\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\is\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\it\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ja\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ka\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\kk\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\km\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ko\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\lg\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\lt\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\lv\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\mk\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ml\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\mn\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ms\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\my\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\nb\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ne\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\nl\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\nn\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\oc\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\pa\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\pl\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ps\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ro\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ru\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\si\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\sk\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\sl\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\sq\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\sr\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\sv\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\ta\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\tet\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\th\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\tl\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\tr\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\uk\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\vi\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\wa\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\locale\zu\LC_MESSAGES\vlc.mo

c:\program files\iLivid\VLC\lua\extensions\allocine-fr.lua

c:\program files\iLivid\VLC\lua\extensions\imdb.lua

c:\program files\iLivid\VLC\lua\extensions\README.txt

c:\program files\iLivid\VLC\lua\http\.hosts

c:\program files\iLivid\VLC\lua\http\custom.lua

c:\program files\iLivid\VLC\lua\http\dialogs\.hosts

c:\program files\iLivid\VLC\lua\http\dialogs\browse

c:\program files\iLivid\VLC\lua\http\dialogs\footer

c:\program files\iLivid\VLC\lua\http\dialogs\input

c:\program files\iLivid\VLC\lua\http\dialogs\main

c:\program files\iLivid\VLC\lua\http\dialogs\mosaic

c:\program files\iLivid\VLC\lua\http\dialogs\playlist

c:\program files\iLivid\VLC\lua\http\dialogs\sout

c:\program files\iLivid\VLC\lua\http\dialogs\vlm

c:\program files\iLivid\VLC\lua\http\favicon.ico

c:\program files\iLivid\VLC\lua\http\flash.html

c:\program files\iLivid\VLC\lua\http\iehacks.css

c:\program files\iLivid\VLC\lua\http\images\delete.png

c:\program files\iLivid\VLC\lua\http\images\delete_small.png

c:\program files\iLivid\VLC\lua\http\images\eject.png

c:\program files\iLivid\VLC\lua\http\images\empty.png

c:\program files\iLivid\VLC\lua\http\images\fullscreen.png

c:\program files\iLivid\VLC\lua\http\images\help.png

c:\program files\iLivid\VLC\lua\http\images\info.png

c:\program files\iLivid\VLC\lua\http\images\loop.png

c:\program files\iLivid\VLC\lua\http\images\minus.png

c:\program files\iLivid\VLC\lua\http\images\next.png

c:\program files\iLivid\VLC\lua\http\images\pause.png

c:\program files\iLivid\VLC\lua\http\images\play.png

c:\program files\iLivid\VLC\lua\http\images\playlist.png

c:\program files\iLivid\VLC\lua\http\images\playlist_small.png

c:\program files\iLivid\VLC\lua\http\images\plus.png

c:\program files\iLivid\VLC\lua\http\images\prev.png

c:\program files\iLivid\VLC\lua\http\images\refresh.png

c:\program files\iLivid\VLC\lua\http\images\repeat.png

c:\program files\iLivid\VLC\lua\http\images\reset.png

c:\program files\iLivid\VLC\lua\http\images\sd.png

c:\program files\iLivid\VLC\lua\http\images\shuffle.png

c:\program files\iLivid\VLC\lua\http\images\slider_bar.png

c:\program files\iLivid\VLC\lua\http\images\slider_left.png

c:\program files\iLivid\VLC\lua\http\images\slider_point.png

c:\program files\iLivid\VLC\lua\http\images\slider_right.png

c:\program files\iLivid\VLC\lua\http\images\slow.png

c:\program files\iLivid\VLC\lua\http\images\snapshot.png

c:\program files\iLivid\VLC\lua\http\images\sort.png

c:\program files\iLivid\VLC\lua\http\images\sout.png

c:\program files\iLivid\VLC\lua\http\images\speaker.png

c:\program files\iLivid\VLC\lua\http\images\speaker_mute.png

c:\program files\iLivid\VLC\lua\http\images\stop.png

c:\program files\iLivid\VLC\lua\http\images\vlc16x16.png

c:\program files\iLivid\VLC\lua\http\images\volume_down.png

c:\program files\iLivid\VLC\lua\http\images\volume_up.png

c:\program files\iLivid\VLC\lua\http\images\white.png

c:\program files\iLivid\VLC\lua\http\images\white_cross_small.png

c:\program files\iLivid\VLC\lua\http\index.html

c:\program files\iLivid\VLC\lua\http\js\functions.js

c:\program files\iLivid\VLC\lua\http\js\mosaic.js

c:\program files\iLivid\VLC\lua\http\js\vlm.js

c:\program files\iLivid\VLC\lua\http\mosaic.html

c:\program files\iLivid\VLC\lua\http\requests\browse.xml

c:\program files\iLivid\VLC\lua\http\requests\playlist.xml

c:\program files\iLivid\VLC\lua\http\requests\readme.txt

c:\program files\iLivid\VLC\lua\http\requests\status.xml

c:\program files\iLivid\VLC\lua\http\requests\vlm.xml

c:\program files\iLivid\VLC\lua\http\requests\vlm_cmd.xml

c:\program files\iLivid\VLC\lua\http\style.css

c:\program files\iLivid\VLC\lua\http\vlm.html

c:\program files\iLivid\VLC\lua\http\vlm_export.html

c:\program files\iLivid\VLC\lua\intf\dummy.lua

c:\program files\iLivid\VLC\lua\intf\dumpmeta.lua

c:\program files\iLivid\VLC\lua\intf\hotkeys.lua

c:\program files\iLivid\VLC\lua\intf\http.lua

c:\program files\iLivid\VLC\lua\intf\luac.lua

c:\program files\iLivid\VLC\lua\intf\modules\common.lua

c:\program files\iLivid\VLC\lua\intf\modules\host.lua

c:\program files\iLivid\VLC\lua\intf\rc.lua

c:\program files\iLivid\VLC\lua\intf\README.txt

c:\program files\iLivid\VLC\lua\intf\telnet.lua

c:\program files\iLivid\VLC\lua\meta\art\01_googleimage.lua

c:\program files\iLivid\VLC\lua\meta\art\02_frenchtv.lua

c:\program files\iLivid\VLC\lua\meta\art\03_lastfm.lua

c:\program files\iLivid\VLC\lua\meta\art\04_musicbrainz.lua

c:\program files\iLivid\VLC\lua\meta\art\README.txt

c:\program files\iLivid\VLC\lua\meta\fetcher\README.txt

c:\program files\iLivid\VLC\lua\meta\fetcher\tvrage.lua

c:\program files\iLivid\VLC\lua\meta\reader\filename.lua

c:\program files\iLivid\VLC\lua\meta\reader\README.txt

c:\program files\iLivid\VLC\lua\modules\sandbox.lua

c:\program files\iLivid\VLC\lua\modules\simplexml.lua

c:\program files\iLivid\VLC\lua\playlist\anevia_streams.lua

c:\program files\iLivid\VLC\lua\playlist\anevia_xml.lua

c:\program files\iLivid\VLC\lua\playlist\appletrailers.lua

c:\program files\iLivid\VLC\lua\playlist\bbc_co_uk.lua

c:\program files\iLivid\VLC\lua\playlist\break.lua

c:\program files\iLivid\VLC\lua\playlist\canalplus.lua

c:\program files\iLivid\VLC\lua\playlist\cue.lua

c:\program files\iLivid\VLC\lua\playlist\dailymotion.lua

c:\program files\iLivid\VLC\lua\playlist\france2.lua

c:\program files\iLivid\VLC\lua\playlist\googlevideo.lua

c:\program files\iLivid\VLC\lua\playlist\jamendo.lua

c:\program files\iLivid\VLC\lua\playlist\joox.lua

c:\program files\iLivid\VLC\lua\playlist\katsomo.lua

c:\program files\iLivid\VLC\lua\playlist\koreus.lua

c:\program files\iLivid\VLC\lua\playlist\lelombrik.lua

c:\program files\iLivid\VLC\lua\playlist\megavideo.lua

c:\program files\iLivid\VLC\lua\playlist\metacafe.lua

c:\program files\iLivid\VLC\lua\playlist\metachannels.lua

c:\program files\iLivid\VLC\lua\playlist\mpora.lua

c:\program files\iLivid\VLC\lua\playlist\pinkbike.lua

c:\program files\iLivid\VLC\lua\playlist\README.txt

c:\program files\iLivid\VLC\lua\playlist\rockbox_fm_presets.lua

c:\program files\iLivid\VLC\lua\playlist\vimeo.lua

c:\program files\iLivid\VLC\lua\playlist\youtube.lua

c:\program files\iLivid\VLC\lua\playlist\youtube_homepage.lua

c:\program files\iLivid\VLC\lua\README.txt

c:\program files\iLivid\VLC\lua\sd\fmc.lua

c:\program files\iLivid\VLC\lua\sd\freebox.lua

c:\program files\iLivid\VLC\lua\sd\icecast.lua

c:\program files\iLivid\VLC\lua\sd\jamendo.lua

c:\program files\iLivid\VLC\lua\sd\metachannels.lua

c:\program files\iLivid\VLC\lua\sd\README.txt

c:\program files\iLivid\VLC\mozilla\npvlc.dll

c:\program files\iLivid\VLC\mozilla\npvlc.dll.manifest

c:\program files\iLivid\VLC\NEWS.txt

c:\program files\iLivid\VLC\NSIS\UAC.dll

c:\program files\iLivid\VLC\NSIS\UAC.nsh

c:\program files\iLivid\VLC\osdmenu\default.cfg

c:\program files\iLivid\VLC\osdmenu\default\selected\bw.png

c:\program files\iLivid\VLC\osdmenu\default\selected\esc.png

c:\program files\iLivid\VLC\osdmenu\default\selected\fw.png

c:\program files\iLivid\VLC\osdmenu\default\selected\next.png

c:\program files\iLivid\VLC\osdmenu\default\selected\play_pause.png

c:\program files\iLivid\VLC\osdmenu\default\selected\previous.png

c:\program files\iLivid\VLC\osdmenu\default\selected\stop.png

c:\program files\iLivid\VLC\osdmenu\default\selected\volume.png

c:\program files\iLivid\VLC\osdmenu\default\selection\bw.png

c:\program files\iLivid\VLC\osdmenu\default\selection\esc.png

c:\program files\iLivid\VLC\osdmenu\default\selection\fw.png

c:\program files\iLivid\VLC\osdmenu\default\selection\next.png

c:\program files\iLivid\VLC\osdmenu\default\selection\play_pause.png

c:\program files\iLivid\VLC\osdmenu\default\selection\previous.png

c:\program files\iLivid\VLC\osdmenu\default\selection\stop.png

c:\program files\iLivid\VLC\osdmenu\default\selection\volume.png

c:\program files\iLivid\VLC\osdmenu\default\unselected.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_00.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_01.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_02.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_03.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_04.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_05.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_06.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_07.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_08.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_09.png

