kjv

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-08-16 23:26:59 ----------------------------- 23:26:59.453 OS Version: Windows 5.1.2600 Service Pack 3 23:26:59.453 Number of processors: 1 586 0xD08 23:26:59.453 ComputerName: MIRJAM-303AF4B9 UserName: Mirjam 23:27:04.375 Initialize success 23:27:39.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 23:27:39.328 Disk 0 Vendor: ST9408114A 8.03 Size: 38154MB BusType: 3 23:27:39.328 Disk 0 MBR read successfully 23:27:39.328 Disk 0 MBR scan 23:27:39.328 Disk 0 Windows XP default MBR code 23:27:39.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38153 MB offset 63 23:27:39.359 Disk 0 scanning sectors +78139039 23:27:39.453 Disk 0 scanning C:\WINDOWS\system32\drivers 23:27:45.937 Service scanning 23:27:48.125 Service atapi C:\WINDOWS\system32\DRIVERS\atapi.sys **LOCKED** 32 23:28:01.296 Modules scanning 23:28:08.578 Disk 0 trace - called modules: 23:28:08.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 23:28:08.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8715bab8] 23:28:09.109 3 CLASSPNP.SYS[f75c7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x871dd940] 23:28:09.109 Scan finished successfully 23:29:08.734 Disk 0 MBR has been saved successfully to "E:\MBR.dat" 23:29:08.750 The log file has been saved successfully to "E:\aswMBR.txt"

dr web uitgevoerd zoals hierboven, maar helaas heeft en gezinslid de computer uitgezet voordat er een log is opgeslagen. Het hele circus nogmaals laten draaien en log opgeslagen (zeer groot bestand). alles was o.k. , geen virussen o.i.d. gedetecteerd. Ik heb wel de bestanden die bij de eerste dr-web-scan in quarantine zijn geplaatst genoteerd. Vervolgens AVG laten scannen: meer infecties gedetecteerd dan voorheen! dr-web-quarantine: A0060108.dll A0060573.dll A0061224.dll descript.ion Helper.dll.vir AVG-scan: "";"C:\WINDOWS\system32\winlogon.exe (1176)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (672)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (3812)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (312)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (2160)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (1748)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (1696)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (1632)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\services.exe (1224)";"Trojan horse PSW.Agent.AUES";"Deleted" "";"C:\WINDOWS\system32\igfxpers.exe (3568)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\hkcmd.exe (3560)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\ctfmon.exe (3912)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\alg.exe (2916)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\explorer.exe (240)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (108)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3868)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (3636)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3876)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Java\jre6\bin\jusched.exe (3624)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3528)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (536)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (392)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2000)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3596)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1864)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (3476)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1816)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (2724)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (3884)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\AVG\AVG2012\avgui.exe (4592)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\AVG\AVG2012\avgtray.exe (3756)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (720)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\winlogon.exe (1176):\memory_00bf0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (672):\memory_00930000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (672):\memory_008a0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (3812):\memory_00b50000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (3812):\memory_00ac0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (312):\memory_00b60000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (312):\memory_00ae0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (2160):\memory_00c00000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (2160):\memory_00b70000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1748):\memory_00ae0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1748):\memory_00a50000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1696):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1696):\memory_00af0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1632):\memory_00ae0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1632):\memory_00a60000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\services.exe (1224):\memory_00670000";"Trojan horse PSW.Agent.AUES";"Infected" "";"C:\WINDOWS\system32\igfxpers.exe (3568):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\hkcmd.exe (3560):\memory_00cd0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\ctfmon.exe (3912):\memory_00b10000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\alg.exe (2916):\memory_00aa0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\explorer.exe (240):\memory_00f10000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\explorer.exe (240):\memory_00e80000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (108):\memory_00e90000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3868):\memory_05cf0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (3636):\memory_01670000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3876):\memory_01280000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Java\jre6\bin\jusched.exe (3624):\memory_00b20000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3528):\memory_01050000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (536):\memory_02880000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (392):\memory_01ad0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2000):\memory_006a0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3596):\memory_00fc0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1864):\memory_00fb0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (3476):\memory_01670000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1816):\memory_008f0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (2724):\memory_00da0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (3884):\memory_019e0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\AVG\AVG2012\avgui.exe (4592):\memory_01430000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\AVG\AVG2012\avgtray.exe (3756):\memory_03760000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (720):\memory_008d0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\drivers\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)"

TDSS-killer en avg-scan. tdss heeft niets gevonden, avg blijft problemen signaleren, dit klopt want computer blijft traag en onvoorspelbaar. 20:23:10.0265 2808 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 20:23:10.0750 2808 ============================================================ 20:23:10.0750 2808 Current date / time: 2012/08/13 20:23:10.0750 20:23:10.0750 2808 SystemInfo: 20:23:10.0750 2808 20:23:10.0750 2808 OS Version: 5.1.2600 ServicePack: 3.0 20:23:10.0750 2808 Product type: Workstation 20:23:10.0750 2808 ComputerName: MIRJAM-303AF4B9 20:23:10.0750 2808 UserName: Mirjam 20:23:10.0750 2808 Windows directory: C:\WINDOWS 20:23:10.0750 2808 System windows directory: C:\WINDOWS 20:23:10.0750 2808 Processor architecture: Intel x86 20:23:10.0750 2808 Number of processors: 1 20:23:10.0750 2808 Page size: 0x1000 20:23:10.0750 2808 Boot type: Normal boot 20:23:10.0750 2808 ============================================================ 20:23:13.0375 2808 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020 20:23:13.0375 2808 ============================================================ 20:23:13.0375 2808 \Device\Harddisk0\DR0: 20:23:13.0375 2808 MBR partitions: 20:23:13.0375 2808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A84E60 20:23:13.0375 2808 ============================================================ 20:23:13.0406 2808 C: <-> \Device\Harddisk0\DR0\Partition0 20:23:13.0406 2808 ============================================================ 20:23:13.0406 2808 Initialize success 20:23:13.0406 2808 ============================================================ 20:23:38.0640 4336 ============================================================ 20:23:38.0640 4336 Scan started 20:23:38.0640 4336 Mode: Manual; 20:23:38.0640 4336 ============================================================ 20:23:39.0109 4336 Abiosdsk - ok 20:23:39.0125 4336 abp480n5 - ok 20:23:39.0187 4336 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:23:39.0218 4336 ACPI - ok 20:23:39.0265 4336 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 20:23:39.0265 4336 ACPIEC - ok 20:23:39.0359 4336 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 20:23:39.0375 4336 Adobe LM Service - ok 20:23:39.0484 4336 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 20:23:39.0500 4336 AdobeFlashPlayerUpdateSvc - ok 20:23:39.0515 4336 adpu160m - ok 20:23:39.0562 4336 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 20:23:39.0578 4336 aec - ok 20:23:39.0656 4336 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys 20:23:39.0671 4336 AegisP - ok 20:23:39.0734 4336 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 20:23:39.0750 4336 AFD - ok 20:23:39.0750 4336 Aha154x - ok 20:23:39.0765 4336 aic78u2 - ok 20:23:39.0781 4336 aic78xx - ok 20:23:39.0812 4336 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 20:23:39.0812 4336 Alerter - ok 20:23:39.0859 4336 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 20:23:39.0875 4336 ALG - ok 20:23:39.0875 4336 AliIde - ok 20:23:39.0890 4336 amsint - ok 20:23:39.0937 4336 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 20:23:39.0937 4336 AppMgmt - ok 20:23:39.0953 4336 asc - ok 20:23:39.0968 4336 asc3350p - ok 20:23:39.0968 4336 asc3550 - ok 20:23:40.0093 4336 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 20:23:40.0093 4336 aspnet_state - ok 20:23:40.0125 4336 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:23:40.0125 4336 AsyncMac - ok 20:23:40.0140 4336 Atdisk - ok 20:23:40.0171 4336 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:23:40.0171 4336 Atmarpc - ok 20:23:40.0203 4336 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 20:23:40.0203 4336 AudioSrv - ok 20:23:40.0250 4336 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 20:23:40.0250 4336 audstub - ok 20:23:40.0687 4336 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe 20:23:40.0953 4336 AVGIDSAgent - ok 20:23:41.0109 4336 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 20:23:41.0125 4336 AVGIDSDriver - ok 20:23:41.0187 4336 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 20:23:41.0187 4336 AVGIDSEH - ok 20:23:41.0203 4336 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20:23:41.0218 4336 AVGIDSFilter - ok 20:23:41.0234 4336 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20:23:41.0234 4336 AVGIDSShim - ok 20:23:41.0296 4336 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 20:23:41.0328 4336 Avgldx86 - ok 20:23:41.0328 4336 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 20:23:41.0343 4336 Avgmfx86 - ok 20:23:41.0406 4336 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 20:23:41.0421 4336 Avgrkx86 - ok 20:23:41.0468 4336 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 20:23:41.0500 4336 Avgtdix - ok 20:23:41.0656 4336 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 20:23:41.0671 4336 avgwd - ok 20:23:41.0734 4336 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 20:23:41.0750 4336 b57w2k - ok 20:23:41.0796 4336 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 20:23:41.0796 4336 Beep - ok 20:23:41.0875 4336 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 20:23:41.0953 4336 BITS - ok 20:23:42.0000 4336 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 20:23:42.0015 4336 Browser - ok 20:23:42.0140 4336 catchme - ok 20:23:42.0203 4336 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 20:23:42.0203 4336 cbidf2k - ok 20:23:42.0218 4336 cd20xrnt - ok 20:23:42.0234 4336 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 20:23:42.0250 4336 Cdaudio - ok 20:23:42.0296 4336 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 20:23:42.0296 4336 Cdfs - ok 20:23:42.0468 4336 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:23:42.0468 4336 Cdrom - ok 20:23:42.0484 4336 cerc6 - ok 20:23:42.0484 4336 CFcatchme - ok 20:23:42.0500 4336 Changer - ok 20:23:42.0531 4336 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 20:23:42.0531 4336 CiSvc - ok 20:23:42.0546 4336 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 20:23:42.0546 4336 ClipSrv - ok 20:23:42.0671 4336 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:23:42.0671 4336 clr_optimization_v2.0.50727_32 - ok 20:23:42.0718 4336 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 20:23:42.0718 4336 CmBatt - ok 20:23:42.0734 4336 CmdIde - ok 20:23:42.0750 4336 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 20:23:42.0750 4336 Compbatt - ok 20:23:42.0765 4336 COMSysApp - ok 20:23:42.0781 4336 Cpqarray - ok 20:23:42.0828 4336 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 20:23:42.0828 4336 CryptSvc - ok 20:23:42.0843 4336 dac2w2k - ok 20:23:42.0859 4336 dac960nt - ok 20:23:42.0921 4336 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 20:23:42.0953 4336 DcomLaunch - ok 20:23:42.0984 4336 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 20:23:43.0000 4336 Dhcp - ok 20:23:43.0031 4336 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 20:23:43.0046 4336 Disk - ok 20:23:43.0062 4336 dmadmin - ok 20:23:43.0156 4336 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 20:23:43.0218 4336 dmboot - ok 20:23:43.0265 4336 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 20:23:43.0281 4336 dmio - ok 20:23:43.0312 4336 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 20:23:43.0328 4336 dmload - ok 20:23:43.0343 4336 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 20:23:43.0343 4336 dmserver - ok 20:23:43.0390 4336 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 20:23:43.0390 4336 DMusic - ok 20:23:43.0453 4336 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 20:23:43.0453 4336 Dnscache - ok 20:23:43.0515 4336 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 20:23:43.0531 4336 Dot3svc - ok 20:23:43.0531 4336 dpti2o - ok 20:23:43.0578 4336 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 20:23:43.0578 4336 drmkaud - ok 20:23:43.0609 4336 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 20:23:43.0609 4336 EapHost - ok 20:23:43.0640 4336 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 20:23:43.0656 4336 ERSvc - ok 20:23:43.0703 4336 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 20:23:43.0734 4336 Eventlog - ok 20:23:43.0812 4336 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 20:23:43.0828 4336 EventSystem - ok 20:23:44.0031 4336 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 20:23:44.0078 4336 EvtEng - ok 20:23:44.0140 4336 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 20:23:44.0156 4336 Fastfat - ok 20:23:44.0203 4336 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 20:23:44.0250 4336 FastUserSwitchingCompatibility - ok 20:23:44.0265 4336 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 20:23:44.0281 4336 Fdc - ok 20:23:44.0296 4336 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 20:23:44.0296 4336 Fips - ok 20:23:44.0312 4336 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 20:23:44.0312 4336 Flpydisk - ok 20:23:44.0500 4336 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 20:23:44.0531 4336 FltMgr - ok 20:23:44.0703 4336 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 20:23:44.0703 4336 FontCache3.0.0.0 - ok 20:23:44.0734 4336 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:23:44.0750 4336 Fs_Rec - ok 20:23:44.0765 4336 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:23:44.0781 4336 Ftdisk - ok 20:23:44.0828 4336 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:23:44.0843 4336 Gpc - ok 20:23:44.0906 4336 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys 20:23:44.0906 4336 GTIPCI21 - ok 20:23:45.0046 4336 gupdate1c9a6233ac2f8f8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 20:23:45.0046 4336 gupdate1c9a6233ac2f8f8 - ok 20:23:45.0062 4336 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 20:23:45.0062 4336 gupdatem - ok 20:23:45.0125 4336 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 20:23:45.0187 4336 gusvc - ok 20:23:45.0281 4336 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 20:23:45.0281 4336 helpsvc - ok 20:23:45.0312 4336 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 20:23:45.0312 4336 HidServ - ok 20:23:45.0375 4336 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 20:23:45.0375 4336 hidusb - ok 20:23:45.0421 4336 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 20:23:45.0421 4336 hkmsvc - ok 20:23:45.0437 4336 hpn - ok 20:23:45.0500 4336 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 20:23:45.0515 4336 HSFHWICH - ok 20:23:45.0625 4336 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 20:23:45.0671 4336 HSF_DP - ok 20:23:45.0750 4336 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 20:23:45.0765 4336 HTTP - ok 20:23:45.0812 4336 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 20:23:45.0812 4336 HTTPFilter - ok 20:23:45.0828 4336 i2omgmt - ok 20:23:45.0843 4336 i2omp - ok 20:23:45.0875 4336 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 20:23:45.0875 4336 i8042prt - ok 20:23:45.0984 4336 ialm (d705558b6a678e894c5c67430eef67a2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 20:23:46.0062 4336 ialm - ok 20:23:46.0218 4336 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 20:23:46.0234 4336 IDriverT - ok 20:23:46.0406 4336 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:23:46.0484 4336 idsvc - ok 20:23:46.0593 4336 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 20:23:46.0593 4336 Imapi - ok 20:23:46.0640 4336 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 20:23:46.0671 4336 ImapiService - ok 20:23:46.0687 4336 ini910u - ok 20:23:46.0750 4336 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 20:23:46.0750 4336 IntelIde - ok 20:23:46.0796 4336 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 20:23:46.0812 4336 intelppm - ok 20:23:46.0843 4336 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 20:23:46.0843 4336 Ip6Fw - ok 20:23:46.0875 4336 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:23:46.0875 4336 IpFilterDriver - ok 20:23:46.0890 4336 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:23:46.0890 4336 IpInIp - ok 20:23:46.0937 4336 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:23:46.0953 4336 IpNat - ok 20:23:47.0015 4336 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:23:47.0015 