kjv
-
Items
9 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door kjv
-
-
dr web uitgevoerd zoals hierboven, maar helaas heeft en gezinslid de computer uitgezet voordat er een log is opgeslagen. Het hele circus nogmaals laten draaien en log opgeslagen (zeer groot bestand). alles was o.k. , geen virussen o.i.d. gedetecteerd.
Ik heb wel de bestanden die bij de eerste dr-web-scan in quarantine zijn geplaatst genoteerd. Vervolgens AVG laten scannen: meer infecties gedetecteerd dan voorheen!
dr-web-quarantine:
A0060108.dll
A0060573.dll
A0061224.dll
descript.ion
Helper.dll.vir
AVG-scan:
"";"C:\WINDOWS\system32\winlogon.exe (1176)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (672)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (3812)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (312)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (2160)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (1748)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (1696)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (1632)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\services.exe (1224)";"Trojan horse PSW.Agent.AUES";"Deleted"
"";"C:\WINDOWS\system32\igfxpers.exe (3568)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\hkcmd.exe (3560)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\ctfmon.exe (3912)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\alg.exe (2916)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\explorer.exe (240)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (108)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3868)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (3636)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3876)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Java\jre6\bin\jusched.exe (3624)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3528)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (536)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (392)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2000)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3596)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1864)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (3476)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1816)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (2724)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (3884)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\AVG\AVG2012\avgui.exe (4592)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\AVG\AVG2012\avgtray.exe (3756)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (720)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\winlogon.exe (1176):\memory_00bf0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (672):\memory_00930000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (672):\memory_008a0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (3812):\memory_00b50000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (3812):\memory_00ac0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (312):\memory_00b60000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (312):\memory_00ae0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (2160):\memory_00c00000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (2160):\memory_00b70000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1748):\memory_00ae0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1748):\memory_00a50000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1696):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1696):\memory_00af0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1632):\memory_00ae0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1632):\memory_00a60000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\services.exe (1224):\memory_00670000";"Trojan horse PSW.Agent.AUES";"Infected"
"";"C:\WINDOWS\system32\igfxpers.exe (3568):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\hkcmd.exe (3560):\memory_00cd0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\ctfmon.exe (3912):\memory_00b10000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\alg.exe (2916):\memory_00aa0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\explorer.exe (240):\memory_00f10000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\explorer.exe (240):\memory_00e80000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (108):\memory_00e90000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3868):\memory_05cf0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (3636):\memory_01670000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3876):\memory_01280000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Java\jre6\bin\jusched.exe (3624):\memory_00b20000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3528):\memory_01050000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (536):\memory_02880000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (392):\memory_01ad0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2000):\memory_006a0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3596):\memory_00fc0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1864):\memory_00fb0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (3476):\memory_01670000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1816):\memory_008f0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (2724):\memory_00da0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (3884):\memory_019e0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\AVG\AVG2012\avgui.exe (4592):\memory_01430000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\AVG\AVG2012\avgtray.exe (3756):\memory_03760000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (720):\memory_008d0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\drivers\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)"
-
TDSS-killer en avg-scan. tdss heeft niets gevonden, avg blijft problemen signaleren, dit klopt want computer blijft traag en onvoorspelbaar.