c:\program files\iLivid\VLC\osdmenu\default\volume\volume_10.png

c:\program files\iLivid\VLC\plugins\liba52_plugin.dll

c:\program files\iLivid\VLC\plugins\liba52tofloat32_plugin.dll

c:\program files\iLivid\VLC\plugins\liba52tospdif_plugin.dll

c:\program files\iLivid\VLC\plugins\libaccess_attachment_plugin.dll

c:\program files\iLivid\VLC\plugins\libaccess_bd_plugin.dll

c:\program files\iLivid\VLC\plugins\libaccess_fake_plugin.dll

c:\program files\iLivid\VLC\plugins\libaccess_ftp_plugin.dll

c:\program files\iLivid\VLC\plugins\libaccess_http_plugin.dll

c:\program files\iLivid\VLC\plugins\libaccess_imem_plugin.dll

c:\program files\iLivid\VLC\plugins\libaccess_mms_plugin.dll

c:\program files\iLivid\VLC\plugins\libaccess_output_dummy_plugin.dll

c:\program files\iLivid\VLC\plugins\libaccess_output_file_plugin.dll

c:\program files\iLivid\VLC\plugins\libaccess_output_http_plugin.dll

c:\program files\iLivid\VLC\plugins\libaccess_output_shout_plugin.dll

c:\program files\iLivid\VLC\plugins\libaccess_output_udp_plugin.dll

c:\program files\iLivid\VLC\plugins\libaccess_realrtsp_plugin.dll

c:\program files\iLivid\VLC\plugins\libaccess_smb_plugin.dll

c:\program files\iLivid\VLC\plugins\libaccess_tcp_plugin.dll

c:\program files\iLivid\VLC\plugins\libaccess_udp_plugin.dll

c:\program files\iLivid\VLC\plugins\libadjust_plugin.dll

c:\program files\iLivid\VLC\plugins\libadpcm_plugin.dll

c:\program files\iLivid\VLC\plugins\libaes3_plugin.dll

c:\program files\iLivid\VLC\plugins\libaiff_plugin.dll

c:\program files\iLivid\VLC\plugins\libalphamask_plugin.dll

c:\program files\iLivid\VLC\plugins\libaout_directx_plugin.dll

c:\program files\iLivid\VLC\plugins\libaout_file_plugin.dll

c:\program files\iLivid\VLC\plugins\libaout_sdl_plugin.dll

c:\program files\iLivid\VLC\plugins\libaraw_plugin.dll

c:\program files\iLivid\VLC\plugins\libasf_plugin.dll

c:\program files\iLivid\VLC\plugins\libatmo_plugin.dll

c:\program files\iLivid\VLC\plugins\libau_plugin.dll

c:\program files\iLivid\VLC\plugins\libaudio_format_plugin.dll

c:\program files\iLivid\VLC\plugins\libaudiobargraph_a_plugin.dll

c:\program files\iLivid\VLC\plugins\libaudiobargraph_v_plugin.dll

c:\program files\iLivid\VLC\plugins\libaudioscrobbler_plugin.dll

c:\program files\iLivid\VLC\plugins\libavcodec_plugin.dll

c:\program files\iLivid\VLC\plugins\libavi_plugin.dll

c:\program files\iLivid\VLC\plugins\libball_plugin.dll

c:\program files\iLivid\VLC\plugins\libbda_plugin.dll

c:\program files\iLivid\VLC\plugins\libblend_plugin.dll

c:\program files\iLivid\VLC\plugins\libblendbench_plugin.dll

c:\program files\iLivid\VLC\plugins\libbluescreen_plugin.dll

c:\program files\iLivid\VLC\plugins\libcaca_plugin.dll

c:\program files\iLivid\VLC\plugins\libcanvas_plugin.dll

c:\program files\iLivid\VLC\plugins\libcc_plugin.dll

c:\program files\iLivid\VLC\plugins\libcdda_plugin.dll

c:\program files\iLivid\VLC\plugins\libcdg_plugin.dll

c:\program files\iLivid\VLC\plugins\libchain_plugin.dll

c:\program files\iLivid\VLC\plugins\libchorus_flanger_plugin.dll

c:\program files\iLivid\VLC\plugins\libclone_plugin.dll

c:\program files\iLivid\VLC\plugins\libcolorthres_plugin.dll

c:\program files\iLivid\VLC\plugins\libconverter_fixed_plugin.dll

c:\program files\iLivid\VLC\plugins\libcrop_plugin.dll

c:\program files\iLivid\VLC\plugins\libcroppadd_plugin.dll

c:\program files\iLivid\VLC\plugins\libcvdsub_plugin.dll

c:\program files\iLivid\VLC\plugins\libdeinterlace_plugin.dll

c:\program files\iLivid\VLC\plugins\libdemux_cdg_plugin.dll

c:\program files\iLivid\VLC\plugins\libdemuxdump_plugin.dll

c:\program files\iLivid\VLC\plugins\libdirac_plugin.dll

c:\program files\iLivid\VLC\plugins\libdirect3d_plugin.dll

c:\program files\iLivid\VLC\plugins\libdirectx_plugin.dll

c:\program files\iLivid\VLC\plugins\libdmo_plugin.dll

c:\program files\iLivid\VLC\plugins\libdolby_surround_decoder_plugin.dll

c:\program files\iLivid\VLC\plugins\libdrawable_plugin.dll

c:\program files\iLivid\VLC\plugins\libdshow_plugin.dll

c:\program files\iLivid\VLC\plugins\libdts_plugin.dll

c:\program files\iLivid\VLC\plugins\libdtstofloat32_plugin.dll

c:\program files\iLivid\VLC\plugins\libdtstospdif_plugin.dll

c:\program files\iLivid\VLC\plugins\libdummy_plugin.dll

c:\program files\iLivid\VLC\plugins\libdvbsub_plugin.dll

c:\program files\iLivid\VLC\plugins\libdvdnav_plugin.dll

c:\program files\iLivid\VLC\plugins\libdvdread_plugin.dll

c:\program files\iLivid\VLC\plugins\libequalizer_plugin.dll

c:\program files\iLivid\VLC\plugins\liberase_plugin.dll

c:\program files\iLivid\VLC\plugins\libes_plugin.dll

c:\program files\iLivid\VLC\plugins\libexport_plugin.dll

c:\program files\iLivid\VLC\plugins\libextract_plugin.dll

c:\program files\iLivid\VLC\plugins\libfaad_plugin.dll

c:\program files\iLivid\VLC\plugins\libfake_plugin.dll

c:\program files\iLivid\VLC\plugins\libfilesystem_plugin.dll

c:\program files\iLivid\VLC\plugins\libflac_plugin.dll

c:\program files\iLivid\VLC\plugins\libflacsys_plugin.dll

c:\program files\iLivid\VLC\plugins\libfloat32_mixer_plugin.dll

c:\program files\iLivid\VLC\plugins\libfluidsynth_plugin.dll

c:\program files\iLivid\VLC\plugins\libfolder_plugin.dll

c:\program files\iLivid\VLC\plugins\libfreetype_plugin.dll

c:\program files\iLivid\VLC\plugins\libgaussianblur_plugin.dll

c:\program files\iLivid\VLC\plugins\libgestures_plugin.dll

c:\program files\iLivid\VLC\plugins\libglobalhotkeys_plugin.dll

c:\program files\iLivid\VLC\plugins\libglwin32_plugin.dll

c:\program files\iLivid\VLC\plugins\libgme_plugin.dll

c:\program files\iLivid\VLC\plugins\libgnutls_plugin.dll

c:\program files\iLivid\VLC\plugins\libgoom_plugin.dll

c:\program files\iLivid\VLC\plugins\libgradient_plugin.dll

c:\program files\iLivid\VLC\plugins\libgrain_plugin.dll

c:\program files\iLivid\VLC\plugins\libgrey_yuv_plugin.dll

c:\program files\iLivid\VLC\plugins\libh264_plugin.dll

c:\program files\iLivid\VLC\plugins\libheadphone_channel_mixer_plugin.dll

c:\program files\iLivid\VLC\plugins\libhotkeys_plugin.dll

c:\program files\iLivid\VLC\plugins\libi420_rgb_mmx_plugin.dll

c:\program files\iLivid\VLC\plugins\libi420_rgb_plugin.dll

c:\program files\iLivid\VLC\plugins\libi420_rgb_sse2_plugin.dll

c:\program files\iLivid\VLC\plugins\libi420_yuy2_mmx_plugin.dll

c:\program files\iLivid\VLC\plugins\libi420_yuy2_plugin.dll

c:\program files\iLivid\VLC\plugins\libi420_yuy2_sse2_plugin.dll

c:\program files\iLivid\VLC\plugins\libi422_i420_plugin.dll

c:\program files\iLivid\VLC\plugins\libi422_yuy2_mmx_plugin.dll

c:\program files\iLivid\VLC\plugins\libi422_yuy2_plugin.dll

c:\program files\iLivid\VLC\plugins\libi422_yuy2_sse2_plugin.dll

c:\program files\iLivid\VLC\plugins\libinvert_plugin.dll

c:\program files\iLivid\VLC\plugins\libinvmem_plugin.dll

c:\program files\iLivid\VLC\plugins\libkate_plugin.dll

c:\program files\iLivid\VLC\plugins\liblibass_plugin.dll

c:\program files\iLivid\VLC\plugins\liblibmpeg2_plugin.dll

c:\program files\iLivid\VLC\plugins\liblive555_plugin.dll

c:\program files\iLivid\VLC\plugins\liblogger_plugin.dll

c:\program files\iLivid\VLC\plugins\liblogo_plugin.dll

c:\program files\iLivid\VLC\plugins\liblpcm_plugin.dll

c:\program files\iLivid\VLC\plugins\liblua_plugin.dll

c:\program files\iLivid\VLC\plugins\libmagnify_plugin.dll

c:\program files\iLivid\VLC\plugins\libmarq_plugin.dll

c:\program files\iLivid\VLC\plugins\libmediadirs_plugin.dll

c:\program files\iLivid\VLC\plugins\libmemcpy3dn_plugin.dll

c:\program files\iLivid\VLC\plugins\libmemcpymmx_plugin.dll

c:\program files\iLivid\VLC\plugins\libmemcpymmxext_plugin.dll

c:\program files\iLivid\VLC\plugins\libmirror_plugin.dll

c:\program files\iLivid\VLC\plugins\libmjpeg_plugin.dll

c:\program files\iLivid\VLC\plugins\libmkv_plugin.dll

c:\program files\iLivid\VLC\plugins\libmod_plugin.dll

c:\program files\iLivid\VLC\plugins\libmono_plugin.dll

c:\program files\iLivid\VLC\plugins\libmosaic_plugin.dll

c:\program files\iLivid\VLC\plugins\libmotionblur_plugin.dll

c:\program files\iLivid\VLC\plugins\libmotiondetect_plugin.dll

c:\program files\iLivid\VLC\plugins\libmp4_plugin.dll

c:\program files\iLivid\VLC\plugins\libmpc_plugin.dll

c:\program files\iLivid\VLC\plugins\libmpeg_audio_plugin.dll

c:\program files\iLivid\VLC\plugins\libmpgatofixed32_plugin.dll

c:\program files\iLivid\VLC\plugins\libmpgv_plugin.dll

c:\program files\iLivid\VLC\plugins\libmsn_plugin.dll

c:\program files\iLivid\VLC\plugins\libmux_asf_plugin.dll

c:\program files\iLivid\VLC\plugins\libmux_avi_plugin.dll

c:\program files\iLivid\VLC\plugins\libmux_dummy_plugin.dll

c:\program files\iLivid\VLC\plugins\libmux_mp4_plugin.dll

c:\program files\iLivid\VLC\plugins\libmux_mpjpeg_plugin.dll

c:\program files\iLivid\VLC\plugins\libmux_ogg_plugin.dll

c:\program files\iLivid\VLC\plugins\libmux_ps_plugin.dll