4336 IPSec - ok 20:23:47.0046 4336 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys 20:23:47.0062 4336 irda - ok 20:23:47.0109 4336 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 20:23:47.0109 4336 IRENUM - ok 20:23:47.0125 4336 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll 20:23:47.0125 4336 Irmon - ok 20:23:47.0187 4336 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:23:47.0187 4336 isapnp - ok 20:23:47.0359 4336 JavaQuickStarterService (511ab23a292497f2c527eee5775b0bfe) C:\Program Files\Java\jre6\bin\jqs.exe 20:23:47.0375 4336 JavaQuickStarterService - ok 20:23:47.0437 4336 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:23:47.0437 4336 Kbdclass - ok 20:23:47.0453 4336 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 20:23:47.0468 4336 kbdhid - ok 20:23:47.0515 4336 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 20:23:47.0546 4336 kmixer - ok 20:23:47.0593 4336 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 20:23:47.0609 4336 KSecDD - ok 20:23:47.0640 4336 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 20:23:47.0671 4336 LanmanServer - ok 20:23:47.0734 4336 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 20:23:47.0750 4336 lanmanworkstation - ok 20:23:47.0765 4336 lbrtfdc - ok 20:23:47.0859 4336 LightScribeService (00944d59948596721d17510c94cd3e4f) C:\Program Files\Common Files\LightScribe\LSSrvc.exe 20:23:47.0859 4336 LightScribeService - ok 20:23:47.0906 4336 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 20:23:47.0906 4336 LmHosts - ok 20:23:47.0953 4336 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys 20:23:47.0953 4336 MBAMProtector - ok 20:23:48.0062 4336 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 20:23:48.0125 4336 MBAMService - ok 20:23:48.0203 4336 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 20:23:48.0234 4336 MDM - ok 20:23:48.0281 4336 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 20:23:48.0281 4336 mdmxsdk - ok 20:23:48.0343 4336 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 20:23:48.0343 4336 Messenger - ok 20:23:48.0390 4336 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 20:23:48.0390 4336 mnmdd - ok 20:23:48.0437 4336 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 20:23:48.0453 4336 mnmsrvc - ok 20:23:48.0484 4336 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 20:23:48.0484 4336 Modem - ok 20:23:48.0515 4336 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:23:48.0515 4336 Mouclass - ok 20:23:48.0562 4336 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 20:23:48.0562 4336 mouhid - ok 20:23:48.0578 4336 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 20:23:48.0578 4336 MountMgr - ok 20:23:48.0593 4336 mraid35x - ok 20:23:48.0671 4336 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:23:48.0671 4336 MRxDAV - ok 20:23:48.0765 4336 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:23:48.0796 4336 MRxSmb - ok 20:23:48.0828 4336 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 20:23:48.0828 4336 MSDTC - ok 20:23:48.0859 4336 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 20:23:48.0859 4336 Msfs - ok 20:23:48.0875 4336 MSIServer - ok 20:23:48.0921 4336 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:23:48.0921 4336 MSKSSRV - ok 20:23:48.0953 4336 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:23:48.0953 4336 MSPCLOCK - ok 20:23:48.0984 4336 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 20:23:48.0984 4336 MSPQM - ok 20:23:49.0015 4336 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:23:49.0015 4336 mssmbios - ok 20:23:49.0078 4336 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 20:23:49.0093 4336 Mup - ok 20:23:49.0140 4336 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 20:23:49.0171 4336 napagent - ok 20:23:49.0218 4336 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 20:23:49.0234 4336 NDIS - ok 20:23:49.0296 4336 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:23:49.0296 4336 NdisTapi - ok 20:23:49.0359 4336 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:23:49.0359 4336 Ndisuio - ok 20:23:49.0406 4336 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:23:49.0406 4336 NdisWan - ok 20:23:49.0468 4336 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 20:23:49.0468 4336 NDProxy - ok 20:23:49.0484 4336 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 20:23:49.0484 4336 NetBIOS - ok 20:23:49.0515 4336 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 20:23:49.0531 4336 NetBT - ok 20:23:49.0578 4336 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 20:23:49.0609 4336 NetDDE - ok 20:23:49.0609 4336 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 20:23:49.0625 4336 NetDDEdsdm - ok 20:23:49.0671 4336 NetillaVPN (a84ae956ac7f9e493cac07ef98c1a3d1) C:\WINDOWS\system32\DRIVERS\Netva.sys 20:23:49.0671 4336 NetillaVPN - ok 20:23:49.0812 4336 NetillaVPNService (d5480f358c8781f46136df8c669b0d7a) C:\Program Files\AEP\SSLTunnel\nvpns.exe 20:23:49.0859 4336 NetillaVPNService - ok 20:23:49.0906 4336 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:23:49.0906 4336 Netlogon - ok 20:23:49.0937 4336 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 20:23:49.0968 4336 Netman - ok 20:23:50.0109 4336 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:23:50.0125 4336 NetTcpPortSharing - ok 20:23:50.0203 4336 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 20:23:50.0218 4336 Nla - ok 20:23:50.0250 4336 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 20:23:50.0250 4336 Npfs - ok 20:23:50.0390 4336 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 20:23:50.0437 4336 Ntfs - ok 20:23:50.0453 4336 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:23:50.0453 4336 NtLmSsp - ok 20:23:50.0515 4336 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 20:23:50.0562 4336 NtmsSvc - ok 20:23:50.0593 4336 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 20:23:50.0593 4336 Null - ok 20:23:50.0656 4336 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:23:50.0656 4336 NwlnkFlt - ok 20:23:50.0671 4336 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:23:50.0671 4336 NwlnkFwd - ok 20:23:50.0765 4336 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:23:50.0781 4336 ose - ok 20:23:50.0828 4336 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 20:23:50.0843 4336 Parport - ok 20:23:50.0859 4336 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 20:23:50.0859 4336 PartMgr - ok 20:23:50.0875 4336 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 20:23:50.0875 4336 ParVdm - ok 20:23:50.0906 4336 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 20:23:50.0921 4336 PCI - ok 20:23:50.0921 4336 PCIDump - ok 20:23:50.0968 4336 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 20:23:50.0968 4336 PCIIde - ok 20:23:51.0000 4336 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 20:23:51.0000 4336 Pcmcia - ok 20:23:51.0015 4336 PDCOMP - ok 20:23:51.0031 4336 PDFRAME - ok 20:23:51.0031 4336 PDRELI - ok 20:23:51.0046 4336 PDRFRAME - ok 20:23:51.0062 4336 perc2 - ok 20:23:51.0078 4336 perc2hib - ok 20:23:51.0140 4336 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 20:23:51.0140 4336 PlugPlay - ok 20:23:51.0156 4336 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:23:51.0156 4336 PolicyAgent - ok 20:23:51.0187 4336 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:23:51.0187 4336 PptpMiniport - ok 20:23:51.0203 4336 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:23:51.0203 4336 ProtectedStorage - ok 20:23:51.0218 4336 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 20:23:51.0218 4336 PSched - ok 20:23:51.0234 4336 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:23:51.0234 4336 Ptilink - ok 20:23:51.0250 4336 ql1080 - ok 20:23:51.0250 4336 Ql10wnt - ok 20:23:51.0265 4336 ql12160 - ok 20:23:51.0281 4336 ql1240 - ok 20:23:51.0296 4336 ql1280 - ok 20:23:51.0328 4336 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:23:51.0328 4336 RasAcd - ok 20:23:51.0375 4336 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 20:23:51.0375 4336 RasAuto - ok 20:23:51.0421 4336 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 20:23:51.0421 4336 Rasirda - ok 20:23:51.0468 4336 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:23:51.0468 4336 Rasl2tp - ok 20:23:51.0515 4336 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 20:23:51.0531 4336 RasMan - ok 20:23:51.0546 4336 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:23:51.0562 4336 RasPppoe - ok 20:23:51.0593 4336 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 20:23:51.0593 4336 Raspti - ok 20:23:51.0625 4336 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:23:51.0640 4336 Rdbss - ok 20:23:51.0656 4336 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:23:51.0656 4336 RDPCDD - ok 20:23:51.0718 4336 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 20:23:51.0734 4336 rdpdr - ok 20:23:51.0781 4336 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys 20:23:51.0796 4336 RDPWD - ok 20:23:51.0843 4336 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 20:23:51.0859 4336 RDSessMgr - ok 20:23:51.0890 4336 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 20:23:51.0890 4336 redbook - ok 20:23:52.0078 4336 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 20:23:52.0109 4336 RegSrvc - ok 20:23:52.0156 4336 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 20:23:52.0171 4336 RemoteAccess - ok 20:23:52.0218 4336 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 20:23:52.0218 4336 RemoteRegistry - ok 20:23:52.0265 4336 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 20:23:52.0265 4336 RpcLocator - ok 20:23:52.0343 4336 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 20:23:52.0343 4336 RpcSs - ok 20:23:52.0406 4336 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 20:23:52.0421 4336 RSVP - ok 20:23:52.0531 4336 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 20:23:52.0593 4336 S24EventMonitor - ok 20:23:52.0656 4336 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys 20:23:52.0656 4336 s24trans - ok 20:23:52.0703 4336 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:23:52.0718 4336 SamSs - ok 20:23:52.0796 4336 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 20:23:52.0796 4336 SASDIFSV - ok 20:23:52.0812 4336 SAS***IL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS 20:23:52.0828 4336 SAS***IL - ok 20:23:52.0875 4336 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 20:23:52.0890 4336 SCardSvr - ok 20:23:52.0968 4336 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 20:23:52.0984 4336 Schedule - ok 20:23:53.0015 4336 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:23:53.0015 4336 Secdrv - ok 20:23:53.0078 4336 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 20:23:53.0078 4336 seclogon - ok 20:23:53.0093 4336 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 20:23:53.0093 4336 SENS - ok 20:23:53.0156 4336 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 20:23:53.0156 4336 serenum - ok 20:23:53.0171 4336 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 20:23:53.0171 4336 Serial - ok 20:23:53.0234 4336 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 20:23:53.0234 4336 Sfloppy - ok 20:23:53.0312 4336 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 20:23:53.0343 4336 SharedAccess - ok 20:23:53.0406 4336 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 20:23:53.0421 4336 ShellHWDetection - ok 20:23:53.0421 4336 Simbad - ok 20:23:53.0468 4336 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys 20:23:53.0468 4336 SMCIRDA - ok 20:23:53.0484 4336 Sparrow - ok 20:23:53.0531 4336 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 20:23:53.0531 4336 splitter - ok 20:23:53.0593 4336 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 20:23:53.0609 4336 Spooler - ok 20:23:53.0656 4336 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 20:23:53.0656 4336 sr - ok 20:23:53.0687 4336 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 20:23:53.0718 4336 srservice - ok 20:23:53.0781 4336 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 20:23:53.0781 4336 Srv - ok 20:23:53.0828 4336 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 20:23:53.0828 4336 SSDPSRV - ok 20:23:53.0906 4336 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys 20:23:53.0921 4336 STAC97 - ok 20:23:54.0015 4336 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 20:23:54.0031 4336 stisvc - ok 20:23:54.0093 4336 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 20:23:54.0093 4336 swenum - ok 20:23:54.0140 4336 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 20:23:54.0140 4336 swmidi - ok 20:23:54.0156 4336 SwPrv - ok 20:23:54.0171 4336 symc810 - ok 20:23:54.0187 4336 symc8xx - ok 20:23:54.0187 4336 sym_hi - ok 20:23:54.0203 4336 sym_u3 - ok 20:23:54.0234 4336 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 20:23:54.0250 4336 sysaudio - ok 20:23:54.0296 4336 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 20:23:54.0312 4336 SysmonLog - ok 20:23:54.0375 4336 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 20:23:54.0390 4336 TapiSrv - ok 20:23:54.0500 4336 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:23:54.0515 4336 Tcpip - ok 20:23:54.0578 4336 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 20:23:54.0578 4336 TDPIPE - ok 20:23:54.0609 4336 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 20:23:54.0609 4336 TDTCP - ok 20:23:54.0671 4336 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 20:23:54.0671 4336 TermDD - ok 20:23:54.0750 4336 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 20:23:54.0750 4336 TermService - ok 20:23:54.0781 4336 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 20:23:54.0796 4336 Themes - ok 20:23:54.0843 4336 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 20:23:54.0843 4336 TlntSvr - ok 20:23:54.0859 4336 TosIde - ok 20:23:54.0921 4336 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 20:23:54.0953 4336 TrkWks - ok 20:23:54.0984 4336 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 20:23:54.0984 4336 Udfs - ok 20:23:55.0000 4336 UIUSys - ok 20:23:55.0015 4336 ultra - ok 20:23:55.0093 4336 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 20:23:55.0125 4336 Update - ok 20:23:55.0171 4336 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 20:23:55.0187 4336 upnphost - ok 20:23:55.0218 4336 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 20:23:55.0218 4336 UPS - ok 20:23:55.0265 4336 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:23:55.0265 4336 usbccgp - ok 20:23:55.0296 4336 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:23:55.0312 4336 usbehci - ok 20:23:55.0328 4336 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:23:55.0343 4336 usbhub - ok 20:23:55.0359 4336 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 20:23:55.0359 4336 usbprint - ok 20:23:55.0390 4336 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:23:55.0390 4336 usbscan - ok 20:23:55.0437 4336 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:23:55.0453 4336 USBSTOR - ok 20:23:55.0468 4336 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20:23:55.0468 4336 usbuhci - ok 20:23:55.0531 4336 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 20:23:55.0531 4336 VgaSave - ok 20:23:55.0546 4336 ViaIde - ok 20:23:55.0578 4336 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 20:23:55.0578 4336 VolSnap - ok 20:23:55.0640 4336 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 20:23:55.0656 4336 VSS - ok 20:23:55.0875 4336 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys 20:23:56.0031 4336 w29n51 - ok 20:23:56.0187 4336 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 20:23:56.0203 4336 W32Time - ok 20:23:56.0265 4336 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:23:56.0265 4336 Wanarp - ok 20:23:56.0312 4336 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 20:23:56.0328 4336 wceusbsh - ok 20:23:56.0328 4336 WDICA - ok 20:23:56.0390 4336 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 20:23:56.0390 4336 wdmaud - ok 20:23:56.0421 4336 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 20:23:56.0437 4336 WebClient - ok 20:23:56.0546 4336 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 20:23:56.0593 4336 winachsf - ok 20:23:56.0703 4336 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 20:23:56.0734 4336 winmgmt - ok 20:23:56.0953 4336 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe 20:23:56.0984 4336 WLANKEEPER - ok 20:23:57.0046 4336 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll 20:23:57.0046 4336 WmdmPmSN - ok 20:23:57.0125 4336 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 20:23:57.0187 4336 Wmi - ok 20:23:57.0234 4336 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 20:23:57.0250 4336 WmiApSrv - ok 20:23:57.0343 4336 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 20:23:57.0343 4336 WS2IFSL - ok 20:23:57.0406 4336 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 20:23:57.0406 4336 wscsvc - ok 20:23:57.0453 4336 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 20:23:57.0484 4336 wuauserv - ok 20:23:57.0562 4336 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 20:23:57.0593 4336 WZCSVC - ok 20:23:57.0609 4336 xcpip - ok 20:23:57.0656 4336 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 20:23:57.0671 4336 xmlprov - ok 20:23:57.0687 4336 xpsec - ok 20:23:57.0734 4336 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 20:23:58.0546 4336 \Device\Harddisk0\DR0 - ok 20:23:58.0562 4336 Boot (0x1200) (91d123cdc670794bbef41be835648a46) \Device\Harddisk0\DR0\Partition0 20:23:58.0562 4336 \Device\Harddisk0\DR0\Partition0 - ok 20:23:58.0562 4336 ============================================================ 20:23:58.0562 4336 Scan finished 20:23:58.0562 4336 ============================================================ 20:23:58.0578 4224 Detected object count: 0 20:23:58.0578 4224 Actual detected object count: 0 20:25:09.0156 4500 Deinitialize success AVG-scan: "";"C:\WINDOWS\system32\winlogon.exe (1160)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (672)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (448)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (3740)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (3124)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (1776)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (1696)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (1436)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\services.exe (1208)";"Trojan horse PSW.Agent.AUES";"Deleted" "";"C:\WINDOWS\system32\igfxpers.exe (3708)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\hkcmd.exe (3700)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\alg.exe (3088)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\explorer.exe (5016)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (1872)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (1508)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (1284)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Java\jre6\bin\jusched.exe (3968)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Java\jre6\bin\jqs.exe (2488)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3784)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (468)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (328)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2972)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3816)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1900)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (5588)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (2924)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (4076)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (480)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\AVG\AVG2012\avgtray.exe (1936)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (3288)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3920)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\winlogon.exe (1160):\memory_00ff0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (672):\memory_00930000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (672):\memory_008a0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (448):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (448):\memory_00af0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (3740):\memory_00b50000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (3740):\memory_00ac0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (3124):\memory_00c00000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (3124):\memory_00b70000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1776):\memory_00a90000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1776):\memory_00a10000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1696):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1696):\memory_00af0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1436):\memory_00a90000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1436):\memory_00640000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\services.exe (1208):\memory_009c0000";"Trojan horse PSW.Agent.AUES";"Infected" "";"C:\WINDOWS\system32\igfxpers.exe (3708):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\hkcmd.exe (3700):\memory_00cd0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\alg.exe (3088):\memory_00aa0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\explorer.exe (5016):\memory_00e10000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\explorer.exe (5016):\memory_00d80000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (1872):\memory_00f50000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (1508):\memory_05cf0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (1284):\memory_01230000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Java\jre6\bin\jusched.exe (3968):\memory_00b20000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Java\jre6\bin\jqs.exe (2488):\memory_010d0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3784):\memory_010b0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (468):\memory_01a50000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (328):\memory_01400000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2972):\memory_006a0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3816):\memory_00f70000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1900):\memory_01490000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (5588):\memory_00e90000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (2924):\memory_008f0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (4076):\memory_00da0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (480):\memory_023d0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\AVG\AVG2012\avgtray.exe (1936):\memory_01aa0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (3288):\memory_01c70000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3920):\memory_008d0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\drivers\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)"

ä2scan + resultaten van avg-scan die daana is uitgevoerd. Lijkt een hardnekkig probleem. Emsisoft Emergency Kit - Versie 2.0 Laatste Update: 11-8-2012 23:39:57 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\ Scan archieven: Aan ADS Scan: Aan Scan gestart: 11-8-2012 23:40:27 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_9d64955df7c56982_.sys.zip -> 9d64955df7c56982.sys.1 Ontdekt: Trojan.WinNT.Necurs!E2 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_9d64955df7c56982_.sys.zip -> 9d64955df7c56982.sys Ontdekt: Trojan.WinNT.Necurs!E2 C:\Program Files\AEP\SSLTunnel\InstallVPN.exe Ontdekt: Trojan.Agent!E2 C:\Documents and Settings\Mirjam\Application Data\Sun\Java\Deployment\cache\6.0\31\2b3c0d1f-65222a6f -> rula\rulc.class Ontdekt: Exploit.Java.Blacole!E2 C:\Documents and Settings\Mirjam\Application Data\Sun\Java\Deployment\cache\6.0\31\2b3c0d1f-65222a6f -> rula\rulb.class Ontdekt: Exploit.Java.Blacole!E2 C:\Documents and Settings\Mirjam\Application Data\Sun\Java\Deployment\cache\6.0\31\2b3c0d1f-65222a6f -> rula\ruld.class Ontdekt: Exploit.Java.CVE-2012!E2 C:\Documents and Settings\Mirjam\Application Data\Sun\Java\Deployment\cache\6.0\31\2b3c0d1f-65222a6f -> rula\rula.class Ontdekt: Exploit.Java.Blacole!E2 Gescand 532251 Gevonden 7 Scan geëindigd: 12-8-2012 1:32:07 Scantijd: 1:51:40 C:\Documents and Settings\Mirjam\Application Data\Sun\Java\Deployment\cache\6.0\31\2b3c0d1f-65222a6f -> rula\ruld.class Verwijderd Exploit.Java.CVE-2012!E2 C:\Program Files\AEP\SSLTunnel\InstallVPN.exe Verwijderd Trojan.Agent!E2 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_9d64955df7c56982_.sys.zip -> 9d64955df7c56982.sys.1 Verwijderd Trojan.WinNT.Necurs!E2 Verwijderd 3 AVG-Scan "";"C:\WINDOWS\system32\winlogon.exe (1164)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (836)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (668)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (3988)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (2264)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (1796)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (1756)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (1460)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\services.exe (1212)";"Trojan horse PSW.Agent.AUES";"Deleted" "";"C:\WINDOWS\system32\igfxpers.exe (3524)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\hkcmd.exe (3504)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\alg.exe (3164)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\explorer.exe (152)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3744)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (3672)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3736)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (1608)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Java\jre6\bin\jusched.exe (3652)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3540)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (492)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (420)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2120)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3556)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1940)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (2320)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3692)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (4052)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3640)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\winlogon.exe (1164):\memory_00ff0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (836):\memory_00b60000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (836):\memory_00ae0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (668):\memory_00930000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (668):\memory_008a0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (3988):\memory_00b50000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (3988):\memory_00ac0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (2264):\memory_00c00000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (2264):\memory_00b70000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1796):\memory_00ad0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1796):\memory_00a10000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1756):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1756):\memory_00af0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1460):\memory_00a90000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1460):\memory_00640000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\services.exe (1212):\memory_00aa0000";"Trojan horse PSW.Agent.AUES";"Infected" "";"C:\WINDOWS\system32\igfxpers.exe (3524):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\hkcmd.exe (3504):\memory_00cd0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\alg.exe (3164):\memory_00a60000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\explorer.exe (152):\memory_01730000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\explorer.exe (152):\memory_00ff0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3744):\memory_05cf0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (3672):\memory_01670000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3736):\memory_01280000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (1608):\memory_01310000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Java\jre6\bin\jusched.exe (3652):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3540):\memory_010c0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (492):\memory_01a50000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (420):\memory_01400000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2120):\memory_006a0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3556):\memory_00fc0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1940):\memory_01890000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (2320):\memory_067d0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3692):\memory_00da0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (4052):\memory_02400000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3640):\memory_008d0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"HKLM\SYSTEM\CurrentControlSet\services\atapi";"Found registry key with reference to infected file C:\WINDOWS\system32\DRIVERS\atapi.sys";"Moved to Virus Vault" "";"C:\WINDOWS\system32\DRIVERS\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)" "";"C:\WINDOWS\system32\drivers\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)"

resultaten combofix en aansluitend avg-scan: ComboFix 12-08-09.01 - Mirjam 10-08-2012 10:12:59.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.598 [GMT 2:00] Running from: c:\documents and settings\Mirjam\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Mirjam\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . FILE :: "c:\windows\system32\drivers\rxr1z_.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_RXR1Z_.SYS -------\Service_xcpip -------\Service_xpsec . . ((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 ))))))))))))))))))))))))))))))) . . 2012-08-06 22:59 . 2012-08-06 22:59 -------- d-----w- c:\documents and settings\Mirjam\Application Data\SUPERAntiSpyware.com 2012-08-06 22:58 . 2012-08-07 09:12 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-08-06 22:58 . 2012-08-06 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2012-08-06 22:57 . 2012-08-06 22:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-08-06 21:05 . 2012-08-06 21:05 388096 ----a-r- c:\documents and settings\Mirjam\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-06 21:05 . 2012-08-06 21:05 -------- d-----w- c:\program files\Trend Micro 2012-08-03 11:51 . 2012-08-03 11:51 54016 ----a-w- c:\windows\system32\drivers\ixodm.sys 2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\Mirjam\Application Data\Malwarebytes 2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-02 22:31 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-02 21:08 . 2012-08-03 08:06 -------- d-----w- c:\documents and settings\Mirjam\Application Data\eType . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-02 22:25 . 2012-03-29 19:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-02 22:25 . 2011-07-31 21:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-13 13:19 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2008-10-16 13:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2009-01-28 08:57 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2009-01-28 08:57 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2009-01-28 08:57 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2009-01-28 08:57 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2009-01-28 08:57 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2008-10-16 13:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2009-01-28 08:57 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2009-01-28 08:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:18 . 2010-10-13 17:07 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2010-10-13 17:07 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 13:18 . 2010-10-13 17:07 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . Cryptography Services Error !! . ((((((((((((((((((((((((((((( SnapShot@2012-08-02_23.19.50 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-15 21:15 . 2012-08-07 09:12 1137132 c:\windows\system32\Restore\rstrlog.dat + 2012-08-06 21:05 . 2012-08-06 21:05 1094656 c:\windows\Installer\5f2a31.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "DVDTray"="c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 65536] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 148888] "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Mirjam\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 1:14 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11-7-2011 1:13 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 295248] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22-7-2011 18:27 12880] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [12-7-2011 23:55 67664] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 7:25 4433248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 6:09 192776] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3-8-2012 0:31 655944] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 1:14 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 1:14 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11-7-2011 1:14 16720] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [3-5-2004 17:26 80384] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3-8-2012 0:31 22344] R3 NetillaVPN;AEP VPN Adapter;c:\windows\system32\drivers\Netva.sys [12-8-2008 13:08 10112] S0 cerc6;cerc6; [x] S2 gupdate1c9a6233ac2f8f8;Google Updateservice (gupdate1c9a6233ac2f8f8);c:\program files\Google\Update\GoogleUpdate.exe [16-3-2009 12:37 133104] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29-3-2012 21:52 250056] S3 CFcatchme;CFcatchme;\??\c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16-3-2009 12:37 133104] S3 NetillaVPNService;AEP SSL Tunnel Helper Service;c:\program files\AEP\SSLTunnel\NVPNs.exe [12-8-2008 13:08 13824] . Contents of the 'Scheduled Tasks' folder . 2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 22:25] . 2012-08-07 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 21:09] . 2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37] . 2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37] . 2012-08-10 c:\windows\Tasks\User_Feed_Synchronization-{04FCF37C-6942-4AD6-8098-20AD25E9506F}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.nu.nl/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm TCP: DhcpNameServer = 192.168.1.254 192.168.0.1 DPF: {37066585-F2BD-4F2E-A6C6-F2CB64EEE826} - hxxps://aloa.arcadis.nl/webapp/psvpns/VPNInstall.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-10 10:26 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*] "3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1384) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(5636) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\windows\System32\SCardSvr.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Completion time: 2012-08-10 10:33:49 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-10 08:33 ComboFix2.txt 2012-08-08 20:44 ComboFix3.txt 2012-08-07 11:29 ComboFix4.txt 2012-08-02 23:35 . Pre-Run: 14.616.731.648 bytes free Post-Run: 14.608.093.184 bytes free . - - End Of File - - EBC33F07298740C8452635919F0546B6 "";"C:\WINDOWS\system32\wuauclt.exe (1568):\memory_027e0000";"Trojan horse PSW.Agent.ASJX";"Object is inaccessible." "";"C:\WINDOWS\system32\wuauclt.exe (1568)";"Trojan horse PSW.Agent.ASJX";"" "";"C:\WINDOWS\system32\winlogon.exe (1384)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (3304)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (1772)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (1628)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\services.exe (1432)";"Trojan horse PSW.Agent.AUES";"Deleted" "";"C:\WINDOWS\system32\igfxpers.exe (3644)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\hkcmd.exe (3636)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\explorer.exe (5636)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (452)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3848)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3832)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Java\jre6\bin\jusched.exe (3708)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3652)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (504)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (356)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (3156)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3672)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1912)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (4128)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3776)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (2604)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\AVG\AVG2012\avgui.exe (5920)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (3548)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3692)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\winlogon.exe (1384):\memory_00c40000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (3304):\memory_00c00000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (3304):\memory_00b70000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1772):\memory_00ad0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1772):\memory_00a50000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1628):\memory_00ae0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1628):\memory_00a60000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\services.exe (1432):\memory_006a0000";"Trojan horse PSW.Agent.AUES";"Infected" "";"C:\WINDOWS\system32\igfxpers.exe (3644):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\hkcmd.exe (3636):\memory_00cd0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\explorer.exe (5636):\memory_00ed0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\explorer.exe (5636):\memory_00e40000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (452):\memory_00f50000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3848):\memory_05cf0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3832):\memory_01230000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Java\jre6\bin\jusched.exe (3708):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3652):\memory_02230000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (504):\memory_06980000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (356):\memory_01400000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (3156):\memory_006a0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3672):\memory_06c30000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1912):\memory_00fb0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (4128):\memory_00e90000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3776):\memory_01e20000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (2604):\memory_023d0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\AVG\AVG2012\avgui.exe (5920):\memory_025f0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (3548):\memory_01c70000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3692):\memory_00900000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"HKLM\SYSTEM\CurrentControlSet\services\atapi";"Found registry key with reference to infected file C:\WINDOWS\system32\DRIVERS\atapi.sys";"Healed" "";"C:\WINDOWS\system32\DRIVERS\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)"