20:23:10.0265 2808 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:23:10.0750 2808 ============================================================
20:23:10.0750 2808 Current date / time: 2012/08/13 20:23:10.0750
20:23:10.0750 2808 SystemInfo:
20:23:10.0750 2808
20:23:10.0750 2808 OS Version: 5.1.2600 ServicePack: 3.0
20:23:10.0750 2808 Product type: Workstation
20:23:10.0750 2808 ComputerName: MIRJAM-303AF4B9
20:23:10.0750 2808 UserName: Mirjam
20:23:10.0750 2808 Windows directory: C:\WINDOWS
20:23:10.0750 2808 System windows directory: C:\WINDOWS
20:23:10.0750 2808 Processor architecture: Intel x86
20:23:10.0750 2808 Number of processors: 1
20:23:10.0750 2808 Page size: 0x1000
20:23:10.0750 2808 Boot type: Normal boot
20:23:10.0750 2808 ============================================================
20:23:13.0375 2808 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020
20:23:13.0375 2808 ============================================================
20:23:13.0375 2808 \Device\Harddisk0\DR0:
20:23:13.0375 2808 MBR partitions:
20:23:13.0375 2808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A84E60
20:23:13.0375 2808 ============================================================
20:23:13.0406 2808 C: <-> \Device\Harddisk0\DR0\Partition0
20:23:13.0406 2808 ============================================================
20:23:13.0406 2808 Initialize success
20:23:13.0406 2808 ============================================================
20:23:38.0640 4336 ============================================================
20:23:38.0640 4336 Scan started
20:23:38.0640 4336 Mode: Manual;
20:23:38.0640 4336 ============================================================
20:23:39.0109 4336 Abiosdsk - ok
20:23:39.0125 4336 abp480n5 - ok
20:23:39.0187 4336 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:23:39.0218 4336 ACPI - ok
20:23:39.0265 4336 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:23:39.0265 4336 ACPIEC - ok
20:23:39.0359 4336 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
20:23:39.0375 4336 Adobe LM Service - ok
20:23:39.0484 4336 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:23:39.0500 4336 AdobeFlashPlayerUpdateSvc - ok
20:23:39.0515 4336 adpu160m - ok
20:23:39.0562 4336 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:23:39.0578 4336 aec - ok
20:23:39.0656 4336 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:23:39.0671 4336 AegisP - ok
20:23:39.0734 4336 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:23:39.0750 4336 AFD - ok
20:23:39.0750 4336 Aha154x - ok
20:23:39.0765 4336 aic78u2 - ok
20:23:39.0781 4336 aic78xx - ok
20:23:39.0812 4336 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:23:39.0812 4336 Alerter - ok
20:23:39.0859 4336 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:23:39.0875 4336 ALG - ok
20:23:39.0875 4336 AliIde - ok
20:23:39.0890 4336 amsint - ok
20:23:39.0937 4336 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:23:39.0937 4336 AppMgmt - ok
20:23:39.0953 4336 asc - ok
20:23:39.0968 4336 asc3350p - ok
20:23:39.0968 4336 asc3550 - ok
20:23:40.0093 4336 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:23:40.0093 4336 aspnet_state - ok
20:23:40.0125 4336 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:23:40.0125 4336 AsyncMac - ok
20:23:40.0140 4336 Atdisk - ok
20:23:40.0171 4336 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:23:40.0171 4336 Atmarpc - ok
20:23:40.0203 4336 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:23:40.0203 4336 AudioSrv - ok
20:23:40.0250 4336 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:23:40.0250 4336 audstub - ok
20:23:40.0687 4336 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
20:23:40.0953 4336 AVGIDSAgent - ok
20:23:41.0109 4336 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
20:23:41.0125 4336 AVGIDSDriver - ok
20:23:41.0187 4336 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
20:23:41.0187 4336 AVGIDSEH - ok
20:23:41.0203 4336 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
20:23:41.0218 4336 AVGIDSFilter - ok
20:23:41.0234 4336 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
20:23:41.0234 4336 AVGIDSShim - ok
20:23:41.0296 4336 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:23:41.0328 4336 Avgldx86 - ok
20:23:41.0328 4336 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:23:41.0343 4336 Avgmfx86 - ok
20:23:41.0406 4336 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:23:41.0421 4336 Avgrkx86 - ok
20:23:41.0468 4336 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:23:41.0500 4336 Avgtdix - ok
20:23:41.0656 4336 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