c:\program files\iLivid\VLC\plugins\libmux_ts_plugin.dll

c:\program files\iLivid\VLC\plugins\libmux_wav_plugin.dll

c:\program files\iLivid\VLC\plugins\libnetsync_plugin.dll

c:\program files\iLivid\VLC\plugins\libnoise_plugin.dll

c:\program files\iLivid\VLC\plugins\libnormvol_plugin.dll

c:\program files\iLivid\VLC\plugins\libnsc_plugin.dll

c:\program files\iLivid\VLC\plugins\libnsv_plugin.dll

c:\program files\iLivid\VLC\plugins\libntservice_plugin.dll

c:\program files\iLivid\VLC\plugins\libnuv_plugin.dll

c:\program files\iLivid\VLC\plugins\libogg_plugin.dll

c:\program files\iLivid\VLC\plugins\liboldhttp_plugin.dll

c:\program files\iLivid\VLC\plugins\liboldrc_plugin.dll

c:\program files\iLivid\VLC\plugins\liboldtelnet_plugin.dll

c:\program files\iLivid\VLC\plugins\libosd_parser_plugin.dll

c:\program files\iLivid\VLC\plugins\libosdmenu_plugin.dll

c:\program files\iLivid\VLC\plugins\libpacketizer_copy_plugin.dll

c:\program files\iLivid\VLC\plugins\libpacketizer_dirac_plugin.dll

c:\program files\iLivid\VLC\plugins\libpacketizer_flac_plugin.dll

c:\program files\iLivid\VLC\plugins\libpacketizer_h264_plugin.dll

c:\program files\iLivid\VLC\plugins\libpacketizer_mlp_plugin.dll

c:\program files\iLivid\VLC\plugins\libpacketizer_mpeg4audio_plugin.dll

c:\program files\iLivid\VLC\plugins\libpacketizer_mpeg4video_plugin.dll

c:\program files\iLivid\VLC\plugins\libpacketizer_mpegvideo_plugin.dll

c:\program files\iLivid\VLC\plugins\libpacketizer_vc1_plugin.dll

c:\program files\iLivid\VLC\plugins\libpanoramix_plugin.dll

c:\program files\iLivid\VLC\plugins\libparam_eq_plugin.dll

c:\program files\iLivid\VLC\plugins\libplaylist_plugin.dll

c:\program files\iLivid\VLC\plugins\libpng_plugin.dll

c:\program files\iLivid\VLC\plugins\libpodcast_plugin.dll

c:\program files\iLivid\VLC\plugins\libportaudio_plugin.dll

c:\program files\iLivid\VLC\plugins\libpostproc_plugin.dll

c:\program files\iLivid\VLC\plugins\libprojectm_plugin.dll

c:\program files\iLivid\VLC\plugins\libps_plugin.dll

c:\program files\iLivid\VLC\plugins\libpsychedelic_plugin.dll

c:\program files\iLivid\VLC\plugins\libpuzzle_plugin.dll

c:\program files\iLivid\VLC\plugins\libpva_plugin.dll

c:\program files\iLivid\VLC\plugins\libqt4_plugin.dll

c:\program files\iLivid\VLC\plugins\libquicktime_plugin.dll

c:\program files\iLivid\VLC\plugins\librawaud_plugin.dll

c:\program files\iLivid\VLC\plugins\librawdv_plugin.dll

c:\program files\iLivid\VLC\plugins\librawvid_plugin.dll

c:\program files\iLivid\VLC\plugins\librawvideo_plugin.dll

c:\program files\iLivid\VLC\plugins\libreal_plugin.dll

c:\program files\iLivid\VLC\plugins\librealvideo_plugin.dll

c:\program files\iLivid\VLC\plugins\libremoteosd_plugin.dll

c:\program files\iLivid\VLC\plugins\libripple_plugin.dll

c:\program files\iLivid\VLC\plugins\librotate_plugin.dll

c:\program files\iLivid\VLC\plugins\librss_plugin.dll

c:\program files\iLivid\VLC\plugins\librtp_plugin.dll

c:\program files\iLivid\VLC\plugins\librv32_plugin.dll

c:\program files\iLivid\VLC\plugins\libsap_plugin.dll

c:\program files\iLivid\VLC\plugins\libscale_plugin.dll

c:\program files\iLivid\VLC\plugins\libscaletempo_plugin.dll

c:\program files\iLivid\VLC\plugins\libscene_plugin.dll

c:\program files\iLivid\VLC\plugins\libschroedinger_plugin.dll

c:\program files\iLivid\VLC\plugins\libscreen_plugin.dll

c:\program files\iLivid\VLC\plugins\libsdl_image_plugin.dll

c:\program files\iLivid\VLC\plugins\libsharpen_plugin.dll

c:\program files\iLivid\VLC\plugins\libsimple_channel_mixer_plugin.dll

c:\program files\iLivid\VLC\plugins\libskins2_plugin.dll

c:\program files\iLivid\VLC\plugins\libsmf_plugin.dll

c:\program files\iLivid\VLC\plugins\libspatializer_plugin.dll

c:\program files\iLivid\VLC\plugins\libspdif_mixer_plugin.dll

c:\program files\iLivid\VLC\plugins\libspeex_plugin.dll

c:\program files\iLivid\VLC\plugins\libspudec_plugin.dll

c:\program files\iLivid\VLC\plugins\libstats_plugin.dll

c:\program files\iLivid\VLC\plugins\libstream_filter_rar_plugin.dll

c:\program files\iLivid\VLC\plugins\libstream_filter_record_plugin.dll

c:\program files\iLivid\VLC\plugins\libstream_out_autodel_plugin.dll

c:\program files\iLivid\VLC\plugins\libstream_out_bridge_plugin.dll

c:\program files\iLivid\VLC\plugins\libstream_out_description_plugin.dll

c:\program files\iLivid\VLC\plugins\libstream_out_display_plugin.dll

c:\program files\iLivid\VLC\plugins\libstream_out_dummy_plugin.dll

c:\program files\iLivid\VLC\plugins\libstream_out_duplicate_plugin.dll

c:\program files\iLivid\VLC\plugins\libstream_out_es_plugin.dll

c:\program files\iLivid\VLC\plugins\libstream_out_gather_plugin.dll

c:\program files\iLivid\VLC\plugins\libstream_out_mosaic_bridge_plugin.dll

c:\program files\iLivid\VLC\plugins\libstream_out_raop_plugin.dll

c:\program files\iLivid\VLC\plugins\libstream_out_record_plugin.dll

c:\program files\iLivid\VLC\plugins\libstream_out_rtp_plugin.dll

c:\program files\iLivid\VLC\plugins\libstream_out_smem_plugin.dll

c:\program files\iLivid\VLC\plugins\libstream_out_standard_plugin.dll

c:\program files\iLivid\VLC\plugins\libstream_out_transcode_plugin.dll

c:\program files\iLivid\VLC\plugins\libsubsdec_plugin.dll

c:\program files\iLivid\VLC\plugins\libsubsusf_plugin.dll

c:\program files\iLivid\VLC\plugins\libsubtitle_plugin.dll

c:\program files\iLivid\VLC\plugins\libsvcdsub_plugin.dll

c:\program files\iLivid\VLC\plugins\libswscale_plugin.dll

c:\program files\iLivid\VLC\plugins\libt140_plugin.dll

c:\program files\iLivid\VLC\plugins\libtaglib_plugin.dll

c:\program files\iLivid\VLC\plugins\libtheora_plugin.dll

c:\program files\iLivid\VLC\plugins\libtransform_plugin.dll

c:\program files\iLivid\VLC\plugins\libtrivial_channel_mixer_plugin.dll

c:\program files\iLivid\VLC\plugins\libtrivial_mixer_plugin.dll

c:\program files\iLivid\VLC\plugins\libts_plugin.dll

c:\program files\iLivid\VLC\plugins\libtta_plugin.dll

c:\program files\iLivid\VLC\plugins\libtwolame_plugin.dll

c:\program files\iLivid\VLC\plugins\libty_plugin.dll

c:\program files\iLivid\VLC\plugins\libugly_resampler_plugin.dll

c:\program files\iLivid\VLC\plugins\libvc1_plugin.dll

c:\program files\iLivid\VLC\plugins\libvcd_plugin.dll

c:\program files\iLivid\VLC\plugins\libvideo_filter_wrapper_plugin.dll

c:\program files\iLivid\VLC\plugins\libvisual_plugin.dll

c:\program files\iLivid\VLC\plugins\libvmem_plugin.dll

c:\program files\iLivid\VLC\plugins\libvobsub_plugin.dll

c:\program files\iLivid\VLC\plugins\libvoc_plugin.dll

c:\program files\iLivid\VLC\plugins\libvod_rtsp_plugin.dll

c:\program files\iLivid\VLC\plugins\libvorbis_plugin.dll

c:\program files\iLivid\VLC\plugins\libvout_sdl_plugin.dll

c:\program files\iLivid\VLC\plugins\libvout_wrapper_plugin.dll

c:\program files\iLivid\VLC\plugins\libwall_plugin.dll

c:\program files\iLivid\VLC\plugins\libwav_plugin.dll

c:\program files\iLivid\VLC\plugins\libwave_plugin.dll

c:\program files\iLivid\VLC\plugins\libwaveout_plugin.dll

c:\program files\iLivid\VLC\plugins\libwingdi_plugin.dll

c:\program files\iLivid\VLC\plugins\libx264_plugin.dll

c:\program files\iLivid\VLC\plugins\libxa_plugin.dll

c:\program files\iLivid\VLC\plugins\libxml_plugin.dll

c:\program files\iLivid\VLC\plugins\libxtag_plugin.dll

c:\program files\iLivid\VLC\plugins\libyuv_plugin.dll

c:\program files\iLivid\VLC\plugins\libyuvp_plugin.dll

c:\program files\iLivid\VLC\plugins\libyuy2_i420_plugin.dll

c:\program files\iLivid\VLC\plugins\libyuy2_i422_plugin.dll

c:\program files\iLivid\VLC\plugins\libzip_plugin.dll

c:\program files\iLivid\VLC\plugins\libzvbi_plugin.dll

c:\program files\iLivid\VLC\plugins\plugins-04041e-3e8.dat

c:\program files\iLivid\VLC\README.txt

c:\program files\iLivid\VLC\sdk\include\vlc\deprecated.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_events.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_discoverer.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_library.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_list.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_list_player.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_player.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_structures.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_version.h