09:17:12.0625 3980 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 09:17:13.0062 3980 ============================================================ 09:17:13.0062 3980 Current date / time: 2012/08/10 09:17:13.0062 09:17:13.0062 3980 SystemInfo: 09:17:13.0062 3980 09:17:13.0062 3980 OS Version: 5.1.2600 ServicePack: 3.0 09:17:13.0062 3980 Product type: Workstation 09:17:13.0062 3980 ComputerName: MIRJAM-303AF4B9 09:17:13.0062 3980 UserName: Mirjam 09:17:13.0062 3980 Windows directory: C:\WINDOWS 09:17:13.0062 3980 System windows directory: C:\WINDOWS 09:17:13.0062 3980 Processor architecture: Intel x86 09:17:13.0062 3980 Number of processors: 1 09:17:13.0062 3980 Page size: 0x1000 09:17:13.0062 3980 Boot type: Normal boot 09:17:13.0062 3980 ============================================================ 09:17:17.0171 3980 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020 09:17:17.0171 3980 ============================================================ 09:17:17.0171 3980 \Device\Harddisk0\DR0: 09:17:17.0171 3980 MBR partitions: 09:17:17.0171 3980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A84E60 09:17:17.0171 3980 ============================================================ 09:17:17.0328 3980 C: <-> \Device\Harddisk0\DR0\Partition0 09:17:17.0328 3980 ============================================================ 09:17:17.0328 3980 Initialize success 09:17:17.0328 3980 ============================================================ 09:17:33.0593 5496 ============================================================ 09:17:33.0593 5496 Scan started 09:17:33.0593 5496 Mode: Manual; 09:17:33.0593 5496 ============================================================ 09:17:34.0125 5496 Abiosdsk - ok 09:17:34.0140 5496 abp480n5 - ok 09:17:34.0171 5496 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 09:17:34.0187 5496 ACPI - ok 09:17:34.0234 5496 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 09:17:34.0234 5496 ACPIEC - ok 09:17:34.0343 5496 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 09:17:34.0359 5496 Adobe LM Service - ok 09:17:34.0468 5496 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 09:17:34.0500 5496 AdobeFlashPlayerUpdateSvc - ok 09:17:34.0515 5496 adpu160m - ok 09:17:34.0578 5496 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 09:17:34.0593 5496 aec - ok 09:17:34.0656 5496 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys 09:17:34.0671 5496 AegisP - ok 09:17:34.0734 5496 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 09:17:34.0750 5496 AFD - ok 09:17:34.0765 5496 Aha154x - ok 09:17:34.0765 5496 aic78u2 - ok 09:17:34.0781 5496 aic78xx - ok 09:17:34.0828 5496 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 09:17:34.0828 5496 Alerter - ok 09:17:34.0875 5496 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 09:17:34.0875 5496 ALG - ok 09:17:34.0890 5496 AliIde - ok 09:17:34.0890 5496 amsint - ok 09:17:34.0953 5496 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 09:17:34.0968 5496 AppMgmt - ok 09:17:34.0984 5496 asc - ok 09:17:34.0984 5496 asc3350p - ok 09:17:35.0000 5496 asc3550 - ok 09:17:35.0171 5496 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 09:17:35.0218 5496 aspnet_state - ok 09:17:35.0234 5496 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 09:17:35.0234 5496 AsyncMac - ok 09:17:35.0296 5496 atapi (4bd052a6bf351b00b87d2c18fa7fa9cb) C:\WINDOWS\system32\DRIVERS\atapi.sys 09:17:35.0312 5496 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\atapi.sys. Real md5: 4bd052a6bf351b00b87d2c18fa7fa9cb, Fake md5: 43769e974a1c5105171652f38e6cb8e2 09:17:35.0312 5496 atapi ( ForgedFile.Multi.Generic ) - warning 09:17:35.0312 5496 atapi - detected ForgedFile.Multi.Generic (1) 09:17:35.0328 5496 Atdisk - ok 09:17:35.0359 5496 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 09:17:35.0359 5496 Atmarpc - ok 09:17:35.0421 5496 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 09:17:35.0421 5496 AudioSrv - ok 09:17:35.0484 5496 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 09:17:35.0484 5496 audstub - ok 09:17:35.0890 5496 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe 09:17:36.0156 5496 AVGIDSAgent - ok 09:17:36.0312 5496 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 09:17:36.0328 5496 AVGIDSDriver - ok 09:17:36.0343 5496 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 09:17:36.0359 5496 AVGIDSEH - ok 09:17:36.0375 5496 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 09:17:36.0390 5496 AVGIDSFilter - ok 09:17:36.0406 5496 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 09:17:36.0406 5496 AVGIDSShim - ok 09:17:36.0437 5496 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 09:17:36.0453 5496 Avgldx86 - ok 09:17:36.0468 5496 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 09:17:36.0468 5496 Avgmfx86 - ok 09:17:36.0531 5496 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 09:17:36.0531 5496 Avgrkx86 - ok 09:17:36.0625 5496 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 09:17:36.0656 5496 Avgtdix - ok 09:17:36.0796 5496 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 09:17:36.0796 5496 avgwd - ok 09:17:36.0859 5496 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 09:17:36.0859 5496 b57w2k - ok 09:17:36.0921 5496 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 09:17:36.0921 5496 Beep - ok 09:17:37.0000 5496 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 09:17:37.0031 5496 BITS - ok 09:17:37.0078 5496 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 09:17:37.0078 5496 Browser - ok 09:17:37.0093 5496 catchme - ok 09:17:37.0109 5496 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 09:17:37.0109 5496 cbidf2k - ok 09:17:37.0125 5496 cd20xrnt - ok 09:17:37.0156 5496 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 09:17:37.0156 5496 Cdaudio - ok 09:17:37.0218 5496 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 09:17:37.0218 5496 Cdfs - ok 09:17:37.0265 5496 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 09:17:37.0281 5496 Cdrom - ok 09:17:37.0296 5496 cerc6 - ok 09:17:37.0421 5496 CFcatchme - ok 09:17:37.0437 5496 Changer - ok 09:17:37.0468 5496 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 09:17:37.0468 5496 CiSvc - ok 09:17:37.0484 5496 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 09:17:37.0500 5496 ClipSrv - ok 09:17:37.0593 5496 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:17:37.0671 5496 clr_optimization_v2.0.50727_32 - ok 09:17:37.0734 5496 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 09:17:37.0734 5496 CmBatt - ok 09:17:37.0750 5496 CmdIde - ok 09:17:37.0796 5496 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 09:17:37.0796 5496 Compbatt - ok 09:17:37.0812 5496 COMSysApp - ok 09:17:37.0843 5496 Cpqarray - ok 09:17:37.0875 5496 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 09:17:37.0875 5496 CryptSvc - ok 09:17:37.0890 5496 dac2w2k - ok 09:17:37.0906 5496 dac960nt - ok 09:17:37.0984 5496 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 09:17:37.0984 5496 DcomLaunch - ok 09:17:38.0046 5496 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 09:17:38.0062 5496 Dhcp - ok 09:17:38.0093 5496 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 09:17:38.0093 5496 Disk - ok 09:17:38.0093 5496 dmadmin - ok 09:17:38.0187 5496 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 09:17:38.0250 5496 dmboot - ok 09:17:38.0281 5496 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 09:17:38.0296 5496 dmio - ok 09:17:38.0312 5496 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 09:17:38.0328 5496 dmload - ok 09:17:38.0390 5496 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 09:17:38.0453 5496 dmserver - ok 09:17:38.0546 5496 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 09:17:38.0546 5496 DMusic - ok 09:17:38.0609 5496 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 09:17:38.0609 5496 Dnscache - ok 09:17:38.0656 5496 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 09:17:38.0671 5496 Dot3svc - ok 09:17:38.0671 5496 dpti2o - ok 09:17:38.0718 5496 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 09:17:38.0734 5496 drmkaud - ok 09:17:38.0781 5496 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 09:17:38.0796 5496 EapHost - ok 09:17:38.0828 5496 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 09:17:38.0828 5496 ERSvc - ok 09:17:38.0890 5496 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 09:17:38.0906 5496 Eventlog - ok 09:17:38.0984 5496 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 09:17:39.0000 5496 EventSystem - ok 09:17:39.0203 5496 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 09:17:39.0250 5496 EvtEng - ok 09:17:39.0312 5496 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 09:17:39.0343 5496 Fastfat - ok 09:17:39.0406 5496 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 09:17:39.0421 5496 FastUserSwitchingCompatibility - ok 09:17:39.0468 5496 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 09:17:39.0468 5496 Fdc - ok 09:17:39.0484 5496 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 09:17:39.0484 5496 Fips - ok 09:17:39.0500 5496 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 09:17:39.0500 5496 Flpydisk - ok 09:17:39.0578 5496 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 09:17:39.0593 5496 FltMgr - ok 09:17:39.0734 5496 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 09:17:39.0734 5496 FontCache3.0.0.0 - ok 09:17:39.0765 5496 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 09:17:39.0765 5496 Fs_Rec - ok 09:17:39.0812 5496 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 09:17:39.0859 5496 Ftdisk - ok 09:17:39.0906 5496 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 09:17:39.0906 5496 Gpc - ok 09:17:39.0968 5496 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys 09:17:39.0968 5496 GTIPCI21 - ok 09:17:40.0125 5496 gupdate1c9a6233ac2f8f8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 09:17:40.0140 5496 gupdate1c9a6233ac2f8f8 - ok 09:17:40.0156 5496 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 09:17:40.0156 5496 gupdatem - ok 09:17:40.0218 5496 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 09:17:40.0234 5496 gusvc - ok 09:17:40.0312 5496 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 09:17:40.0312 5496 helpsvc - ok 09:17:40.0359 5496 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 09:17:40.0359 5496 HidServ - ok 09:17:40.0421 5496 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 09:17:40.0421 5496 hidusb - ok 09:17:40.0468 5496 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 09:17:40.0468 5496 hkmsvc - ok 09:17:40.0484 5496 hpn - ok 09:17:40.0546 5496 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 09:17:40.0562 5496 HSFHWICH - ok 09:17:40.0656 5496 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 09:17:40.0734 5496 HSF_DP - ok 09:17:40.0796 5496 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 09:17:40.0828 5496 HTTP - ok 09:17:40.0875 5496 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 09:17:40.0890 5496 HTTPFilter - ok 09:17:40.0906 5496 i2omgmt - ok 09:17:40.0937 5496 i2omp - ok 09:17:40.0984 5496 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 09:17:40.0984 5496 i8042prt - ok 09:17:41.0093 5496 ialm (d705558b6a678e894c5c67430eef67a2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 09:17:41.0171 5496 ialm - ok 09:17:41.0328 5496 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 09:17:41.0328 5496 IDriverT - ok 09:17:41.0515 5496 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 09:17:41.0578 5496 idsvc - ok 09:17:41.0687 5496 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 09:17:41.0687 5496 Imapi - ok 09:17:41.0765 5496 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 09:17:41.0781 5496 ImapiService - ok 09:17:41.0796 5496 ini910u - ok 09:17:41.0859 5496 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 09:17:41.0859 5496 IntelIde - ok 09:17:41.0921 5496 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 09:17:41.0921 5496 intelppm - ok 09:17:41.0953 5496 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 09:17:41.0953 5496 Ip6Fw - ok 09:17:42.0000 5496 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 09:17:42.0000 5496 IpFilterDriver - ok 09:17:42.0031 5496 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 09:17:42.0031 5496 IpInIp - ok 09:17:42.0093 5496 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 09:17:42.0109 5496 IpNat - ok 09:17:42.0156 5496 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 09:17:42.0171 5496 IPSec - ok 09:17:42.0187 5496 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys 09:17:42.0187 5496 irda - ok 09:17:42.0234 5496 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 09:17:42.0250 5496 IRENUM - ok 09:17:42.0265 5496 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll 09:17:42.0265 5496 Irmon - ok 09:17:42.0328 5496 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 09:17:42.0328 5496 isapnp - ok 09:17:42.0484 5496 JavaQuickStarterService (511ab23a292497f2c527eee5775b0bfe) C:\Program Files\Java\jre6\bin\jqs.exe 09:17:42.0500 5496 JavaQuickStarterService - ok 09:17:42.0531 5496 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 09:17:42.0531 5496 Kbdclass - ok 09:17:42.0578 5496 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 09:17:42.0578 5496 kbdhid - ok 09:17:42.0640 5496 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 09:17:42.0656 5496 kmixer - ok 09:17:42.0718 5496 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 09:17:42.0734 5496 KSecDD - ok 09:17:42.0796 5496 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 09:17:42.0796 5496 LanmanServer - ok 09:17:42.0859 5496 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 09:17:42.0875 5496 lanmanworkstation - ok 09:17:42.0890 5496 lbrtfdc - ok 09:17:42.0953 5496 LightScribeService (00944d59948596721d17510c94cd3e4f) C:\Program Files\Common Files\LightScribe\LSSrvc.exe 09:17:42.0953 5496 LightScribeService - ok 09:17:43.0015 5496 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 09:17:43.0015 5496 LmHosts - ok 09:17:43.0046 5496 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys 09:17:43.0046 5496 MBAMProtector - ok 09:17:43.0187 5496 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 09:17:43.0234 5496 MBAMService - ok 09:17:43.0343 5496 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 09:17:43.0359 5496 MDM - ok 09:17:43.0421 5496 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 09:17:43.0421 5496 mdmxsdk - ok 09:17:43.0468 5496 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 09:17:43.0468 5496 Messenger - ok 09:17:43.0515 5496 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 09:17:43.0515 5496 mnmdd - ok 09:17:43.0562 5496 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 09:17:43.0578 5496 mnmsrvc - ok 09:17:43.0609 5496 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 09:17:43.0625 5496 Modem - ok 09:17:43.0656 5496 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 09:17:43.0656 5496 Mouclass - ok 09:17:43.0765 5496 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 09:17:43.0796 5496 mouhid - ok 09:17:43.0828 5496 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 09:17:43.0828 5496 MountMgr - ok 09:17:43.0843 5496 mraid35x - ok 09:17:43.0875 5496 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 09:17:43.0875 5496 MRxDAV - ok 09:17:43.0984 5496 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 09:17:44.0015 5496 MRxSmb - ok 09:17:44.0046 5496 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 09:17:44.0046 5496 MSDTC - ok 09:17:44.0078 5496 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 09:17:44.0078 5496 Msfs - ok 09:17:44.0093 5496 MSIServer - ok 09:17:44.0109 5496 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 09:17:44.0109 5496 MSKSSRV - ok 09:17:44.0140 5496 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 09:17:44.0140 5496 MSPCLOCK - ok 09:17:44.0156 5496 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 09:17:44.0171 5496 MSPQM - ok 09:17:44.0218 5496 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 09:17:44.0234 5496 mssmbios - ok 09:17:44.0281 5496 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 09:17:44.0296 5496 Mup - ok 09:17:44.0343 5496 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 09:17:44.0375 5496 napagent - ok 09:17:44.0453 5496 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 09:17:44.0468 5496 NDIS - ok 09:17:44.0531 5496 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 09:17:44.0531 5496 NdisTapi - ok 09:17:44.0578 5496 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 09:17:44.0578 5496 Ndisuio - ok 09:17:44.0625 5496 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 09:17:44.0625 5496 NdisWan - ok 09:17:44.0687 5496 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 09:17:44.0687 5496 NDProxy - ok 09:17:44.0703 5496 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 09:17:44.0703 5496 NetBIOS - ok 09:17:44.0734 5496 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 09:17:44.0750 5496 NetBT - ok 09:17:44.0812 5496 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 09:17:44.0828 5496 NetDDE - ok 09:17:44.0843 5496 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 09:17:44.0843 5496 NetDDEdsdm - ok 09:17:44.0890 5496 NetillaVPN (a84ae956ac7f9e493cac07ef98c1a3d1) C:\WINDOWS\system32\DRIVERS\Netva.sys 09:17:44.0890 5496 NetillaVPN - ok 09:17:44.0984 5496 NetillaVPNService (d5480f358c8781f46136df8c669b0d7a) C:\Program Files\AEP\SSLTunnel\nvpns.exe 09:17:44.0984 5496 NetillaVPNService - ok 09:17:45.0015 5496 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:17:45.0015 5496 Netlogon - ok 09:17:45.0062 5496 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 09:17:45.0062 5496 Netman - ok 09:17:45.0218 5496 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 09:17:45.0234 5496 NetTcpPortSharing - ok 09:17:45.0312 5496 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 09:17:45.0375 5496 Nla - ok 09:17:45.0437 5496 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 09:17:45.0437 5496 