20:23:41.0671 4336 avgwd - ok
20:23:41.0734 4336 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:23:41.0750 4336 b57w2k - ok
20:23:41.0796 4336 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:23:41.0796 4336 Beep - ok
20:23:41.0875 4336 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:23:41.0953 4336 BITS - ok
20:23:42.0000 4336 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:23:42.0015 4336 Browser - ok
20:23:42.0140 4336 catchme - ok
20:23:42.0203 4336 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:23:42.0203 4336 cbidf2k - ok
20:23:42.0218 4336 cd20xrnt - ok
20:23:42.0234 4336 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:23:42.0250 4336 Cdaudio - ok
20:23:42.0296 4336 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:23:42.0296 4336 Cdfs - ok
20:23:42.0468 4336 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:23:42.0468 4336 Cdrom - ok
20:23:42.0484 4336 cerc6 - ok
20:23:42.0484 4336 CFcatchme - ok
20:23:42.0500 4336 Changer - ok
20:23:42.0531 4336 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:23:42.0531 4336 CiSvc - ok
20:23:42.0546 4336 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:23:42.0546 4336 ClipSrv - ok
20:23:42.0671 4336 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:23:42.0671 4336 clr_optimization_v2.0.50727_32 - ok
20:23:42.0718 4336 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:23:42.0718 4336 CmBatt - ok
20:23:42.0734 4336 CmdIde - ok
20:23:42.0750 4336 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:23:42.0750 4336 Compbatt - ok
20:23:42.0765 4336 COMSysApp - ok
20:23:42.0781 4336 Cpqarray - ok
20:23:42.0828 4336 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:23:42.0828 4336 CryptSvc - ok
20:23:42.0843 4336 dac2w2k - ok
20:23:42.0859 4336 dac960nt - ok
20:23:42.0921 4336 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:23:42.0953 4336 DcomLaunch - ok
20:23:42.0984 4336 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:23:43.0000 4336 Dhcp - ok
20:23:43.0031 4336 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:23:43.0046 4336 Disk - ok
20:23:43.0062 4336 dmadmin - ok
20:23:43.0156 4336 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:23:43.0218 4336 dmboot - ok
20:23:43.0265 4336 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:23:43.0281 4336 dmio - ok
20:23:43.0312 4336 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:23:43.0328 4336 dmload - ok
20:23:43.0343 4336 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:23:43.0343 4336 dmserver - ok
20:23:43.0390 4336 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:23:43.0390 4336 DMusic - ok
20:23:43.0453 4336 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:23:43.0453 4336 Dnscache - ok
20:23:43.0515 4336 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:23:43.0531 4336 Dot3svc - ok
20:23:43.0531 4336 dpti2o - ok
20:23:43.0578 4336 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:23:43.0578 4336 drmkaud - ok
20:23:43.0609 4336 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:23:43.0609 4336 EapHost - ok
20:23:43.0640 4336 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:23:43.0656 4336 ERSvc - ok
20:23:43.0703 4336 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:23:43.0734 4336 Eventlog - ok
20:23:43.0812 4336 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:23:43.0828 4336 EventSystem - ok
20:23:44.0031 4336 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
20:23:44.0078 4336 EvtEng - ok
20:23:44.0140 4336 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:23:44.0156 4336 Fastfat - ok
20:23:44.0203 4336 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:23:44.0250 4336 FastUserSwitchingCompatibility - ok
20:23:44.0265 4336 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:23:44.0281 4336 Fdc - ok
20:23:44.0296 4336 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:23:44.0296 4336 Fips - ok
20:23:44.0312 4336 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:23:44.0312 4336 Flpydisk - ok
20:23:44.0500 4336 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:23:44.0531 4336 FltMgr - ok
20:23:44.0703 4336 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:23:44.0703 4336 FontCache3.0.0.0 - ok
20:23:44.0734 4336 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:23:44.0750 4336 Fs_Rec - ok
20:23:44.0765 4336 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:23:44.0781 4336 Ftdisk - ok
20:23:44.0828 4336 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:23:44.0843 4336 Gpc - ok
20:23:44.0906 4336 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
20:23:44.0906 4336 GTIPCI21 - ok