c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_vlm.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_access.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_acl.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_aout.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_aout_mixer.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_arrays.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_art_finder.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_avcodec.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_bits.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_block.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_block_helper.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_charset.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_codec.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_common.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_config.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_config_cat.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_configuration.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_cpu.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_demux.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_dialog.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_epg.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_es.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_es_out.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_events.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_filter.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_fourcc.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_fs.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_gcrypt.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_http.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_httpd.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_image.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_inhibit.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_input.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_input_item.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_main.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_md5.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_messages.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_meta.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_modules.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_mouse.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_mtime.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_objects.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_picture.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_picture_fifo.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_picture_pool.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_playlist.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_plugin.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_probe.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_rand.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_services_discovery.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_sout.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_sql.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_stream.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_strings.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_subpicture.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_threads.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_url.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_variables.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_video_splitter.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vlm.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout_display.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout_opengl.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout_window.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_xlib.h

c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_xml.h

c:\program files\iLivid\VLC\sdk\include\vlc\vlc.h

c:\program files\iLivid\VLC\sdk\lib\libvlc.dll.a

c:\program files\iLivid\VLC\sdk\lib\libvlc.la

c:\program files\iLivid\VLC\sdk\lib\libvlccore.dll.a

c:\program files\iLivid\VLC\sdk\lib\libvlccore.la

c:\program files\iLivid\VLC\sdk\lib\pkgconfig\libvlc.pc

c:\program files\iLivid\VLC\sdk\lib\pkgconfig\vlc-plugin.pc

c:\program files\iLivid\VLC\skins\default.vlt

c:\program files\iLivid\VLC\skins\fonts\FreeSans.ttf

c:\program files\iLivid\VLC\skins\fonts\FreeSansBold.ttf

c:\program files\iLivid\VLC\skins\skin.catalog

c:\program files\iLivid\VLC\skins\skin.dtd

c:\program files\iLivid\VLC\spad.nsi

c:\program files\iLivid\VLC\THANKS.txt

c:\program files\iLivid\VLC\vlc-cache-gen.exe

c:\program files\iLivid\VLC\vlc.exe

c:\program files\iLivid\VLC\vlc.exe.manifest

c:\program files\iLivid\VLC\vlc.ico

c:\program files\iLivid\VLC\vlc.win32.nsi

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_RXR1Z_.SYS

-------\Service_rxr1z_.sys

-------\Service_xcpip

-------\Service_xpsec

.

.

((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))

.

.

2012-08-06 22:59 . 2012-08-06 22:59 -------- d-----w- c:\documents and settings\Mirjam\Application Data\SUPERAntiSpyware.com

2012-08-06 22:58 . 2012-08-07 09:12 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-08-06 22:58 . 2012-08-06 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2012-08-06 22:57 . 2012-08-06 22:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-08-06 21:05 . 2012-08-06 21:05 388096 ----a-r- c:\documents and settings\Mirjam\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-08-06 21:05 . 2012-08-06 21:05 -------- d-----w- c:\program files\Trend Micro

2012-08-03 11:51 . 2012-08-03 11:51 54016 ----a-w- c:\windows\system32\drivers\ixodm.sys

2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\Mirjam\Application Data\Malwarebytes

2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-02 22:31 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-02 21:08 . 2012-08-03 08:06 -------- d-----w- c:\documents and settings\Mirjam\Application Data\eType

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 22:25 . 2012-03-29 19:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-02 22:25 . 2011-07-31 21:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-13 13:19 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 13:19 . 2008-10-16 13:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2009-01-28 08:57 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2009-01-28 08:57 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2009-01-28 08:57 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2009-01-28 08:57 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2009-01-28 08:57 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2008-10-16 13:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2009-01-28 08:57 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2009-01-28 08:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:18 . 2010-10-13 17:07 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2010-10-13 17:07 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 13:18 . 2010-10-13 17:07 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-02_23.19.50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-15 21:15 . 2012-08-07 09:12 1137132 c:\windows\system32\Restore\rstrlog.dat

+ 2012-08-06 21:05 . 2012-08-06 21:05 1094656 c:\windows\Installer\5f2a31.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"DVDTray"="c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 65536]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 148888]

"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Mirjam\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 1:14 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11-7-2011 1:13 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 295248]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22-7-2011 18:27 12880]

R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [12-7-2011 23:55 67664]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 7:25 4433248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 6:09 192776]

R2 gupdate1c9a6233ac2f8f8;Google Updateservice (gupdate1c9a6233ac2f8f8);c:\program files\Google\Update\GoogleUpdate.exe [16-3-2009 12:37 133104]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3-8-2012 0:31 655944]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 1:14 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 1:14 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11-7-2011 1:14 16720]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [3-5-2004 17:26 80384]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3-8-2012 0:31 22344]

R3 NetillaVPN;AEP VPN Adapter;c:\windows\system32\drivers\Netva.sys [12-8-2008 13:08 10112]

S0 cerc6;cerc6; [x]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29-3-2012 21:52 250056]

S3 CFcatchme;CFcatchme;\??\c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys [?]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16-3-2009 12:37 133104]

S3 NetillaVPNService;AEP SSL Tunnel Helper Service;c:\program files\AEP\SSLTunnel\NVPNs.exe [12-8-2008 13:08 13824]

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 22:25]

.

2012-08-07 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 21:09]

.

2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37]

.

2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37]

.