Npfs - ok 09:17:45.0531 5496 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 09:17:45.0578 5496 Ntfs - ok 09:17:45.0593 5496 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:17:45.0593 5496 NtLmSsp - ok 09:17:45.0640 5496 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 09:17:45.0687 5496 NtmsSvc - ok 09:17:45.0718 5496 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 09:17:45.0718 5496 Null - ok 09:17:45.0781 5496 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 09:17:45.0781 5496 NwlnkFlt - ok 09:17:45.0796 5496 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 09:17:45.0812 5496 NwlnkFwd - ok 09:17:45.0906 5496 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 09:17:45.0921 5496 ose - ok 09:17:45.0968 5496 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 09:17:45.0968 5496 Parport - ok 09:17:45.0984 5496 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 09:17:46.0000 5496 PartMgr - ok 09:17:46.0046 5496 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 09:17:46.0046 5496 ParVdm - ok 09:17:46.0078 5496 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 09:17:46.0078 5496 PCI - ok 09:17:46.0093 5496 PCIDump - ok 09:17:46.0125 5496 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 09:17:46.0125 5496 PCIIde - ok 09:17:46.0140 5496 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 09:17:46.0156 5496 Pcmcia - ok 09:17:46.0156 5496 PDCOMP - ok 09:17:46.0171 5496 PDFRAME - ok 09:17:46.0187 5496 PDRELI - ok 09:17:46.0203 5496 PDRFRAME - ok 09:17:46.0203 5496 perc2 - ok 09:17:46.0218 5496 perc2hib - ok 09:17:46.0296 5496 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 09:17:46.0296 5496 PlugPlay - ok 09:17:46.0312 5496 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:17:46.0312 5496 PolicyAgent - ok 09:17:46.0406 5496 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 09:17:46.0406 5496 PptpMiniport - ok 09:17:46.0421 5496 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:17:46.0421 5496 ProtectedStorage - ok 09:17:46.0437 5496 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 09:17:46.0453 5496 PSched - ok 09:17:46.0484 5496 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 09:17:46.0484 5496 Ptilink - ok 09:17:46.0500 5496 ql1080 - ok 09:17:46.0515 5496 Ql10wnt - ok 09:17:46.0515 5496 ql12160 - ok 09:17:46.0531 5496 ql1240 - ok 09:17:46.0546 5496 ql1280 - ok 09:17:46.0578 5496 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 09:17:46.0578 5496 RasAcd - ok 09:17:46.0609 5496 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 09:17:46.0625 5496 RasAuto - ok 09:17:46.0671 5496 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 09:17:46.0671 5496 Rasirda - ok 09:17:46.0687 5496 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 09:17:46.0703 5496 Rasl2tp - ok 09:17:46.0734 5496 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 09:17:46.0750 5496 RasMan - ok 09:17:46.0765 5496 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 09:17:46.0765 5496 RasPppoe - ok 09:17:46.0781 5496 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 09:17:46.0781 5496 Raspti - ok 09:17:46.0828 5496 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 09:17:46.0843 5496 Rdbss - ok 09:17:46.0859 5496 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 09:17:46.0875 5496 RDPCDD - ok 09:17:46.0921 5496 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 09:17:46.0937 5496 rdpdr - ok 09:17:47.0000 5496 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys 09:17:47.0031 5496 RDPWD - ok 09:17:47.0078 5496 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 09:17:47.0093 5496 RDSessMgr - ok 09:17:47.0125 5496 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 09:17:47.0140 5496 redbook - ok 09:17:47.0312 5496 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 09:17:47.0343 5496 RegSrvc - ok 09:17:47.0406 5496 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 09:17:47.0406 5496 RemoteAccess - ok 09:17:47.0484 5496 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 09:17:47.0484 5496 RemoteRegistry - ok 09:17:47.0531 5496 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 09:17:47.0531 5496 RpcLocator - ok 09:17:47.0593 5496 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 09:17:47.0609 5496 RpcSs - ok 09:17:47.0671 5496 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 09:17:47.0703 5496 RSVP - ok 09:17:47.0812 5496 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 09:17:47.0875 5496 S24EventMonitor - ok 09:17:47.0921 5496 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys 09:17:47.0921 5496 s24trans - ok 09:17:47.0984 5496 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:17:47.0984 5496 SamSs - ok 09:17:48.0078 5496 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 09:17:48.0078 5496 SASDIFSV - ok 09:17:48.0093 5496 SAS***IL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS 09:17:48.0093 5496 SAS***IL - ok 09:17:48.0156 5496 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 09:17:48.0171 5496 SCardSvr - ok 09:17:48.0234 5496 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 09:17:48.0281 5496 Schedule - ok 09:17:48.0312 5496 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 09:17:48.0328 5496 Secdrv - ok 09:17:48.0359 5496 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 09:17:48.0359 5496 seclogon - ok 09:17:48.0468 5496 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 09:17:48.0468 5496 SENS - ok 09:17:48.0546 5496 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 09:17:48.0562 5496 serenum - ok 09:17:48.0609 5496 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 09:17:48.0609 5496 Serial - ok 09:17:48.0671 5496 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 09:17:48.0671 5496 Sfloppy - ok 09:17:48.0750 5496 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 09:17:48.0765 5496 SharedAccess - ok 09:17:48.0828 5496 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 09:17:48.0828 5496 ShellHWDetection - ok 09:17:48.0843 5496 Simbad - ok 09:17:48.0890 5496 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys 09:17:48.0890 5496 SMCIRDA - ok 09:17:48.0906 5496 Sparrow - ok 09:17:48.0953 5496 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 09:17:48.0953 5496 splitter - ok 09:17:49.0015 5496 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 09:17:49.0015 5496 Spooler - ok 09:17:49.0078 5496 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 09:17:49.0078 5496 sr - ok 09:17:49.0125 5496 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 09:17:49.0125 5496 srservice - ok 09:17:49.0187 5496 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 09:17:49.0203 5496 Srv - ok 09:17:49.0296 5496 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 09:17:49.0296 5496 SSDPSRV - ok 09:17:49.0375 5496 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys 09:17:49.0390 5496 STAC97 - ok 09:17:49.0453 5496 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 09:17:49.0453 5496 stisvc - ok 09:17:49.0500 5496 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 09:17:49.0515 5496 swenum - ok 09:17:49.0531 5496 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 09:17:49.0531 5496 swmidi - ok 09:17:49.0546 5496 SwPrv - ok 09:17:49.0562 5496 symc810 - ok 09:17:49.0578 5496 symc8xx - ok 09:17:49.0593 5496 sym_hi - ok 09:17:49.0609 5496 sym_u3 - ok 09:17:49.0656 5496 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 09:17:49.0671 5496 sysaudio - ok 09:17:49.0718 5496 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 09:17:49.0734 5496 SysmonLog - ok 09:17:49.0781 5496 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 09:17:49.0796 5496 TapiSrv - ok 09:17:49.0859 5496 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 09:17:49.0890 5496 Tcpip - ok 09:17:49.0953 5496 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 09:17:49.0953 5496 TDPIPE - ok 09:17:49.0984 5496 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 09:17:49.0984 5496 TDTCP - ok 09:17:50.0000 5496 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 09:17:50.0015 5496 TermDD - ok 09:17:50.0046 5496 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 09:17:50.0062 5496 TermService - ok 09:17:50.0125 5496 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 09:17:50.0125 5496 Themes - ok 09:17:50.0171 5496 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 09:17:50.0187 5496 TlntSvr - ok 09:17:50.0203 5496 TosIde - ok 09:17:50.0250 5496 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 09:17:50.0265 5496 TrkWks - ok 09:17:50.0296 5496 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 09:17:50.0296 5496 Udfs - ok 09:17:50.0312 5496 UIUSys - ok 09:17:50.0328 5496 ultra - ok 09:17:50.0421 5496 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 09:17:50.0453 5496 Update - ok 09:17:50.0500 5496 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 09:17:50.0515 5496 upnphost - ok 09:17:50.0546 5496 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 09:17:50.0546 5496 UPS - ok 09:17:50.0625 5496 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 09:17:50.0625 5496 usbccgp - ok 09:17:50.0765 5496 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 09:17:50.0781 5496 usbehci - ok 09:17:50.0796 5496 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 09:17:50.0796 5496 usbhub - ok 09:17:50.0828 5496 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 09:17:50.0843 5496 usbprint - ok 09:17:50.0859 5496 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 09:17:50.0859 5496 usbscan - ok 09:17:50.0906 5496 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 09:17:50.0906 5496 USBSTOR - ok 09:17:50.0968 5496 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 09:17:50.0968 5496 usbuhci - ok 09:17:51.0078 5496 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 09:17:51.0078 5496 VgaSave - ok 09:17:51.0093 5496 ViaIde - ok 09:17:51.0125 5496 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 09:17:51.0125 5496 VolSnap - ok 09:17:51.0187 5496 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 09:17:51.0203 5496 VSS - ok 09:17:51.0421 5496 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys 09:17:51.0578 5496 w29n51 - ok 09:17:51.0750 5496 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 09:17:51.0765 5496 W32Time - ok 09:17:51.0828 5496 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 09:17:51.0843 5496 Wanarp - ok 09:17:51.0890 5496 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 09:17:51.0906 5496 wceusbsh - ok 09:17:51.0906 5496 WDICA - ok 09:17:51.0984 5496 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 09:17:51.0984 5496 wdmaud - ok 09:17:52.0046 5496 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 09:17:52.0062 5496 WebClient - ok 09:17:52.0156 5496 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 09:17:52.0203 5496 winachsf - ok 09:17:52.0312 5496 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 09:17:52.0312 5496 winmgmt - ok 09:17:52.0515 5496 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe 09:17:52.0546 5496 WLANKEEPER - ok 09:17:52.0593 5496 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll 09:17:52.0593 5496 WmdmPmSN - ok 09:17:52.0687 5496 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 09:17:52.0734 5496 Wmi - ok 09:17:52.0796 5496 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 09:17:52.0812 5496 WmiApSrv - ok 09:17:52.0906 5496 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 09:17:52.0921 5496 WS2IFSL - ok 09:17:52.0984 5496 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 09:17:52.0984 5496 wscsvc - ok 09:17:53.0046 5496 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 09:17:53.0062 5496 wuauserv - ok 09:17:53.0140 5496 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 09:17:53.0156 5496 WZCSVC - ok 09:17:53.0156 5496 xcpip - ok 09:17:53.0218 5496 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 09:17:53.0234 5496 xmlprov - ok 09:17:53.0250 5496 xpsec - ok 09:17:53.0328 5496 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 09:17:54.0156 5496 \Device\Harddisk0\DR0 - ok 09:17:54.0156 5496 Boot (0x1200) (91d123cdc670794bbef41be835648a46) \Device\Harddisk0\DR0\Partition0 09:17:54.0171 5496 \Device\Harddisk0\DR0\Partition0 - ok 09:17:54.0171 5496 ============================================================ 09:17:54.0171 5496 Scan finished 09:17:54.0187 5496 ============================================================ 09:17:54.0218 5488 Detected object count: 1 09:17:54.0218 5488 Actual detected object count: 1 09:18:11.0218 5488 atapi ( ForgedFile.Multi.Generic ) - skipped by user 09:18:11.0218 5488 atapi ( ForgedFile.Multi.Generic ) - User select action: Skip

"";""";"HKLM\SYSTEM\CurrentControlSet\services\atapi";"Found registry key with reference to infected file C:\WINDOWS\system32\DRIVERS\atapi.sys";"Moved to Virus Vault" "";"C:\WINDOWS\system32\DRIVERS\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)" "";"C:\WINDOWS\system32\drivers\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)" "";"C:\WINDOWS\system32\wuauclt.exe (2836)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\winlogon.exe (1168)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (788)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (772)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (560)";"Trojan horse PSW.Agent.AUET";"Deleted" C:\WINDOWS\system32\svchost.exe (2532)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (1716)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (1640)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (1412)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\services.exe (1220)";"Trojan horse PSW.Agent.AUES";"Deleted" "";"C:\WINDOWS\system32\igfxpers.exe (264)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\hkcmd.exe (1848)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\alg.exe (3300)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\explorer.exe (160)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (2096)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (528)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (3776)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3964)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Java\jre6\bin\jusched.exe (256)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Java\jre6\bin\jucheck.exe (2448)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Internet Explorer\iexplore.exe (4948)";"Trojan horse PSW.Agent.ARMW";"Deleted" "";"C:\Program Files\Internet Explorer\iexplore.exe (3536)";"Trojan horse PSW.Agent.ARMW";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3704)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (472)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (336)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2400)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (1620)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1860)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (2892)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3848)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (1136)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\AVG\AVG2012\avgmfapx.exe (4736)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3760)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\wuauclt.exe (2836):\memory_027e0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\winlogon.exe (1168):\memory_00df0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (788):\memory_00b50000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (788):\memory_00ac0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (772):\memory_00c30000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (772):\memory_00bb0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (560):\memory_00930000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (560):\memory_008a0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (2532):\memory_00c00000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (2532):\memory_00b70000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1716):\memory_00ae0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1716):\memory_00a10000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1640):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1640):\memory_00af0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1412):\memory_00a90000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1412):\memory_00640000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\services.exe (1220):\memory_009b0000";"Trojan horse PSW.Agent.AUES";"Infected" "";"C:\WINDOWS\system32\igfxpers.exe (264):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\hkcmd.exe (1848):\memory_00cd0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\alg.exe (3300):\memory_00aa0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\explorer.exe (160):\memory_01730000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\explorer.exe (160):\memory_00ff0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (2096):\memory_00e90000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (528):\memory_05cf0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (3776):\memory_01470000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3964):\memory_01280000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Java\jre6\bin\jusched.exe (256):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Java\jre6\bin\jucheck.exe (2448):\memory_00df0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Internet Explorer\iexplore.exe (4948):\memory_02000000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Internet Explorer\iexplore.exe (4948):\memory_009d0000";"Trojan horse PSW.Agent.ARMW";"Infected" "";"C:\Program Files\Internet Explorer\iexplore.exe (3536):\memory_00f20000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Internet Explorer\iexplore.exe (3536):\memory_009c0000";"Trojan horse PSW.Agent.ARMW";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3704):\memory_01050000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (472):\memory_06c80000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (336):\memory_01b20000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2400):\memory_006a0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (1620):\memory_013c0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1860):\memory_00fb0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (2892):\memory_01620000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3848):\memory_00d40000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (1136):\memory_019e0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\AVG\AVG2012\avgmfapx.exe (4736):\memory_01090000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3760):\memory_008d0000";"Trojan horse PSW.Agent.ASJX";"Infected"