2012-08-08 c:\windows\Tasks\User_Feed_Synchronization-{04FCF37C-6942-4AD6-8098-20AD25E9506F}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.nu.nl/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm

IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm

TCP: DhcpNameServer = 192.168.1.254 192.168.0.1

DPF: {37066585-F2BD-4F2E-A6C6-F2CB64EEE826} - hxxps://aloa.arcadis.nl/webapp/psvpns/VPNInstall.cab

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-iLivid - c:\program files\iLivid\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-08-08 22:31

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]

"3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1160)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(4780)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD

c:\program files\WinRAR\rarext.dll

c:\program files\Malwarebytes' Anti-Malware\mbamext.dll

c:\program files\AVG\AVG2012\avgsysx.dll

c:\program files\SUPERAntiSpyware\SASCTXMN.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\windows\System32\SCardSvr.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\Java\jre6\bin\jucheck.exe

.

**************************************************************************

.

Completion time: 2012-08-08 22:44:30 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-08 20:44

ComboFix2.txt 2012-08-07 11:29

ComboFix3.txt 2012-08-02 23:35

.

Pre-Run: 14.495.412.224 bytes free

Post-Run: 14.292.815.872 bytes free

.

- - End Of File - - 5C25903E9AE46E78B265BB653909A61A

Laat AVG nu eens opnieuw scannen. Benieuwd of die nog iets te vertellen heeft ?

"";""";"HKLM\SYSTEM\CurrentControlSet\services\atapi";"Found registry key with reference to infected file C:\WINDOWS\system32\DRIVERS\atapi.sys";"Moved to Virus Vault"

"";"C:\WINDOWS\system32\DRIVERS\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)"

"";"C:\WINDOWS\system32\drivers\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)"

"";"C:\WINDOWS\system32\wuauclt.exe (2836)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\WINDOWS\system32\winlogon.exe (1168)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\svchost.exe (788)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\svchost.exe (772)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\svchost.exe (560)";"Trojan horse PSW.Agent.AUET";"Deleted"

C:\WINDOWS\system32\svchost.exe (2532)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\svchost.exe (1716)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\svchost.exe (1640)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\svchost.exe (1412)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\services.exe (1220)";"Trojan horse PSW.Agent.AUES";"Deleted"

"";"C:\WINDOWS\system32\igfxpers.exe (264)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\WINDOWS\system32\hkcmd.exe (1848)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\WINDOWS\system32\alg.exe (3300)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\WINDOWS\explorer.exe (160)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (2096)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (528)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (3776)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3964)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Java\jre6\bin\jusched.exe (256)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Java\jre6\bin\jucheck.exe (2448)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Internet Explorer\iexplore.exe (4948)";"Trojan horse PSW.Agent.ARMW";"Deleted"

"";"C:\Program Files\Internet Explorer\iexplore.exe (3536)";"Trojan horse PSW.Agent.ARMW";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3704)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (472)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (336)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2400)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (1620)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1860)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (2892)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3848)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (1136)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\AVG\AVG2012\avgmfapx.exe (4736)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3760)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\WINDOWS\system32\wuauclt.exe (2836):\memory_027e0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\winlogon.exe (1168):\memory_00df0000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (788):\memory_00b50000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (788):\memory_00ac0000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (772):\memory_00c30000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (772):\memory_00bb0000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (560):\memory_00930000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (560):\memory_008a0000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (2532):\memory_00c00000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (2532):\memory_00b70000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (1716):\memory_00ae0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (1716):\memory_00a10000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (1640):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (1640):\memory_00af0000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (1412):\memory_00a90000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (1412):\memory_00640000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\services.exe (1220):\memory_009b0000";"Trojan horse PSW.Agent.AUES";"Infected"

"";"C:\WINDOWS\system32\igfxpers.exe (264):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\hkcmd.exe (1848):\memory_00cd0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\alg.exe (3300):\memory_00aa0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\explorer.exe (160):\memory_01730000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\explorer.exe (160):\memory_00ff0000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (2096):\memory_00e90000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (528):\memory_05cf0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (3776):\memory_01470000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3964):\memory_01280000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Java\jre6\bin\jusched.exe (256):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Java\jre6\bin\jucheck.exe (2448):\memory_00df0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Internet Explorer\iexplore.exe (4948):\memory_02000000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Internet Explorer\iexplore.exe (4948):\memory_009d0000";"Trojan horse PSW.Agent.ARMW";"Infected"

"";"C:\Program Files\Internet Explorer\iexplore.exe (3536):\memory_00f20000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Internet Explorer\iexplore.exe (3536):\memory_009c0000";"Trojan horse PSW.Agent.ARMW";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3704):\memory_01050000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (472):\memory_06c80000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (336):\memory_01b20000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2400):\memory_006a0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (1620):\memory_013c0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1860):\memory_00fb0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (2892):\memory_01620000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3848):\memory_00d40000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (1136):\memory_019e0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\AVG\AVG2012\avgmfapx.exe (4736):\memory_01090000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3760):\memory_008d0000";"Trojan horse PSW.Agent.ASJX";"Infected"

Download TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

09:17:12.0625 3980 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

09:17:13.0062 3980 ============================================================

09:17:13.0062 3980 Current date / time: 2012/08/10 09:17:13.0062

09:17:13.0062 3980 SystemInfo:

09:17:13.0062 3980

09:17:13.0062 3980 OS Version: 5.1.2600 ServicePack: 3.0

09:17:13.0062 3980 Product type: Workstation

09:17:13.0062 3980 ComputerName: MIRJAM-303AF4B9

09:17:13.0062 3980 UserName: Mirjam

09:17:13.0062 3980 Windows directory: C:\WINDOWS

09:17:13.0062 3980 System windows directory: C:\WINDOWS

09:17:13.0062 3980 Processor architecture: Intel x86

09:17:13.0062 3980 Number of processors: 1

09:17:13.0062 3980 Page size: 0x1000

09:17:13.0062 3980 Boot type: Normal boot

09:17:13.0062 3980 ============================================================

09:17:17.0171 3980 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020

09:17:17.0171 3980 ============================================================

09:17:17.0171 3980 \Device\Harddisk0\DR0:

09:17:17.0171 3980 MBR partitions:

09:17:17.0171 3980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A84E60

09:17:17.0171 3980 ============================================================

09:17:17.0328 3980 C: <-> \Device\Harddisk0\DR0\Partition0

09:17:17.0328 3980 ============================================================

09:17:17.0328 3980 Initialize success

09:17:17.0328 3980 ============================================================

09:17:33.0593 5496 ============================================================

09:17:33.0593 5496 Scan started

09:17:33.0593 5496 Mode: Manual;

09:17:33.0593 5496 ============================================================

09:17:34.0125 5496 Abiosdsk - ok

09:17:34.0140 5496 abp480n5 - ok

09:17:34.0171 5496 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:17:34.0187 5496 ACPI - ok

09:17:34.0234 5496 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

09:17:34.0234 5496 ACPIEC - ok

09:17:34.0343 5496 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

09:17:34.0359 5496 Adobe LM Service - ok

09:17:34.0468 5496 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

09:17:34.0500 5496 AdobeFlashPlayerUpdateSvc - ok

09:17:34.0515 5496 adpu160m - ok

09:17:34.0578 5496 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:17:34.0593 5496 aec - ok

09:17:34.0656 5496 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys

09:17:34.0671 5496 AegisP - ok

09:17:34.0734 5496 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

09:17:34.0750 5496 AFD - ok

09:17:34.0765 5496 Aha154x - ok

09:17:34.0765 5496 aic78u2 - ok

09:17:34.0781 5496 aic78xx - ok

09:17:34.0828 5496 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

09:17:34.0828 5496 Alerter - ok

09:17:34.0875 5496 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

09:17:34.0875 5496 ALG - ok

09:17:34.0890 5496 AliIde - ok

09:17:34.0890 5496 amsint - ok

09:17:34.0953 5496 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

09:17:34.0968 5496 AppMgmt - ok

09:17:34.0984 5496 asc - ok

09:17:34.0984 5496 asc3350p - ok

09:17:35.0000 5496 asc3550 - ok

09:17:35.0171 5496 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

09:17:35.0218 5496 aspnet_state - ok

09:17:35.0234 5496 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:17:35.0234 5496 AsyncMac - ok

09:17:35.0296 5496 atapi (4bd052a6bf351b00b87d2c18fa7fa9cb) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:17:35.0312 5496 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\atapi.sys. Real md5: 4bd052a6bf351b00b87d2c18fa7fa9cb, Fake md5: 43769e974a1c5105171652f38e6cb8e2

09:17:35.0312 5496 atapi ( ForgedFile.Multi.Generic ) - warning

09:17:35.0312 5496 atapi - detected ForgedFile.Multi.Generic (1)

09:17:35.0328 5496 Atdisk - ok

09:17:35.0359 5496 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:17:35.0359 5496 Atmarpc - ok

09:17:35.0421 5496 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

09:17:35.0421 5496 AudioSrv - ok

09:17:35.0484 5496 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:17:35.0484 5496 audstub - ok

09:17:35.0890 5496 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

09:17:36.0156 5496 AVGIDSAgent - ok

09:17:36.0312 5496 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

09:17:36.0328 5496 AVGIDSDriver - ok

09:17:36.0343 5496 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

09:17:36.0359 5496 AVGIDSEH - ok

09:17:36.0375 5496 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

09:17:36.0390 5496 AVGIDSFilter - ok

09:17:36.0406 5496 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

09:17:36.0406 5496 AVGIDSShim - ok

09:17:36.0437 5496 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

09:17:36.0453 5496 Avgldx86 - ok

09:17:36.0468 5496 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

09:17:36.0468 5496 Avgmfx86 - ok

09:17:36.0531 5496 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

09:17:36.0531 5496 Avgrkx86 - ok

09:17:36.0625 5496 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

09:17:36.0656 5496 Avgtdix - ok

09:17:36.0796 5496 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

09:17:36.0796 5496 avgwd - ok

09:17:36.0859 5496 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

09:17:36.0859 5496 b57w2k - ok

09:17:36.0921 5496 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:17:36.0921 5496 Beep - ok

09:17:37.0000 5496 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

09:17:37.0031 5496 BITS - ok

09:17:37.0078 5496 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

09:17:37.0078 5496 Browser - ok

09:17:37.0093 5496 catchme - ok

09:17:37.0109 5496 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:17:37.0109 5496 cbidf2k - ok

09:17:37.0125 5496 cd20xrnt - ok

09:17:37.0156 5496 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:17:37.0156 5496 Cdaudio - ok

09:17:37.0218 5496 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:17:37.0218 5496 Cdfs - ok

09:17:37.0265 5496 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:17:37.0281 5496 Cdrom - ok

09:17:37.0296 5496 cerc6 - ok

09:17:37.0421 5496 CFcatchme - ok

09:17:37.0437 5496 Changer - ok

09:17:37.0468 5496 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

09:17:37.0468 5496 CiSvc - ok

09:17:37.0484 5496 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

09:17:37.0500 5496 ClipSrv - ok

09:17:37.0593 5496 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:17:37.0671 5496 clr_optimization_v2.0.50727_32 - ok

09:17:37.0734 5496 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

09:17:37.0734 5496 CmBatt - ok

09:17:37.0750 5496 CmdIde - ok

09:17:37.0796 5496 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

09:17:37.0796 5496 Compbatt - ok

09:17:37.0812 5496 COMSysApp - ok

09:17:37.0843 5496 Cpqarray - ok

09:17:37.0875 5496 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

09:17:37.0875 5496 CryptSvc - ok

09:17:37.0890 5496 dac2w2k - ok

09:17:37.0906 5496 dac960nt - ok

09:17:37.0984 5496 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

09:17:37.0984 5496 DcomLaunch - ok

09:17:38.0046 5496 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

09:17:38.0062 5496 Dhcp - ok

09:17:38.0093 5496 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:17:38.0093 5496 Disk - ok

09:17:38.0093 5496 dmadmin - ok

09:17:38.0187 5496 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:17:38.0250 5496 dmboot - ok

09:17:38.0281 5496 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:17:38.0296 5496 dmio - ok

09:17:38.0312 5496 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:17:38.0328 5496 dmload - ok

09:17:38.0390 5496 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

09:17:38.0453 5496 dmserver - ok

09:17:38.0546 5496 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:17:38.0546 5496 DMusic - ok

09:17:38.0609 5496 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

09:17:38.0609 5496 Dnscache - ok

09:17:38.0656 5496 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

09:17:38.0671 5496 Dot3svc - ok

09:17:38.0671 5496 dpti2o - ok

09:17:38.0718 5496 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:17:38.0734 5496 drmkaud - ok

09:17:38.0781 5496 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

09:17:38.0796 5496 EapHost - ok

09:17:38.0828 5496 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

09:17:38.0828 5496 ERSvc - ok

09:17:38.0890 5496 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:17:38.0906 5496 Eventlog - ok

09:17:38.0984 5496 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

09:17:39.0000 5496 EventSystem - ok

09:17:39.0203 5496 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

09:17:39.0250 5496 EvtEng - ok

09:17:39.0312 5496 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:17:39.0343 5496 Fastfat - ok

09:17:39.0406 5496 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:17:39.0421 5496 FastUserSwitchingCompatibility - ok

09:17:39.0468 5496 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

09:17:39.0468 5496 Fdc - ok

09:17:39.0484 5496 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:17:39.0484 5496 Fips - ok

09:17:39.0500 5496 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

09:17:39.0500 5496 Flpydisk - ok

09:17:39.0578 5496 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

09:17:39.0593 5496 FltMgr - ok

09:17:39.0734 5496 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

09:17:39.0734 5496 FontCache3.0.0.0 - ok

09:17:39.0765 5496 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:17:39.0765 5496 Fs_Rec - ok

09:17:39.0812 5496 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:17:39.0859 5496 Ftdisk - ok

09:17:39.0906 5496 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:17:39.0906 5496 Gpc - ok

09:17:39.0968 5496 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys

09:17:39.0968 5496 GTIPCI21 - ok

09:17:40.0125 5496 gupdate1c9a6233ac2f8f8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

09:17:40.0140 5496 gupdate1c9a6233ac2f8f8 - ok

09:17:40.0156 5496 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

09:17:40.0156 5496 gupdatem - ok

09:17:40.0218 5496 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

09:17:40.0234 5496 gusvc - ok

09:17:40.0312 5496 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

09:17:40.0312 5496 helpsvc - ok

09:17:40.0359 5496 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

09:17:40.0359 5496 HidServ - ok

09:17:40.0421 5496 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:17:40.0421 5496 hidusb - ok

09:17:40.0468 5496 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

09:17:40.0468 5496 hkmsvc - ok

09:17:40.0484 5496 hpn - ok

09:17:40.0546 5496 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

09:17:40.0562 5496 HSFHWICH - ok

09:17:40.0656 5496 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

09:17:40.0734 5496 HSF_DP - ok

09:17:40.0796 5496 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:17:40.0828 5496 HTTP - ok

09:17:40.0875 5496 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

09:17:40.0890 5496 HTTPFilter - ok

09:17:40.0906 5496 i2omgmt - ok

09:17:40.0937 5496 i2omp - ok

09:17:40.0984 5496 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:17:40.0984 5496 i8042prt - ok

09:17:41.0093 5496 ialm (d705558b6a678e894c5c67430eef67a2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

09:17:41.0171 5496 ialm - ok

09:17:41.0328 5496 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

09:17:41.0328 5496 IDriverT - ok

09:17:41.0515 5496 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:17:41.0578 5496 idsvc - ok

09:17:41.0687 5496 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:17:41.0687 5496 Imapi - ok

09:17:41.0765 5496 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

09:17:41.0781 5496 ImapiService - ok

09:17:41.0796 5496 ini910u - ok

09:17:41.0859 5496 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

09:17:41.0859 5496 IntelIde - ok

09:17:41.0921 5496 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:17:41.0921 5496 intelppm - ok

09:17:41.0953 5496 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

09:17:41.0953 5496 Ip6Fw - ok

09:17:42.0000 5496 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:17:42.0000 5496 IpFilterDriver - ok

09:17:42.0031 5496 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:17:42.0031 5496 IpInIp - ok

09:17:42.0093 5496 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:17:42.0109 5496 IpNat - ok

09:17:42.0156 5496 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:17:42.0171 5496 IPSec - ok

09:17:42.0187 5496 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

09:17:42.0187 5496 irda - ok

09:17:42.0234 5496 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:17:42.0250 5496 IRENUM - ok

09:17:42.0265 5496 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll

09:17:42.0265 5496 Irmon - ok

09:17:42.0328 5496 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:17:42.0328 5496 isapnp - ok

09:17:42.0484 5496 JavaQuickStarterService (511ab23a292497f2c527eee5775b0bfe) C:\Program Files\Java\jre6\bin\jqs.exe

09:17:42.0500 5496 JavaQuickStarterService - ok

09:17:42.0531 5496 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:17:42.0531 5496 Kbdclass - ok

09:17:42.0578 5496 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

09:17:42.0578 5496 kbdhid - ok

09:17:42.0640 5496 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:17:42.0656 5496 kmixer - ok

09:17:42.0718 5496 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:17:42.0734 5496 KSecDD - ok

09:17:42.0796 5496 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

09:17:42.0796 5496 LanmanServer - ok

09:17:42.0859 5496 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

09:17:42.0875 5496 lanmanworkstation - ok

09:17:42.0890 5496 lbrtfdc - ok

09:17:42.0953 5496 LightScribeService (00944d59948596721d17510c94cd3e4f) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

09:17:42.0953 5496 LightScribeService - ok

09:17:43.0015 5496 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

09:17:43.0015 5496 LmHosts - ok

09:17:43.0046 5496 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys

09:17:43.0046 5496 MBAMProtector - ok

09:17:43.0187 5496 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

09:17:43.0234 5496 MBAMService - ok

09:17:43.0343 5496 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

09:17:43.0359 5496 MDM - ok

09:17:43.0421 5496 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

09:17:43.0421 5496 mdmxsdk - ok

09:17:43.0468 5496 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

09:17:43.0468 5496 Messenger - ok

09:17:43.0515 5496 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:17:43.0515 5496 mnmdd - ok

09:17:43.0562 5496 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

09:17:43.0578 5496 mnmsrvc - ok

09:17:43.0609 5496 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:17:43.0625 5496 Modem - ok

09:17:43.0656 5496 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:17:43.0656 5496 Mouclass - ok

09:17:43.0765 5496 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:17:43.0796 5496 mouhid - ok

09:17:43.0828 5496 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:17:43.0828 5496 MountMgr - ok

09:17:43.0843 5496 mraid35x - ok

09:17:43.0875 5496 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:17:43.0875 5496 MRxDAV - ok

09:17:43.0984 5496 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:17:44.0015 5496 MRxSmb - ok

09:17:44.0046 5496 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

09:17:44.0046 5496 MSDTC - ok

09:17:44.0078 5496 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:17:44.0078 5496 Msfs - ok

09:17:44.0093 5496 MSIServer - ok

09:17:44.0109 5496 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:17:44.0109 5496 MSKSSRV - ok

09:17:44.0140 5496 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:17:44.0140 5496 MSPCLOCK - ok

09:17:44.0156 5496 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:17:44.0171 5496 MSPQM - ok

09:17:44.0218 5496 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:17:44.0234 5496 mssmbios - ok

09:17:44.0281 5496 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:17:44.0296 5496 Mup - ok

09:17:44.0343 5496 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

09:17:44.0375 5496 napagent - ok

09:17:44.0453 5496 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:17:44.0468 5496 NDIS - ok

09:17:44.0531 5496 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:17:44.0531 5496 NdisTapi - ok

09:17:44.0578 5496 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:17:44.0578 5496 Ndisuio - ok