ComboFix 12-08-08.01 - Mirjam 08-08-2012 22:10:30.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.410 [GMT 2:00] Running from: c:\documents and settings\Mirjam\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Mirjam\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . FILE :: "c:\windows\system32\drivers\ixodm.sys" "c:\windows\system32\drivers\rxr1z_.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Mirjam\Local Settings\Application Data\Ilivid Player c:\documents and settings\Mirjam\Local Settings\Application Data\Ilivid Player\script.qscript c:\program files\iLivid c:\program files\iLivid\fantastic\icon.ico c:\program files\iLivid\ftalk.ico c:\program files\iLivid\Helper.dll c:\program files\iLivid\ilivid.exe c:\program files\iLivid\ilivid.ico c:\program files\iLivid\imageformats\qgif4.dll c:\program files\iLivid\imageformats\qjpeg4.dll c:\program files\iLivid\libeay32.dll c:\program files\iLivid\libgcc_s_dw2-1.dll c:\program files\iLivid\mingwm10.dll c:\program files\iLivid\phonon4.dll c:\program files\iLivid\QtCore4.dll c:\program files\iLivid\QtGui4.dll c:\program files\iLivid\QtNetwork4.dll c:\program files\iLivid\QtScript4.dll c:\program files\iLivid\QtSvg4.dll c:\program files\iLivid\QtWebKit4.dll c:\program files\iLivid\QtXmlPatterns4.dll c:\program files\iLivid\script.qscript c:\program files\iLivid\script1.81.qscript c:\program files\iLivid\ssleay32.dll c:\program files\iLivid\uninstall.exe c:\program files\iLivid\VLC\activex\axvlc.dll c:\program files\iLivid\VLC\activex\axvlc.dll.manifest c:\program files\iLivid\VLC\activex\README.TXT c:\program files\iLivid\VLC\activex\test.html c:\program files\iLivid\VLC\AUTHORS.txt c:\program files\iLivid\VLC\COPYING.txt c:\program files\iLivid\VLC\http\.hosts c:\program files\iLivid\VLC\http\dialogs\.hosts c:\program files\iLivid\VLC\http\dialogs\browse c:\program files\iLivid\VLC\http\dialogs\footer c:\program files\iLivid\VLC\http\dialogs\input c:\program files\iLivid\VLC\http\dialogs\main c:\program files\iLivid\VLC\http\dialogs\mosaic c:\program files\iLivid\VLC\http\dialogs\playlist c:\program files\iLivid\VLC\http\dialogs\sout c:\program files\iLivid\VLC\http\dialogs\vlm c:\program files\iLivid\VLC\http\favicon.ico c:\program files\iLivid\VLC\http\flash.html c:\program files\iLivid\VLC\http\iehacks.css c:\program files\iLivid\VLC\http\images\delete.png c:\program files\iLivid\VLC\http\images\delete_small.png c:\program files\iLivid\VLC\http\images\eject.png c:\program files\iLivid\VLC\http\images\empty.png c:\program files\iLivid\VLC\http\images\fullscreen.png c:\program files\iLivid\VLC\http\images\help.png c:\program files\iLivid\VLC\http\images\info.png c:\program files\iLivid\VLC\http\images\loop.png c:\program files\iLivid\VLC\http\images\minus.png c:\program files\iLivid\VLC\http\images\next.png c:\program files\iLivid\VLC\http\images\pause.png c:\program files\iLivid\VLC\http\images\play.png c:\program files\iLivid\VLC\http\images\playlist.png c:\program files\iLivid\VLC\http\images\playlist_small.png c:\program files\iLivid\VLC\http\images\plus.png c:\program files\iLivid\VLC\http\images\prev.png c:\program files\iLivid\VLC\http\images\refresh.png c:\program files\iLivid\VLC\http\images\repeat.png c:\program files\iLivid\VLC\http\images\sd.png c:\program files\iLivid\VLC\http\images\shuffle.png c:\program files\iLivid\VLC\http\images\slider_bar.png c:\program files\iLivid\VLC\http\images\slider_left.png c:\program files\iLivid\VLC\http\images\slider_point.png c:\program files\iLivid\VLC\http\images\slider_right.png c:\program files\iLivid\VLC\http\images\slow.png c:\program files\iLivid\VLC\http\images\snapshot.png c:\program files\iLivid\VLC\http\images\sort.png c:\program files\iLivid\VLC\http\images\sout.png c:\program files\iLivid\VLC\http\images\speaker.png c:\program files\iLivid\VLC\http\images\speaker_mute.png c:\program files\iLivid\VLC\http\images\stop.png c:\program files\iLivid\VLC\http\images\vlc16x16.png c:\program files\iLivid\VLC\http\images\volume_down.png c:\program files\iLivid\VLC\http\images\volume_up.png c:\program files\iLivid\VLC\http\images\white.png c:\program files\iLivid\VLC\http\images\white_cross_small.png c:\program files\iLivid\VLC\http\index.html c:\program files\iLivid\VLC\http\js\functions.js c:\program files\iLivid\VLC\http\js\mosaic.js c:\program files\iLivid\VLC\http\js\vlm.js c:\program files\iLivid\VLC\http\mosaic.html c:\program files\iLivid\VLC\http\requests\browse.xml c:\program files\iLivid\VLC\http\requests\playlist.xml c:\program files\iLivid\VLC\http\requests\readme.txt c:\program files\iLivid\VLC\http\requests\status.xml c:\program files\iLivid\VLC\http\requests\vlm.xml c:\program files\iLivid\VLC\http\requests\vlm_cmd.xml c:\program files\iLivid\VLC\http\style.css c:\program files\iLivid\VLC\http\vlm.html c:\program files\iLivid\VLC\http\vlm_export.html c:\program files\iLivid\VLC\languages\bengali.nsh c:\program files\iLivid\VLC\languages\brazilian_portuguese.nsh c:\program files\iLivid\VLC\languages\bulgarian.nsh c:\program files\iLivid\VLC\languages\catalan.nsh c:\program files\iLivid\VLC\languages\danish.nsh c:\program files\iLivid\VLC\languages\declaration.nsh c:\program files\iLivid\VLC\languages\dutch.nsh c:\program files\iLivid\VLC\languages\english.nsh c:\program files\iLivid\VLC\languages\estonian.nsh c:\program files\iLivid\VLC\languages\finnish.nsh c:\program files\iLivid\VLC\languages\french.nsh c:\program files\iLivid\VLC\languages\german.nsh c:\program files\iLivid\VLC\languages\hungarian.nsh c:\program files\iLivid\VLC\languages\italian.nsh c:\program files\iLivid\VLC\languages\japanese.nsh c:\program files\iLivid\VLC\languages\lithuanian.nsh c:\program files\iLivid\VLC\languages\occitan.nsh c:\program files\iLivid\VLC\languages\polish.nsh c:\program files\iLivid\VLC\languages\punjabi.nsh c:\program files\iLivid\VLC\languages\romanian.nsh c:\program files\iLivid\VLC\languages\schinese.nsh c:\program files\iLivid\VLC\languages\slovak.nsh c:\program files\iLivid\VLC\languages\slovenian.nsh c:\program files\iLivid\VLC\languages\sorani.nsh c:\program files\iLivid\VLC\languages\spanish.nsh c:\program files\iLivid\VLC\libvlc.dll c:\program files\iLivid\VLC\libvlc.dll.manifest c:\program files\iLivid\VLC\libvlccore.dll c:\program files\iLivid\VLC\locale\ach\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\af\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\am\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\ar\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\ast\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\be\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\bg\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\bn\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\br\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\ca\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\cgg\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\ckb\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\co\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\cs\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\da\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\de\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\el\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\en_GB\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\es\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\et\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\eu\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\fa\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\ff\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\fi\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\fr\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\fur\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\ga\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\gl\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\he\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\hi\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\hr\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\hu\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\hy\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\id\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\is\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\it\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\ja\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\ka\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\kk\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\km\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\ko\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\lg\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\lt\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\lv\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\mk\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\ml\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\mn\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\ms\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\my\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\nb\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\ne\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\nl\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\nn\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\oc\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\pa\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\pl\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\ps\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\ro\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\ru\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\si\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\sk\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\sl\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\sq\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\sr\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\sv\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\ta\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\tet\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\th\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\tl\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\tr\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\uk\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\vi\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\wa\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\locale\zu\LC_MESSAGES\vlc.mo c:\program files\iLivid\VLC\lua\extensions\allocine-fr.lua c:\program files\iLivid\VLC\lua\extensions\imdb.lua c:\program files\iLivid\VLC\lua\extensions\README.txt c:\program files\iLivid\VLC\lua\http\.hosts c:\program files\iLivid\VLC\lua\http\custom.lua c:\program files\iLivid\VLC\lua\http\dialogs\.hosts c:\program files\iLivid\VLC\lua\http\dialogs\browse c:\program files\iLivid\VLC\lua\http\dialogs\footer c:\program files\iLivid\VLC\lua\http\dialogs\input c:\program files\iLivid\VLC\lua\http\dialogs\main c:\program files\iLivid\VLC\lua\http\dialogs\mosaic c:\program files\iLivid\VLC\lua\http\dialogs\playlist c:\program files\iLivid\VLC\lua\http\dialogs\sout c:\program files\iLivid\VLC\lua\http\dialogs\vlm c:\program files\iLivid\VLC\lua\http\favicon.ico c:\program files\iLivid\VLC\lua\http\flash.html c:\program files\iLivid\VLC\lua\http\iehacks.css c:\program files\iLivid\VLC\lua\http\images\delete.png c:\program files\iLivid\VLC\lua\http\images\delete_small.png c:\program files\iLivid\VLC\lua\http\images\eject.png c:\program files\iLivid\VLC\lua\http\images\empty.png c:\program files\iLivid\VLC\lua\http\images\fullscreen.png c:\program files\iLivid\VLC\lua\http\images\help.png c:\program files\iLivid\VLC\lua\http\images\info.png c:\program files\iLivid\VLC\lua\http\images\loop.png c:\program files\iLivid\VLC\lua\http\images\minus.png c:\program files\iLivid\VLC\lua\http\images\next.png c:\program files\iLivid\VLC\lua\http\images\pause.png c:\program files\iLivid\VLC\lua\http\images\play.png c:\program files\iLivid\VLC\lua\http\images\playlist.png c:\program files\iLivid\VLC\lua\http\images\playlist_small.png c:\program files\iLivid\VLC\lua\http\images\plus.png c:\program files\iLivid\VLC\lua\http\images\prev.png c:\program files\iLivid\VLC\lua\http\images\refresh.png c:\program files\iLivid\VLC\lua\http\images\repeat.png c:\program files\iLivid\VLC\lua\http\images\reset.png c:\program files\iLivid\VLC\lua\http\images\sd.png c:\program files\iLivid\VLC\lua\http\images\shuffle.png c:\program files\iLivid\VLC\lua\http\images\slider_bar.png c:\program files\iLivid\VLC\lua\http\images\slider_left.png c:\program files\iLivid\VLC\lua\http\images\slider_point.png c:\program files\iLivid\VLC\lua\http\images\slider_right.png c:\program files\iLivid\VLC\lua\http\images\slow.png c:\program files\iLivid\VLC\lua\http\images\snapshot.png c:\program files\iLivid\VLC\lua\http\images\sort.png c:\program files\iLivid\VLC\lua\http\images\sout.png c:\program files\iLivid\VLC\lua\http\images\speaker.png c:\program files\iLivid\VLC\lua\http\images\speaker_mute.png c:\program files\iLivid\VLC\lua\http\images\stop.png c:\program files\iLivid\VLC\lua\http\images\vlc16x16.png c:\program files\iLivid\VLC\lua\http\images\volume_down.png c:\program files\iLivid\VLC\lua\http\images\volume_up.png c:\program files\iLivid\VLC\lua\http\images\white.png c:\program files\iLivid\VLC\lua\http\images\white_cross_small.png c:\program files\iLivid\VLC\lua\http\index.html c:\program files\iLivid\VLC\lua\http\js\functions.js c:\program files\iLivid\VLC\lua\http\js\mosaic.js c:\program files\iLivid\VLC\lua\http\js\vlm.js c:\program files\iLivid\VLC\lua\http\mosaic.html c:\program files\iLivid\VLC\lua\http\requests\browse.xml c:\program files\iLivid\VLC\lua\http\requests\playlist.xml c:\program files\iLivid\VLC\lua\http\requests\readme.txt c:\program files\iLivid\VLC\lua\http\requests\status.xml c:\program files\iLivid\VLC\lua\http\requests\vlm.xml c:\program files\iLivid\VLC\lua\http\requests\vlm_cmd.xml c:\program files\iLivid\VLC\lua\http\style.css c:\program files\iLivid\VLC\lua\http\vlm.html c:\program files\iLivid\VLC\lua\http\vlm_export.html c:\program files\iLivid\VLC\lua\intf\dummy.lua c:\program files\iLivid\VLC\lua\intf\dumpmeta.lua c:\program files\iLivid\VLC\lua\intf\hotkeys.lua c:\program files\iLivid\VLC\lua\intf\http.lua c:\program files\iLivid\VLC\lua\intf\luac.lua c:\program files\iLivid\VLC\lua\intf\modules\common.lua c:\program files\iLivid\VLC\lua\intf\modules\host.lua c:\program files\iLivid\VLC\lua\intf\rc.lua c:\program files\iLivid\VLC\lua\intf\README.txt c:\program files\iLivid\VLC\lua\intf\telnet.lua c:\program files\iLivid\VLC\lua\meta\art\01_googleimage.lua c:\program files\iLivid\VLC\lua\meta\art\02_frenchtv.lua c:\program files\iLivid\VLC\lua\meta\art\03_lastfm.lua c:\program files\iLivid\VLC\lua\meta\art\04_musicbrainz.lua c:\program files\iLivid\VLC\lua\meta\art\README.txt c:\program files\iLivid\VLC\lua\meta\fetcher\README.txt c:\program files\iLivid\VLC\lua\meta\fetcher\tvrage.lua c:\program files\iLivid\VLC\lua\meta\reader\filename.lua c:\program files\iLivid\VLC\lua\meta\reader\README.txt c:\program files\iLivid\VLC\lua\modules\sandbox.lua c:\program files\iLivid\VLC\lua\modules\simplexml.lua c:\program files\iLivid\VLC\lua\playlist\anevia_streams.lua c:\program files\iLivid\VLC\lua\playlist\anevia_xml.lua c:\program files\iLivid\VLC\lua\playlist\appletrailers.lua c:\program files\iLivid\VLC\lua\playlist\bbc_co_uk.lua c:\program files\iLivid\VLC\lua\playlist\break.lua c:\program files\iLivid\VLC\lua\playlist\canalplus.lua c:\program files\iLivid\VLC\lua\playlist\cue.lua c:\program files\iLivid\VLC\lua\playlist\dailymotion.lua c:\program files\iLivid\VLC\lua\playlist\france2.lua c:\program files\iLivid\VLC\lua\playlist\googlevideo.lua c:\program files\iLivid\VLC\lua\playlist\jamendo.lua c:\program files\iLivid\VLC\lua\playlist\joox.lua c:\program files\iLivid\VLC\lua\playlist\katsomo.lua c:\program files\iLivid\VLC\lua\playlist\koreus.lua c:\program files\iLivid\VLC\lua\playlist\lelombrik.lua c:\program files\iLivid\VLC\lua\playlist\megavideo.lua c:\program files\iLivid\VLC\lua\playlist\metacafe.lua c:\program files\iLivid\VLC\lua\playlist\metachannels.lua c:\program files\iLivid\VLC\lua\playlist\mpora.lua c:\program files\iLivid\VLC\lua\playlist\pinkbike.lua c:\program files\iLivid\VLC\lua\playlist\README.txt c:\program files\iLivid\VLC\lua\playlist\rockbox_fm_presets.lua c:\program files\iLivid\VLC\lua\playlist\vimeo.lua c:\program files\iLivid\VLC\lua\playlist\youtube.lua c:\program files\iLivid\VLC\lua\playlist\youtube_homepage.lua c:\program files\iLivid\VLC\lua\README.txt c:\program files\iLivid\VLC\lua\sd\fmc.lua c:\program files\iLivid\VLC\lua\sd\freebox.lua c:\program files\iLivid\VLC\lua\sd\icecast.lua c:\program files\iLivid\VLC\lua\sd\jamendo.lua c:\program files\iLivid\VLC\lua\sd\metachannels.lua c:\program files\iLivid\VLC\lua\sd\README.txt c:\program files\iLivid\VLC\mozilla\npvlc.dll c:\program files\iLivid\VLC\mozilla\npvlc.dll.manifest c:\program files\iLivid\VLC\NEWS.txt c:\program files\iLivid\VLC\NSIS\UAC.dll c:\program files\iLivid\VLC\NSIS\UAC.nsh c:\program files\iLivid\VLC\osdmenu\default.cfg c:\program files\iLivid\VLC\osdmenu\default\selected\bw.png c:\program files\iLivid\VLC\osdmenu\default\selected\esc.png c:\program files\iLivid\VLC\osdmenu\default\selected\fw.png c:\program files\iLivid\VLC\osdmenu\default\selected\next.png c:\program files\iLivid\VLC\osdmenu\default\selected\play_pause.png c:\program files\iLivid\VLC\osdmenu\default\selected\previous.png c:\program files\iLivid\VLC\osdmenu\default\selected\stop.png c:\program files\iLivid\VLC\osdmenu\default\selected\volume.png c:\program files\iLivid\VLC\osdmenu\default\selection\bw.png c:\program files\iLivid\VLC\osdmenu\default\selection\esc.png c:\program files\iLivid\VLC\osdmenu\default\selection\fw.png c:\program files\iLivid\VLC\osdmenu\default\selection\next.png c:\program files\iLivid\VLC\osdmenu\default\selection\play_pause.png c:\program files\iLivid\VLC\osdmenu\default\selection\previous.png c:\program files\iLivid\VLC\osdmenu\default\selection\stop.png c:\program files\iLivid\VLC\osdmenu\default\selection\volume.png c:\program files\iLivid\VLC\osdmenu\default\unselected.png c:\program files\iLivid\VLC\osdmenu\default\volume\volume_00.png c:\program files\iLivid\VLC\osdmenu\default\volume\volume_01.png c:\program files\iLivid\VLC\osdmenu\default\volume\volume_02.png c:\program files\iLivid\VLC\osdmenu\default\volume\volume_03.png c:\program files\iLivid\VLC\osdmenu\default\volume\volume_04.png c:\program files\iLivid\VLC\osdmenu\default\volume\volume_05.png c:\program files\iLivid\VLC\osdmenu\default\volume\volume_06.png c:\program files\iLivid\VLC\osdmenu\default\volume\volume_07.png c:\program files\iLivid\VLC\osdmenu\default\volume\volume_08.png c:\program files\iLivid\VLC\osdmenu\default\volume\volume_09.png c:\program files\iLivid\VLC\osdmenu\default\volume\volume_10.png c:\program files\iLivid\VLC\plugins\liba52_plugin.dll c:\program files\iLivid\VLC\plugins\liba52tofloat32_plugin.dll c:\program files\iLivid\VLC\plugins\liba52tospdif_plugin.dll c:\program files\iLivid\VLC\plugins\libaccess_attachment_plugin.dll c:\program files\iLivid\VLC\plugins\libaccess_bd_plugin.dll c:\program files\iLivid\VLC\plugins\libaccess_fake_plugin.dll c:\program files\iLivid\VLC\plugins\libaccess_ftp_plugin.dll c:\program files\iLivid\VLC\plugins\libaccess_http_plugin.dll c:\program files\iLivid\VLC\plugins\libaccess_imem_plugin.dll c:\program files\iLivid\VLC\plugins\libaccess_mms_plugin.dll c:\program files\iLivid\VLC\plugins\libaccess_output_dummy_plugin.dll c:\program files\iLivid\VLC\plugins\libaccess_output_file_plugin.dll c:\program files\iLivid\VLC\plugins\libaccess_output_http_plugin.dll c:\program files\iLivid\VLC\plugins\libaccess_output_shout_plugin.dll