09:17:44.0625 5496 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:17:44.0625 5496 NdisWan - ok

09:17:44.0687 5496 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:17:44.0687 5496 NDProxy - ok

09:17:44.0703 5496 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:17:44.0703 5496 NetBIOS - ok

09:17:44.0734 5496 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:17:44.0750 5496 NetBT - ok

09:17:44.0812 5496 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:17:44.0828 5496 NetDDE - ok

09:17:44.0843 5496 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:17:44.0843 5496 NetDDEdsdm - ok

09:17:44.0890 5496 NetillaVPN (a84ae956ac7f9e493cac07ef98c1a3d1) C:\WINDOWS\system32\DRIVERS\Netva.sys

09:17:44.0890 5496 NetillaVPN - ok

09:17:44.0984 5496 NetillaVPNService (d5480f358c8781f46136df8c669b0d7a) C:\Program Files\AEP\SSLTunnel\nvpns.exe

09:17:44.0984 5496 NetillaVPNService - ok

09:17:45.0015 5496 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:17:45.0015 5496 Netlogon - ok

09:17:45.0062 5496 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

09:17:45.0062 5496 Netman - ok

09:17:45.0218 5496 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:17:45.0234 5496 NetTcpPortSharing - ok

09:17:45.0312 5496 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

09:17:45.0375 5496 Nla - ok

09:17:45.0437 5496 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:17:45.0437 5496 Npfs - ok

09:17:45.0531 5496 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:17:45.0578 5496 Ntfs - ok

09:17:45.0593 5496 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:17:45.0593 5496 NtLmSsp - ok

09:17:45.0640 5496 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

09:17:45.0687 5496 NtmsSvc - ok

09:17:45.0718 5496 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:17:45.0718 5496 Null - ok

09:17:45.0781 5496 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:17:45.0781 5496 NwlnkFlt - ok

09:17:45.0796 5496 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:17:45.0812 5496 NwlnkFwd - ok

09:17:45.0906 5496 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:17:45.0921 5496 ose - ok

09:17:45.0968 5496 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

09:17:45.0968 5496 Parport - ok

09:17:45.0984 5496 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:17:46.0000 5496 PartMgr - ok

09:17:46.0046 5496 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:17:46.0046 5496 ParVdm - ok

09:17:46.0078 5496 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:17:46.0078 5496 PCI - ok

09:17:46.0093 5496 PCIDump - ok

09:17:46.0125 5496 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:17:46.0125 5496 PCIIde - ok

09:17:46.0140 5496 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

09:17:46.0156 5496 Pcmcia - ok

09:17:46.0156 5496 PDCOMP - ok

09:17:46.0171 5496 PDFRAME - ok

09:17:46.0187 5496 PDRELI - ok

09:17:46.0203 5496 PDRFRAME - ok

09:17:46.0203 5496 perc2 - ok

09:17:46.0218 5496 perc2hib - ok

09:17:46.0296 5496 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:17:46.0296 5496 PlugPlay - ok

09:17:46.0312 5496 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:17:46.0312 5496 PolicyAgent - ok

09:17:46.0406 5496 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:17:46.0406 5496 PptpMiniport - ok

09:17:46.0421 5496 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:17:46.0421 5496 ProtectedStorage - ok

09:17:46.0437 5496 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:17:46.0453 5496 PSched - ok

09:17:46.0484 5496 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:17:46.0484 5496 Ptilink - ok

09:17:46.0500 5496 ql1080 - ok

09:17:46.0515 5496 Ql10wnt - ok

09:17:46.0515 5496 ql12160 - ok

09:17:46.0531 5496 ql1240 - ok

09:17:46.0546 5496 ql1280 - ok

09:17:46.0578 5496 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:17:46.0578 5496 RasAcd - ok

09:17:46.0609 5496 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

09:17:46.0625 5496 RasAuto - ok

09:17:46.0671 5496 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

09:17:46.0671 5496 Rasirda - ok

09:17:46.0687 5496 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:17:46.0703 5496 Rasl2tp - ok

09:17:46.0734 5496 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

09:17:46.0750 5496 RasMan - ok

09:17:46.0765 5496 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:17:46.0765 5496 RasPppoe - ok

09:17:46.0781 5496 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:17:46.0781 5496 Raspti - ok

09:17:46.0828 5496 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:17:46.0843 5496 Rdbss - ok

09:17:46.0859 5496 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:17:46.0875 5496 RDPCDD - ok

09:17:46.0921 5496 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

09:17:46.0937 5496 rdpdr - ok

09:17:47.0000 5496 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

09:17:47.0031 5496 RDPWD - ok

09:17:47.0078 5496 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

09:17:47.0093 5496 RDSessMgr - ok

09:17:47.0125 5496 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:17:47.0140 5496 redbook - ok

09:17:47.0312 5496 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

09:17:47.0343 5496 RegSrvc - ok

09:17:47.0406 5496 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

09:17:47.0406 5496 RemoteAccess - ok

09:17:47.0484 5496 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

09:17:47.0484 5496 RemoteRegistry - ok

09:17:47.0531 5496 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

09:17:47.0531 5496 RpcLocator - ok

09:17:47.0593 5496 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

09:17:47.0609 5496 RpcSs - ok

09:17:47.0671 5496 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

09:17:47.0703 5496 RSVP - ok

09:17:47.0812 5496 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

09:17:47.0875 5496 S24EventMonitor - ok

09:17:47.0921 5496 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys

09:17:47.0921 5496 s24trans - ok

09:17:47.0984 5496 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:17:47.0984 5496 SamSs - ok

09:17:48.0078 5496 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

09:17:48.0078 5496 SASDIFSV - ok

09:17:48.0093 5496 SAS***IL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS

09:17:48.0093 5496 SAS***IL - ok

09:17:48.0156 5496 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

09:17:48.0171 5496 SCardSvr - ok

09:17:48.0234 5496 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

09:17:48.0281 5496 Schedule - ok

09:17:48.0312 5496 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:17:48.0328 5496 Secdrv - ok

09:17:48.0359 5496 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

09:17:48.0359 5496 seclogon - ok

09:17:48.0468 5496 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

09:17:48.0468 5496 SENS - ok

09:17:48.0546 5496 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

09:17:48.0562 5496 serenum - ok

09:17:48.0609 5496 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

09:17:48.0609 5496 Serial - ok

09:17:48.0671 5496 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:17:48.0671 5496 Sfloppy - ok

09:17:48.0750 5496 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

09:17:48.0765 5496 SharedAccess - ok

09:17:48.0828 5496 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:17:48.0828 5496 ShellHWDetection - ok

09:17:48.0843 5496 Simbad - ok

09:17:48.0890 5496 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys

09:17:48.0890 5496 SMCIRDA - ok

09:17:48.0906 5496 Sparrow - ok

09:17:48.0953 5496 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:17:48.0953 5496 splitter - ok

09:17:49.0015 5496 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

09:17:49.0015 5496 Spooler - ok

09:17:49.0078 5496 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:17:49.0078 5496 sr - ok

09:17:49.0125 5496 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

09:17:49.0125 5496 srservice - ok

09:17:49.0187 5496 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:17:49.0203 5496 Srv - ok

09:17:49.0296 5496 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

09:17:49.0296 5496 SSDPSRV - ok

09:17:49.0375 5496 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys

09:17:49.0390 5496 STAC97 - ok

09:17:49.0453 5496 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

09:17:49.0453 5496 stisvc - ok

09:17:49.0500 5496 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:17:49.0515 5496 swenum - ok

09:17:49.0531 5496 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:17:49.0531 5496 swmidi - ok

09:17:49.0546 5496 SwPrv - ok

09:17:49.0562 5496 symc810 - ok

09:17:49.0578 5496 symc8xx - ok

09:17:49.0593 5496 sym_hi - ok

09:17:49.0609 5496 sym_u3 - ok

09:17:49.0656 5496 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:17:49.0671 5496 sysaudio - ok

09:17:49.0718 5496 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

09:17:49.0734 5496 SysmonLog - ok

09:17:49.0781 5496 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

09:17:49.0796 5496 TapiSrv - ok

09:17:49.0859 5496 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:17:49.0890 5496 Tcpip - ok

09:17:49.0953 5496 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:17:49.0953 5496 TDPIPE - ok

09:17:49.0984 5496 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:17:49.0984 5496 TDTCP - ok

09:17:50.0000 5496 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:17:50.0015 5496 TermDD - ok

09:17:50.0046 5496 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

09:17:50.0062 5496 TermService - ok

09:17:50.0125 5496 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:17:50.0125 5496 Themes - ok

09:17:50.0171 5496 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

09:17:50.0187 5496 TlntSvr - ok

09:17:50.0203 5496 TosIde - ok

09:17:50.0250 5496 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

09:17:50.0265 5496 TrkWks - ok

09:17:50.0296 5496 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:17:50.0296 5496 Udfs - ok

09:17:50.0312 5496 UIUSys - ok

09:17:50.0328 5496 ultra - ok

09:17:50.0421 5496 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:17:50.0453 5496 Update - ok

09:17:50.0500 5496 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

09:17:50.0515 5496 upnphost - ok

09:17:50.0546 5496 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

09:17:50.0546 5496 UPS - ok

09:17:50.0625 5496 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:17:50.0625 5496 usbccgp - ok

09:17:50.0765 5496 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:17:50.0781 5496 usbehci - ok

09:17:50.0796 5496 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:17:50.0796 5496 usbhub - ok

09:17:50.0828 5496 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

09:17:50.0843 5496 usbprint - ok

09:17:50.0859 5496 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:17:50.0859 5496 usbscan - ok

09:17:50.0906 5496 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:17:50.0906 5496 USBSTOR - ok