c:\program files\iLivid\VLC\plugins\libaccess_output_udp_plugin.dll c:\program files\iLivid\VLC\plugins\libaccess_realrtsp_plugin.dll c:\program files\iLivid\VLC\plugins\libaccess_smb_plugin.dll c:\program files\iLivid\VLC\plugins\libaccess_tcp_plugin.dll c:\program files\iLivid\VLC\plugins\libaccess_udp_plugin.dll c:\program files\iLivid\VLC\plugins\libadjust_plugin.dll c:\program files\iLivid\VLC\plugins\libadpcm_plugin.dll c:\program files\iLivid\VLC\plugins\libaes3_plugin.dll c:\program files\iLivid\VLC\plugins\libaiff_plugin.dll c:\program files\iLivid\VLC\plugins\libalphamask_plugin.dll c:\program files\iLivid\VLC\plugins\libaout_directx_plugin.dll c:\program files\iLivid\VLC\plugins\libaout_file_plugin.dll c:\program files\iLivid\VLC\plugins\libaout_sdl_plugin.dll c:\program files\iLivid\VLC\plugins\libaraw_plugin.dll c:\program files\iLivid\VLC\plugins\libasf_plugin.dll c:\program files\iLivid\VLC\plugins\libatmo_plugin.dll c:\program files\iLivid\VLC\plugins\libau_plugin.dll c:\program files\iLivid\VLC\plugins\libaudio_format_plugin.dll c:\program files\iLivid\VLC\plugins\libaudiobargraph_a_plugin.dll c:\program files\iLivid\VLC\plugins\libaudiobargraph_v_plugin.dll c:\program files\iLivid\VLC\plugins\libaudioscrobbler_plugin.dll c:\program files\iLivid\VLC\plugins\libavcodec_plugin.dll c:\program files\iLivid\VLC\plugins\libavi_plugin.dll c:\program files\iLivid\VLC\plugins\libball_plugin.dll c:\program files\iLivid\VLC\plugins\libbda_plugin.dll c:\program files\iLivid\VLC\plugins\libblend_plugin.dll c:\program files\iLivid\VLC\plugins\libblendbench_plugin.dll c:\program files\iLivid\VLC\plugins\libbluescreen_plugin.dll c:\program files\iLivid\VLC\plugins\libcaca_plugin.dll c:\program files\iLivid\VLC\plugins\libcanvas_plugin.dll c:\program files\iLivid\VLC\plugins\libcc_plugin.dll c:\program files\iLivid\VLC\plugins\libcdda_plugin.dll c:\program files\iLivid\VLC\plugins\libcdg_plugin.dll c:\program files\iLivid\VLC\plugins\libchain_plugin.dll c:\program files\iLivid\VLC\plugins\libchorus_flanger_plugin.dll c:\program files\iLivid\VLC\plugins\libclone_plugin.dll c:\program files\iLivid\VLC\plugins\libcolorthres_plugin.dll c:\program files\iLivid\VLC\plugins\libconverter_fixed_plugin.dll c:\program files\iLivid\VLC\plugins\libcrop_plugin.dll c:\program files\iLivid\VLC\plugins\libcroppadd_plugin.dll c:\program files\iLivid\VLC\plugins\libcvdsub_plugin.dll c:\program files\iLivid\VLC\plugins\libdeinterlace_plugin.dll c:\program files\iLivid\VLC\plugins\libdemux_cdg_plugin.dll c:\program files\iLivid\VLC\plugins\libdemuxdump_plugin.dll c:\program files\iLivid\VLC\plugins\libdirac_plugin.dll c:\program files\iLivid\VLC\plugins\libdirect3d_plugin.dll c:\program files\iLivid\VLC\plugins\libdirectx_plugin.dll c:\program files\iLivid\VLC\plugins\libdmo_plugin.dll c:\program files\iLivid\VLC\plugins\libdolby_surround_decoder_plugin.dll c:\program files\iLivid\VLC\plugins\libdrawable_plugin.dll c:\program files\iLivid\VLC\plugins\libdshow_plugin.dll c:\program files\iLivid\VLC\plugins\libdts_plugin.dll c:\program files\iLivid\VLC\plugins\libdtstofloat32_plugin.dll c:\program files\iLivid\VLC\plugins\libdtstospdif_plugin.dll c:\program files\iLivid\VLC\plugins\libdummy_plugin.dll c:\program files\iLivid\VLC\plugins\libdvbsub_plugin.dll c:\program files\iLivid\VLC\plugins\libdvdnav_plugin.dll c:\program files\iLivid\VLC\plugins\libdvdread_plugin.dll c:\program files\iLivid\VLC\plugins\libequalizer_plugin.dll c:\program files\iLivid\VLC\plugins\liberase_plugin.dll c:\program files\iLivid\VLC\plugins\libes_plugin.dll c:\program files\iLivid\VLC\plugins\libexport_plugin.dll c:\program files\iLivid\VLC\plugins\libextract_plugin.dll c:\program files\iLivid\VLC\plugins\libfaad_plugin.dll c:\program files\iLivid\VLC\plugins\libfake_plugin.dll c:\program files\iLivid\VLC\plugins\libfilesystem_plugin.dll c:\program files\iLivid\VLC\plugins\libflac_plugin.dll c:\program files\iLivid\VLC\plugins\libflacsys_plugin.dll c:\program files\iLivid\VLC\plugins\libfloat32_mixer_plugin.dll c:\program files\iLivid\VLC\plugins\libfluidsynth_plugin.dll c:\program files\iLivid\VLC\plugins\libfolder_plugin.dll c:\program files\iLivid\VLC\plugins\libfreetype_plugin.dll c:\program files\iLivid\VLC\plugins\libgaussianblur_plugin.dll c:\program files\iLivid\VLC\plugins\libgestures_plugin.dll c:\program files\iLivid\VLC\plugins\libglobalhotkeys_plugin.dll c:\program files\iLivid\VLC\plugins\libglwin32_plugin.dll c:\program files\iLivid\VLC\plugins\libgme_plugin.dll c:\program files\iLivid\VLC\plugins\libgnutls_plugin.dll c:\program files\iLivid\VLC\plugins\libgoom_plugin.dll c:\program files\iLivid\VLC\plugins\libgradient_plugin.dll c:\program files\iLivid\VLC\plugins\libgrain_plugin.dll c:\program files\iLivid\VLC\plugins\libgrey_yuv_plugin.dll c:\program files\iLivid\VLC\plugins\libh264_plugin.dll c:\program files\iLivid\VLC\plugins\libheadphone_channel_mixer_plugin.dll c:\program files\iLivid\VLC\plugins\libhotkeys_plugin.dll c:\program files\iLivid\VLC\plugins\libi420_rgb_mmx_plugin.dll c:\program files\iLivid\VLC\plugins\libi420_rgb_plugin.dll c:\program files\iLivid\VLC\plugins\libi420_rgb_sse2_plugin.dll c:\program files\iLivid\VLC\plugins\libi420_yuy2_mmx_plugin.dll c:\program files\iLivid\VLC\plugins\libi420_yuy2_plugin.dll c:\program files\iLivid\VLC\plugins\libi420_yuy2_sse2_plugin.dll c:\program files\iLivid\VLC\plugins\libi422_i420_plugin.dll c:\program files\iLivid\VLC\plugins\libi422_yuy2_mmx_plugin.dll c:\program files\iLivid\VLC\plugins\libi422_yuy2_plugin.dll c:\program files\iLivid\VLC\plugins\libi422_yuy2_sse2_plugin.dll c:\program files\iLivid\VLC\plugins\libinvert_plugin.dll c:\program files\iLivid\VLC\plugins\libinvmem_plugin.dll c:\program files\iLivid\VLC\plugins\libkate_plugin.dll c:\program files\iLivid\VLC\plugins\liblibass_plugin.dll c:\program files\iLivid\VLC\plugins\liblibmpeg2_plugin.dll c:\program files\iLivid\VLC\plugins\liblive555_plugin.dll c:\program files\iLivid\VLC\plugins\liblogger_plugin.dll c:\program files\iLivid\VLC\plugins\liblogo_plugin.dll c:\program files\iLivid\VLC\plugins\liblpcm_plugin.dll c:\program files\iLivid\VLC\plugins\liblua_plugin.dll c:\program files\iLivid\VLC\plugins\libmagnify_plugin.dll c:\program files\iLivid\VLC\plugins\libmarq_plugin.dll c:\program files\iLivid\VLC\plugins\libmediadirs_plugin.dll c:\program files\iLivid\VLC\plugins\libmemcpy3dn_plugin.dll c:\program files\iLivid\VLC\plugins\libmemcpymmx_plugin.dll c:\program files\iLivid\VLC\plugins\libmemcpymmxext_plugin.dll c:\program files\iLivid\VLC\plugins\libmirror_plugin.dll c:\program files\iLivid\VLC\plugins\libmjpeg_plugin.dll c:\program files\iLivid\VLC\plugins\libmkv_plugin.dll c:\program files\iLivid\VLC\plugins\libmod_plugin.dll c:\program files\iLivid\VLC\plugins\libmono_plugin.dll c:\program files\iLivid\VLC\plugins\libmosaic_plugin.dll c:\program files\iLivid\VLC\plugins\libmotionblur_plugin.dll c:\program files\iLivid\VLC\plugins\libmotiondetect_plugin.dll c:\program files\iLivid\VLC\plugins\libmp4_plugin.dll c:\program files\iLivid\VLC\plugins\libmpc_plugin.dll c:\program files\iLivid\VLC\plugins\libmpeg_audio_plugin.dll c:\program files\iLivid\VLC\plugins\libmpgatofixed32_plugin.dll c:\program files\iLivid\VLC\plugins\libmpgv_plugin.dll c:\program files\iLivid\VLC\plugins\libmsn_plugin.dll c:\program files\iLivid\VLC\plugins\libmux_asf_plugin.dll c:\program files\iLivid\VLC\plugins\libmux_avi_plugin.dll c:\program files\iLivid\VLC\plugins\libmux_dummy_plugin.dll c:\program files\iLivid\VLC\plugins\libmux_mp4_plugin.dll c:\program files\iLivid\VLC\plugins\libmux_mpjpeg_plugin.dll c:\program files\iLivid\VLC\plugins\libmux_ogg_plugin.dll c:\program files\iLivid\VLC\plugins\libmux_ps_plugin.dll c:\program files\iLivid\VLC\plugins\libmux_ts_plugin.dll c:\program files\iLivid\VLC\plugins\libmux_wav_plugin.dll c:\program files\iLivid\VLC\plugins\libnetsync_plugin.dll c:\program files\iLivid\VLC\plugins\libnoise_plugin.dll c:\program files\iLivid\VLC\plugins\libnormvol_plugin.dll c:\program files\iLivid\VLC\plugins\libnsc_plugin.dll c:\program files\iLivid\VLC\plugins\libnsv_plugin.dll c:\program files\iLivid\VLC\plugins\libntservice_plugin.dll c:\program files\iLivid\VLC\plugins\libnuv_plugin.dll c:\program files\iLivid\VLC\plugins\libogg_plugin.dll c:\program files\iLivid\VLC\plugins\liboldhttp_plugin.dll c:\program files\iLivid\VLC\plugins\liboldrc_plugin.dll c:\program files\iLivid\VLC\plugins\liboldtelnet_plugin.dll c:\program files\iLivid\VLC\plugins\libosd_parser_plugin.dll c:\program files\iLivid\VLC\plugins\libosdmenu_plugin.dll c:\program files\iLivid\VLC\plugins\libpacketizer_copy_plugin.dll c:\program files\iLivid\VLC\plugins\libpacketizer_dirac_plugin.dll c:\program files\iLivid\VLC\plugins\libpacketizer_flac_plugin.dll c:\program files\iLivid\VLC\plugins\libpacketizer_h264_plugin.dll c:\program files\iLivid\VLC\plugins\libpacketizer_mlp_plugin.dll c:\program files\iLivid\VLC\plugins\libpacketizer_mpeg4audio_plugin.dll c:\program files\iLivid\VLC\plugins\libpacketizer_mpeg4video_plugin.dll c:\program files\iLivid\VLC\plugins\libpacketizer_mpegvideo_plugin.dll c:\program files\iLivid\VLC\plugins\libpacketizer_vc1_plugin.dll c:\program files\iLivid\VLC\plugins\libpanoramix_plugin.dll c:\program files\iLivid\VLC\plugins\libparam_eq_plugin.dll c:\program files\iLivid\VLC\plugins\libplaylist_plugin.dll c:\program files\iLivid\VLC\plugins\libpng_plugin.dll c:\program files\iLivid\VLC\plugins\libpodcast_plugin.dll c:\program files\iLivid\VLC\plugins\libportaudio_plugin.dll c:\program files\iLivid\VLC\plugins\libpostproc_plugin.dll c:\program files\iLivid\VLC\plugins\libprojectm_plugin.dll c:\program files\iLivid\VLC\plugins\libps_plugin.dll c:\program files\iLivid\VLC\plugins\libpsychedelic_plugin.dll c:\program files\iLivid\VLC\plugins\libpuzzle_plugin.dll c:\program files\iLivid\VLC\plugins\libpva_plugin.dll c:\program files\iLivid\VLC\plugins\libqt4_plugin.dll c:\program files\iLivid\VLC\plugins\libquicktime_plugin.dll c:\program files\iLivid\VLC\plugins\librawaud_plugin.dll c:\program files\iLivid\VLC\plugins\librawdv_plugin.dll c:\program files\iLivid\VLC\plugins\librawvid_plugin.dll c:\program files\iLivid\VLC\plugins\librawvideo_plugin.dll c:\program files\iLivid\VLC\plugins\libreal_plugin.dll c:\program files\iLivid\VLC\plugins\librealvideo_plugin.dll c:\program files\iLivid\VLC\plugins\libremoteosd_plugin.dll c:\program files\iLivid\VLC\plugins\libripple_plugin.dll c:\program files\iLivid\VLC\plugins\librotate_plugin.dll c:\program files\iLivid\VLC\plugins\librss_plugin.dll c:\program files\iLivid\VLC\plugins\librtp_plugin.dll c:\program files\iLivid\VLC\plugins\librv32_plugin.dll c:\program files\iLivid\VLC\plugins\libsap_plugin.dll c:\program files\iLivid\VLC\plugins\libscale_plugin.dll c:\program files\iLivid\VLC\plugins\libscaletempo_plugin.dll c:\program files\iLivid\VLC\plugins\libscene_plugin.dll c:\program files\iLivid\VLC\plugins\libschroedinger_plugin.dll c:\program files\iLivid\VLC\plugins\libscreen_plugin.dll c:\program files\iLivid\VLC\plugins\libsdl_image_plugin.dll c:\program files\iLivid\VLC\plugins\libsharpen_plugin.dll c:\program files\iLivid\VLC\plugins\libsimple_channel_mixer_plugin.dll c:\program files\iLivid\VLC\plugins\libskins2_plugin.dll c:\program files\iLivid\VLC\plugins\libsmf_plugin.dll c:\program files\iLivid\VLC\plugins\libspatializer_plugin.dll c:\program files\iLivid\VLC\plugins\libspdif_mixer_plugin.dll c:\program files\iLivid\VLC\plugins\libspeex_plugin.dll c:\program files\iLivid\VLC\plugins\libspudec_plugin.dll c:\program files\iLivid\VLC\plugins\libstats_plugin.dll c:\program files\iLivid\VLC\plugins\libstream_filter_rar_plugin.dll c:\program files\iLivid\VLC\plugins\libstream_filter_record_plugin.dll c:\program files\iLivid\VLC\plugins\libstream_out_autodel_plugin.dll c:\program files\iLivid\VLC\plugins\libstream_out_bridge_plugin.dll c:\program files\iLivid\VLC\plugins\libstream_out_description_plugin.dll c:\program files\iLivid\VLC\plugins\libstream_out_display_plugin.dll c:\program files\iLivid\VLC\plugins\libstream_out_dummy_plugin.dll c:\program files\iLivid\VLC\plugins\libstream_out_duplicate_plugin.dll c:\program files\iLivid\VLC\plugins\libstream_out_es_plugin.dll c:\program files\iLivid\VLC\plugins\libstream_out_gather_plugin.dll c:\program files\iLivid\VLC\plugins\libstream_out_mosaic_bridge_plugin.dll c:\program files\iLivid\VLC\plugins\libstream_out_raop_plugin.dll c:\program files\iLivid\VLC\plugins\libstream_out_record_plugin.dll c:\program files\iLivid\VLC\plugins\libstream_out_rtp_plugin.dll c:\program files\iLivid\VLC\plugins\libstream_out_smem_plugin.dll c:\program files\iLivid\VLC\plugins\libstream_out_standard_plugin.dll c:\program files\iLivid\VLC\plugins\libstream_out_transcode_plugin.dll c:\program files\iLivid\VLC\plugins\libsubsdec_plugin.dll c:\program files\iLivid\VLC\plugins\libsubsusf_plugin.dll c:\program files\iLivid\VLC\plugins\libsubtitle_plugin.dll c:\program files\iLivid\VLC\plugins\libsvcdsub_plugin.dll c:\program files\iLivid\VLC\plugins\libswscale_plugin.dll c:\program files\iLivid\VLC\plugins\libt140_plugin.dll c:\program files\iLivid\VLC\plugins\libtaglib_plugin.dll c:\program files\iLivid\VLC\plugins\libtheora_plugin.dll c:\program files\iLivid\VLC\plugins\libtransform_plugin.dll c:\program files\iLivid\VLC\plugins\libtrivial_channel_mixer_plugin.dll c:\program files\iLivid\VLC\plugins\libtrivial_mixer_plugin.dll c:\program files\iLivid\VLC\plugins\libts_plugin.dll c:\program files\iLivid\VLC\plugins\libtta_plugin.dll c:\program files\iLivid\VLC\plugins\libtwolame_plugin.dll c:\program files\iLivid\VLC\plugins\libty_plugin.dll c:\program files\iLivid\VLC\plugins\libugly_resampler_plugin.dll c:\program files\iLivid\VLC\plugins\libvc1_plugin.dll c:\program files\iLivid\VLC\plugins\libvcd_plugin.dll c:\program files\iLivid\VLC\plugins\libvideo_filter_wrapper_plugin.dll c:\program files\iLivid\VLC\plugins\libvisual_plugin.dll c:\program files\iLivid\VLC\plugins\libvmem_plugin.dll c:\program files\iLivid\VLC\plugins\libvobsub_plugin.dll c:\program files\iLivid\VLC\plugins\libvoc_plugin.dll c:\program files\iLivid\VLC\plugins\libvod_rtsp_plugin.dll c:\program files\iLivid\VLC\plugins\libvorbis_plugin.dll c:\program files\iLivid\VLC\plugins\libvout_sdl_plugin.dll c:\program files\iLivid\VLC\plugins\libvout_wrapper_plugin.dll c:\program files\iLivid\VLC\plugins\libwall_plugin.dll c:\program files\iLivid\VLC\plugins\libwav_plugin.dll c:\program files\iLivid\VLC\plugins\libwave_plugin.dll c:\program files\iLivid\VLC\plugins\libwaveout_plugin.dll c:\program files\iLivid\VLC\plugins\libwingdi_plugin.dll c:\program files\iLivid\VLC\plugins\libx264_plugin.dll c:\program files\iLivid\VLC\plugins\libxa_plugin.dll c:\program files\iLivid\VLC\plugins\libxml_plugin.dll c:\program files\iLivid\VLC\plugins\libxtag_plugin.dll c:\program files\iLivid\VLC\plugins\libyuv_plugin.dll c:\program files\iLivid\VLC\plugins\libyuvp_plugin.dll c:\program files\iLivid\VLC\plugins\libyuy2_i420_plugin.dll c:\program files\iLivid\VLC\plugins\libyuy2_i422_plugin.dll c:\program files\iLivid\VLC\plugins\libzip_plugin.dll c:\program files\iLivid\VLC\plugins\libzvbi_plugin.dll c:\program files\iLivid\VLC\plugins\plugins-04041e-3e8.dat c:\program files\iLivid\VLC\README.txt c:\program files\iLivid\VLC\sdk\include\vlc\deprecated.h c:\program files\iLivid\VLC\sdk\include\vlc\libvlc.h c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_events.h c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media.h c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_discoverer.h c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_library.h c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_list.h c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_list_player.h c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_player.h c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_structures.h c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_version.h c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_vlm.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_access.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_acl.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_aout.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_aout_mixer.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_arrays.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_art_finder.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_avcodec.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_bits.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_block.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_block_helper.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_charset.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_codec.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_common.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_config.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_config_cat.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_configuration.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_cpu.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_demux.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_dialog.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_epg.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_es.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_es_out.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_events.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_filter.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_fourcc.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_fs.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_gcrypt.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_http.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_httpd.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_image.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_inhibit.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_input.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_input_item.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_main.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_md5.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_messages.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_meta.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_modules.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_mouse.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_mtime.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_objects.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_picture.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_picture_fifo.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_picture_pool.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_playlist.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_plugin.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_probe.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_rand.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_services_discovery.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_sout.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_sql.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_stream.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_strings.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_subpicture.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_threads.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_url.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_variables.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_video_splitter.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vlm.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout_display.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout_opengl.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout_window.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_xlib.h c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_xml.h c:\program files\iLivid\VLC\sdk\include\vlc\vlc.h c:\program files\iLivid\VLC\sdk\lib\libvlc.dll.a c:\program files\iLivid\VLC\sdk\lib\libvlc.la c:\program files\iLivid\VLC\sdk\lib\libvlccore.dll.a c:\program files\iLivid\VLC\sdk\lib\libvlccore.la c:\program files\iLivid\VLC\sdk\lib\pkgconfig\libvlc.pc c:\program files\iLivid\VLC\sdk\lib\pkgconfig\vlc-plugin.pc c:\program files\iLivid\VLC\skins\default.vlt c:\program files\iLivid\VLC\skins\fonts\FreeSans.ttf c:\program files\iLivid\VLC\skins\fonts\FreeSansBold.ttf c:\program files\iLivid\VLC\skins\skin.catalog c:\program files\iLivid\VLC\skins\skin.dtd c:\program files\iLivid\VLC\spad.nsi c:\program files\iLivid\VLC\THANKS.txt c:\program files\iLivid\VLC\vlc-cache-gen.exe c:\program files\iLivid\VLC\vlc.exe c:\program files\iLivid\VLC\vlc.exe.manifest c:\program files\iLivid\VLC\vlc.ico c:\program files\iLivid\VLC\vlc.win32.nsi . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_RXR1Z_.SYS -------\Service_rxr1z_.sys -------\Service_xcpip -------\Service_xpsec . . ((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 ))))))))))))))))))))))))))))))) . . 2012-08-06 22:59 . 2012-08-06 22:59 -------- d-----w- c:\documents and settings\Mirjam\Application Data\SUPERAntiSpyware.com 2012-08-06 22:58 . 2012-08-07 09:12 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-08-06 22:58 . 2012-08-06 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2012-08-06 22:57 . 2012-08-06 22:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-08-06 21:05 . 2012-08-06 21:05 388096 ----a-r- c:\documents and settings\Mirjam\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-06 21:05 . 2012-08-06 21:05 -------- d-----w- c:\program files\Trend Micro 2012-08-03 11:51 . 2012-08-03 11:51 54016 ----a-w- c:\windows\system32\drivers\ixodm.sys 2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\Mirjam\Application Data\Malwarebytes 2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-02 22:31 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-02 21:08 . 2012-08-03 08:06 -------- d-----w- c:\documents and settings\Mirjam\Application Data\eType . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-02 22:25 . 2012-03-29 19:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-02 22:25 . 2011-07-31 21:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-13 13:19 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2008-10-16 13:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2009-01-28 08:57 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2009-01-28 08:57 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2009-01-28 08:57 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2009-01-28 08:57 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2009-01-28 08:57 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2008-10-16 13:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2009-01-28 08:57 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2009-01-28 08:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:18 . 2010-10-13 17:07 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2010-10-13 17:07 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 13:18 . 2010-10-13 17:07 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((( SnapShot@2012-08-02_23.19.50 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-15 21:15 . 2012-08-07 09:12 1137132 c:\windows\system32\Restore\rstrlog.dat + 2012-08-06 21:05 . 2012-08-06 21:05 1094656 c:\windows\Installer\5f2a31.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "DVDTray"="c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 65536] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 148888] "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Mirjam\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 1:14 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11-7-2011 1:13 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 295248] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22-7-2011 18:27 12880] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [12-7-2011 23:55 67664] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 7:25 4433248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 6:09 192776] R2 gupdate1c9a6233ac2f8f8;Google Updateservice (gupdate1c9a6233ac2f8f8);c:\program files\Google\Update\GoogleUpdate.exe [16-3-2009 12:37 133104] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3-8-2012 0:31 655944] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 1:14 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 1:14 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11-7-2011 1:14 16720] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [3-5-2004 17:26 80384] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3-8-2012 0:31 22344] R3 NetillaVPN;AEP VPN Adapter;c:\windows\system32\drivers\Netva.sys [12-8-2008 13:08 10112] S0 cerc6;cerc6; [x] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29-3-2012 21:52 250056] S3 CFcatchme;CFcatchme;\??\c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16-3-2009 12:37 133104] S3 NetillaVPNService;AEP SSL Tunnel Helper Service;c:\program files\AEP\SSLTunnel\NVPNs.exe [12-8-2008 13:08 13824] . Contents of the 'Scheduled Tasks' folder . 2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 22:25] . 2012-08-07 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 21:09] . 2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37] . 2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37] . 2012-08-08 c:\windows\Tasks\User_Feed_Synchronization-{04FCF37C-6942-4AD6-8098-20AD25E9506F}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.nu.nl/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm TCP: DhcpNameServer = 192.168.1.254 192.168.0.1 DPF: {37066585-F2BD-4F2E-A6C6-F2CB64EEE826} - hxxps://aloa.arcadis.nl/webapp/psvpns/VPNInstall.cab . - - - - ORPHANS REMOVED - - - - . AddRemove-iLivid - c:\program files\iLivid\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-08 22:31 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*] "3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1160) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(4780) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD c:\program files\WinRAR\rarext.dll c:\program files\Malwarebytes' Anti-Malware\mbamext.dll c:\program files\AVG\AVG2012\avgsysx.dll c:\program files\SUPERAntiSpyware\SASCTXMN.DLL . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\windows\System32\SCardSvr.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Completion time: 2012-08-08 22:44:30 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-08 20:44 ComboFix2.txt 2012-08-07 11:29 ComboFix3.txt 2012-08-02 23:35 . Pre-Run: 14.495.412.224 bytes free Post-Run: 14.292.815.872 bytes free . - - End Of File - - 5C25903E9AE46E78B265BB653909A61A

Ik zit met (ongeveer) hetzelfde probleem als wat in andere discussies is geschetst: computer merkbaar trager en start niet meer automatisch op; kiezen voor opstarten vanaf een punt dat de computer zonder problemen opstartte (o.i.d.). AVG spoort het e.e.a. op maar de computer blijft geinfecteerd. Ik heb een aantal acties uitgevoerd zoals herboven beschreven. Graag zou ik mijn computer weer "trojan-vrij" krijgen, wie helpt? onderstaand de logfile van combofix, logfile van hijackthis en een overzicht van de avg-scan met de gedetecteerde bestanden. COMBOFIX ComboFix 12-08-07.02 - Mirjam 07-08-2012 13:10:03.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.563 [GMT 2:00] Running from: c:\documents and settings\Mirjam\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_xcpip -------\Service_xpsec . . ((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 ))))))))))))))))))))))))))))))) . . 2012-08-06 22:59 . 2012-08-06 22:59 -------- d-----w- c:\documents and settings\Mirjam\Application Data\SUPERAntiSpyware.com 2012-08-06 22:58 . 2012-08-07 09:12 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-08-06 22:58 . 2012-08-06 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2012-08-06 22:57 . 2012-08-06 22:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-08-06 21:05 . 2012-08-06 21:05 388096 ----a-r- c:\documents and settings\Mirjam\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-06 21:05 . 2012-08-06 21:05 -------- d-----w- c:\program files\Trend Micro 2012-08-03 12:30 . 2012-08-03 12:30 -------- d-----w- c:\documents and settings\Mirjam\Local Settings\Application Data\Ilivid Player 2012-08-03 12:29 . 2012-08-07 09:12 -------- d-----w- c:\program files\iLivid 2012-08-03 11:51 . 2012-08-03 11:51 54016 ----a-w- c:\windows\system32\drivers\ixodm.sys 2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\Mirjam\Application Data\Malwarebytes 2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-02 22:31 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-02 21:08 . 2012-08-03 08:06 -------- d-----w- c:\documents and settings\Mirjam\Application Data\eType . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-02 22:25 . 2012-03-29 19:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-02 22:25 . 2011-07-31 21:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-13 13:19 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2008-10-16 13:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2009-01-28 08:57 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2009-01-28 08:57 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2009-01-28 08:57 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2009-01-28 08:57 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2009-01-28 08:57 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2008-10-16 13:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2009-01-28 08:57 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2009-01-28 08:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:18 . 2010-10-13 17:07 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2010-10-13 17:07 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 13:18 . 2010-10-13 17:07 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . Cryptography Services Error !! . ((((((((((((((((((((((((((((( SnapShot@2012-08-02_23.19.50 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-15 21:15 . 2012-08-07 09:12 1137132 c:\windows\system32\Restore\rstrlog.dat + 2012-08-06 21:05 . 2012-08-06 21:05 1094656 c:\windows\Installer\5f2a31.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "DVDTray"="c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 65536] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 148888] "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Mirjam\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 1:14 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11-7-2011 1:13 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 295248] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22-7-2011 18:27 12880] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [12-7-2011 23:55 67664] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 1:14 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 1:14 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11-7-2011 1:14 16720] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [3-5-2004 17:26 80384] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3-8-2012 0:31 22344] R3 NetillaVPN;AEP VPN Adapter;c:\windows\system32\drivers\Netva.sys [12-8-2008 13:08 10112] S0 cerc6;cerc6; [x] S3 CFcatchme;CFcatchme;\??\c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys [?] S3 rxr1z_.sys;rxr1z_.sys;\??\c:\windows\system32\drivers\rxr1z_.sys --> c:\windows\system32\drivers\rxr1z_.sys [?] . Contents of the 'Scheduled Tasks' folder . 2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 22:25] . 2012-08-07 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 21:09] . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37] . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37] . 2012-08-06 c:\windows\Tasks\User_Feed_Synchronization-{04FCF37C-6942-4AD6-8098-20AD25E9506F}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.nu.nl/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm TCP: DhcpNameServer = 192.168.1.254 192.168.0.1 DPF: {37066585-F2BD-4F2E-A6C6-F2CB64EEE826} - hxxps://aloa.arcadis.nl/webapp/psvpns/VPNInstall.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-07 13:23 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*] "3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1176) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(2432) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\windows\System32\SCardSvr.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\AVG\AVG2012\avgwdsvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\AVG\AVG2012\AVGIDSAgent.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Completion time: 2012-08-07 13:29:48 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-07 11:29 ComboFix2.txt 2012-08-02 23:35 . Pre-Run: 14.146.965.504 bytes free Post-Run: 14.505.811.968 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 23EFE9FAF819432F7DD132EE6C42B871 HijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:48:39, on 7-8-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\21.0.1180.60\npchrome_frame.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O16 - DPF: {37066585-F2BD-4F2E-A6C6-F2CB64EEE826} (AEP SSL Tunnel Client ActiveX Control) - https://aloa.arcadis.nl/webapp/psvpns/VPNInstall.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1235246462472&h=1e17d89d0dc1d6bf9f1ace3cfaf1f2fb/&filename=jinstall-6u12-windows-i586-jc.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\21.0.1180.60\npchrome_frame.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updateservice (gupdate1c9a6233ac2f8f8) (gupdate1c9a6233ac2f8f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: AEP SSL Tunnel Helper Service (NetillaVPNService) - AEP Networks, Inc. - C:\Program Files\AEP\SSLTunnel\nvpns.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Mirjam/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 9800 bytes AVG-scan result "";"C:\WINDOWS\system32\winlogon.exe (1176)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (3344)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (1744)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\svchost.exe (1572)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\WINDOWS\system32\services.exe (1220)";"Trojan horse PSW.Agent.AUES";"Deleted" "";"C:\WINDOWS\system32\igfxpers.exe (3644)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\hkcmd.exe (3608)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\explorer.exe (2432)";"Trojan horse PSW.Agent.AUET";"Deleted" "";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (1732)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (644)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (676)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Java\jre6\bin\jusched.exe (3908)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Java\jre6\bin\jucheck.exe (5852)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3700)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (512)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (408)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (3156)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3776)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1860)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (5772)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (3012)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (4032)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (2240)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\AVG\AVG2012\avgui.exe (4772)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\AVG\AVG2012\avgtray.exe (4092)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (3432)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3860)";"Trojan horse PSW.Agent.ASJX";"Deleted" "";"C:\WINDOWS\system32\winlogon.exe (1176):\memory_00da0000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (3344):\memory_00c00000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (3344):\memory_00b70000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1744):\memory_00a90000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1744):\memory_00a10000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1572):\memory_00a90000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\svchost.exe (1572):\memory_00640000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\WINDOWS\system32\services.exe (1220):\memory_00930000";"Trojan horse PSW.Agent.AUES";"Infected" "";"C:\WINDOWS\system32\igfxpers.exe (3644):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\system32\hkcmd.exe (3608):\memory_00cd0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\explorer.exe (2432):\memory_016f0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\WINDOWS\explorer.exe (2432):\memory_00d20000";"Trojan horse PSW.Agent.AUET";"Infected" "";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (1732):\memory_00f50000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (644):\memory_05c90000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (676):\memory_01230000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Java\jre6\bin\jusched.exe (3908):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Java\jre6\bin\jucheck.exe (5852):\memory_01860000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3700):\memory_01050000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (512):\memory_02880000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (408):\memory_00f90000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (3156):\memory_006a0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3776):\memory_00f70000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1860):\memory_00eb0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (5772):\memory_00e90000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (3012):\memory_008f0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (4032):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (2240):\memory_03090000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\AVG\AVG2012\avgui.exe (4772):\memory_01d00000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\AVG\AVG2012\avgtray.exe (4092):\memory_01aa0000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (3432):\memory_01c20000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3860):\memory_00900000";"Trojan horse PSW.Agent.ASJX";"Infected" "";"HKLM\SYSTEM\CurrentControlSet\services\atapi";"Found registry key with reference to infected file C:\WINDOWS\system32\DRIVERS\atapi.sys";"Healed" "";"C:\WINDOWS\system32\DRIVERS\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)"