09:17:50.0968 5496 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:17:50.0968 5496 usbuhci - ok

09:17:51.0078 5496 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:17:51.0078 5496 VgaSave - ok

09:17:51.0093 5496 ViaIde - ok

09:17:51.0125 5496 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:17:51.0125 5496 VolSnap - ok

09:17:51.0187 5496 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

09:17:51.0203 5496 VSS - ok

09:17:51.0421 5496 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys

09:17:51.0578 5496 w29n51 - ok

09:17:51.0750 5496 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

09:17:51.0765 5496 W32Time - ok

09:17:51.0828 5496 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:17:51.0843 5496 Wanarp - ok

09:17:51.0890 5496 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

09:17:51.0906 5496 wceusbsh - ok

09:17:51.0906 5496 WDICA - ok

09:17:51.0984 5496 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:17:51.0984 5496 wdmaud - ok

09:17:52.0046 5496 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

09:17:52.0062 5496 WebClient - ok

09:17:52.0156 5496 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

09:17:52.0203 5496 winachsf - ok

09:17:52.0312 5496 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

09:17:52.0312 5496 winmgmt - ok

09:17:52.0515 5496 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

09:17:52.0546 5496 WLANKEEPER - ok

09:17:52.0593 5496 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll

09:17:52.0593 5496 WmdmPmSN - ok

09:17:52.0687 5496 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

09:17:52.0734 5496 Wmi - ok

09:17:52.0796 5496 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

09:17:52.0812 5496 WmiApSrv - ok

09:17:52.0906 5496 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

09:17:52.0921 5496 WS2IFSL - ok

09:17:52.0984 5496 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

09:17:52.0984 5496 wscsvc - ok

09:17:53.0046 5496 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

09:17:53.0062 5496 wuauserv - ok

09:17:53.0140 5496 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

09:17:53.0156 5496 WZCSVC - ok

09:17:53.0156 5496 xcpip - ok

09:17:53.0218 5496 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

09:17:53.0234 5496 xmlprov - ok

09:17:53.0250 5496 xpsec - ok

09:17:53.0328 5496 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

09:17:54.0156 5496 \Device\Harddisk0\DR0 - ok

09:17:54.0156 5496 Boot (0x1200) (91d123cdc670794bbef41be835648a46) \Device\Harddisk0\DR0\Partition0

09:17:54.0171 5496 \Device\Harddisk0\DR0\Partition0 - ok

09:17:54.0171 5496 ============================================================

09:17:54.0171 5496 Scan finished

09:17:54.0187 5496 ============================================================

09:17:54.0218 5488 Detected object count: 1

09:17:54.0218 5488 Actual detected object count: 1

09:18:11.0218 5488 atapi ( ForgedFile.Multi.Generic ) - skipped by user

09:18:11.0218 5488 atapi ( ForgedFile.Multi.Generic ) - User select action: Skip

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\rxr1z_.sys

Driver::

rxr1z_.sys

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht … en dan maar weer AVG laten scannen.

resultaten combofix en aansluitend avg-scan:

ComboFix 12-08-09.01 - Mirjam 10-08-2012 10:12:59.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.598 [GMT 2:00]

Running from: c:\documents and settings\Mirjam\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mirjam\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

FILE ::

"c:\windows\system32\drivers\rxr1z_.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_RXR1Z_.SYS

-------\Service_xcpip

-------\Service_xpsec

.

.

((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))

.

.

2012-08-06 22:59 . 2012-08-06 22:59 -------- d-----w- c:\documents and settings\Mirjam\Application Data\SUPERAntiSpyware.com

2012-08-06 22:58 . 2012-08-07 09:12 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-08-06 22:58 . 2012-08-06 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2012-08-06 22:57 . 2012-08-06 22:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-08-06 21:05 . 2012-08-06 21:05 388096 ----a-r- c:\documents and settings\Mirjam\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-08-06 21:05 . 2012-08-06 21:05 -------- d-----w- c:\program files\Trend Micro

2012-08-03 11:51 . 2012-08-03 11:51 54016 ----a-w- c:\windows\system32\drivers\ixodm.sys

2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\Mirjam\Application Data\Malwarebytes

2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-02 22:31 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-02 21:08 . 2012-08-03 08:06 -------- d-----w- c:\documents and settings\Mirjam\Application Data\eType

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 22:25 . 2012-03-29 19:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-02 22:25 . 2011-07-31 21:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-13 13:19 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 13:19 . 2008-10-16 13:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2009-01-28 08:57 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2009-01-28 08:57 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2009-01-28 08:57 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2009-01-28 08:57 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2009-01-28 08:57 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2008-10-16 13:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2009-01-28 08:57 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2009-01-28 08:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:18 . 2010-10-13 17:07 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2010-10-13 17:07 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 13:18 . 2010-10-13 17:07 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

Cryptography Services Error !!

.

((((((((((((((((((((((((((((( SnapShot@2012-08-02_23.19.50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-15 21:15 . 2012-08-07 09:12 1137132 c:\windows\system32\Restore\rstrlog.dat

+ 2012-08-06 21:05 . 2012-08-06 21:05 1094656 c:\windows\Installer\5f2a31.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"DVDTray"="c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 65536]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 148888]

"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Mirjam\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 1:14 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11-7-2011 1:13 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 295248]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22-7-2011 18:27 12880]

R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [12-7-2011 23:55 67664]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 7:25 4433248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 6:09 192776]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3-8-2012 0:31 655944]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 1:14 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 1:14 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11-7-2011 1:14 16720]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [3-5-2004 17:26 80384]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3-8-2012 0:31 22344]

R3 NetillaVPN;AEP VPN Adapter;c:\windows\system32\drivers\Netva.sys [12-8-2008 13:08 10112]

S0 cerc6;cerc6; [x]

S2 gupdate1c9a6233ac2f8f8;Google Updateservice (gupdate1c9a6233ac2f8f8);c:\program files\Google\Update\GoogleUpdate.exe [16-3-2009 12:37 133104]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29-3-2012 21:52 250056]

S3 CFcatchme;CFcatchme;\??\c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys [?]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16-3-2009 12:37 133104]

S3 NetillaVPNService;AEP SSL Tunnel Helper Service;c:\program files\AEP\SSLTunnel\NVPNs.exe [12-8-2008 13:08 13824]

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 22:25]

.

2012-08-07 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 21:09]

.

2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37]

.

2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37]

.

2012-08-10 c:\windows\Tasks\User_Feed_Synchronization-{04FCF37C-6942-4AD6-8098-20AD25E9506F}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.nu.nl/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm

IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm

TCP: DhcpNameServer = 192.168.1.254 192.168.0.1

DPF: {37066585-F2BD-4F2E-A6C6-F2CB64EEE826} - hxxps://aloa.arcadis.nl/webapp/psvpns/VPNInstall.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-10 10:26

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]

"3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1384)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(5636)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\windows\System32\SCardSvr.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

.

**************************************************************************

.

Completion time: 2012-08-10 10:33:49 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-10 08:33

ComboFix2.txt 2012-08-08 20:44

ComboFix3.txt 2012-08-07 11:29

ComboFix4.txt 2012-08-02 23:35

.

Pre-Run: 14.616.731.648 bytes free

Post-Run: 14.608.093.184 bytes free

.

- - End Of File - - EBC33F07298740C8452635919F0546B6

"";"C:\WINDOWS\system32\wuauclt.exe (1568):\memory_027e0000";"Trojan horse PSW.Agent.ASJX";"Object is inaccessible."

"";"C:\WINDOWS\system32\wuauclt.exe (1568)";"Trojan horse PSW.Agent.ASJX";""

"";"C:\WINDOWS\system32\winlogon.exe (1384)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\svchost.exe (3304)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\svchost.exe (1772)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\svchost.exe (1628)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\services.exe (1432)";"Trojan horse PSW.Agent.AUES";"Deleted"

"";"C:\WINDOWS\system32\igfxpers.exe (3644)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\WINDOWS\system32\hkcmd.exe (3636)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\WINDOWS\explorer.exe (5636)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (452)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3848)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3832)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Java\jre6\bin\jusched.exe (3708)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3652)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (504)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (356)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (3156)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3672)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1912)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (4128)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3776)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (2604)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\AVG\AVG2012\avgui.exe (5920)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (3548)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3692)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\WINDOWS\system32\winlogon.exe (1384):\memory_00c40000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (3304):\memory_00c00000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (3304):\memory_00b70000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (1772):\memory_00ad0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (1772):\memory_00a50000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (1628):\memory_00ae0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (1628):\memory_00a60000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\services.exe (1432):\memory_006a0000";"Trojan horse PSW.Agent.AUES";"Infected"

"";"C:\WINDOWS\system32\igfxpers.exe (3644):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\system32\hkcmd.exe (3636):\memory_00cd0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\explorer.exe (5636):\memory_00ed0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\explorer.exe (5636):\memory_00e40000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (452):\memory_00f50000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3848):\memory_05cf0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3832):\memory_01230000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Java\jre6\bin\jusched.exe (3708):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3652):\memory_02230000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (504):\memory_06980000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (356):\memory_01400000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (3156):\memory_006a0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3672):\memory_06c30000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1912):\memory_00fb0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (4128):\memory_00e90000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3776):\memory_01e20000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (2604):\memory_023d0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\AVG\AVG2012\avgui.exe (5920):\memory_025f0000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (3548):\memory_01c70000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3692):\memory_00900000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"HKLM\SYSTEM\CurrentControlSet\services\atapi";"Found registry key with reference to infected file C:\WINDOWS\system32\DRIVERS\atapi.sys";"Healed"

"";"C:\WINDOWS\system32\DRIVERS\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)"

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.

• Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  
• Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
  
  
• Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  
• Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  
• Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  
• Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
  
• Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
  
  
• Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  
• Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  
• Herstart nu de computer.