20:23:45.0046 4336 gupdate1c9a6233ac2f8f8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:23:45.0046 4336 gupdate1c9a6233ac2f8f8 - ok
20:23:45.0062 4336 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:23:45.0062 4336 gupdatem - ok
20:23:45.0125 4336 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:23:45.0187 4336 gusvc - ok
20:23:45.0281 4336 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:23:45.0281 4336 helpsvc - ok
20:23:45.0312 4336 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:23:45.0312 4336 HidServ - ok
20:23:45.0375 4336 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:23:45.0375 4336 hidusb - ok
20:23:45.0421 4336 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:23:45.0421 4336 hkmsvc - ok
20:23:45.0437 4336 hpn - ok
20:23:45.0500 4336 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
20:23:45.0515 4336 HSFHWICH - ok
20:23:45.0625 4336 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:23:45.0671 4336 HSF_DP - ok
20:23:45.0750 4336 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:23:45.0765 4336 HTTP - ok
20:23:45.0812 4336 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:23:45.0812 4336 HTTPFilter - ok
20:23:45.0828 4336 i2omgmt - ok
20:23:45.0843 4336 i2omp - ok
20:23:45.0875 4336 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:23:45.0875 4336 i8042prt - ok
20:23:45.0984 4336 ialm (d705558b6a678e894c5c67430eef67a2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:23:46.0062 4336 ialm - ok
20:23:46.0218 4336 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:23:46.0234 4336 IDriverT - ok
20:23:46.0406 4336 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:23:46.0484 4336 idsvc - ok
20:23:46.0593 4336 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:23:46.0593 4336 Imapi - ok
20:23:46.0640 4336 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:23:46.0671 4336 ImapiService - ok
20:23:46.0687 4336 ini910u - ok
20:23:46.0750 4336 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:23:46.0750 4336 IntelIde - ok
20:23:46.0796 4336 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:23:46.0812 4336 intelppm - ok
20:23:46.0843 4336 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:23:46.0843 4336 Ip6Fw - ok
20:23:46.0875 4336 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:23:46.0875 4336 IpFilterDriver - ok
20:23:46.0890 4336 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:23:46.0890 4336 IpInIp - ok
20:23:46.0937 4336 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:23:46.0953 4336 IpNat - ok
20:23:47.0015 4336 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:23:47.0015 4336 IPSec - ok
20:23:47.0046 4336 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
20:23:47.0062 4336 irda - ok
20:23:47.0109 4336 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:23:47.0109 4336 IRENUM - ok
20:23:47.0125 4336 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
20:23:47.0125 4336 Irmon - ok
20:23:47.0187 4336 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:23:47.0187 4336 isapnp - ok
20:23:47.0359 4336 JavaQuickStarterService (511ab23a292497f2c527eee5775b0bfe) C:\Program Files\Java\jre6\bin\jqs.exe
20:23:47.0375 4336 JavaQuickStarterService - ok
20:23:47.0437 4336 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:23:47.0437 4336 Kbdclass - ok
20:23:47.0453 4336 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:23:47.0468 4336 kbdhid - ok
20:23:47.0515 4336 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:23:47.0546 4336 kmixer - ok
20:23:47.0593 4336 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:23:47.0609 4336 KSecDD - ok
20:23:47.0640 4336 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:23:47.0671 4336 LanmanServer - ok
20:23:47.0734 4336 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:23:47.0750 4336 lanmanworkstation - ok
20:23:47.0765 4336 lbrtfdc - ok
20:23:47.0859 4336 LightScribeService (00944d59948596721d17510c94cd3e4f) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:23:47.0859 4336 LightScribeService - ok
20:23:47.0906 4336 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:23:47.0906 4336 LmHosts - ok
20:23:47.0953 4336 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
20:23:47.0953 4336 MBAMProtector - ok
20:23:48.0062 4336 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:23:48.0125 4336 MBAMService - ok
20:23:48.0203 4336 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:23:48.0234 4336 MDM - ok
20:23:48.0281 4336 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:23:48.0281 4336 mdmxsdk - ok
20:23:48.0343 4336 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:23:48.0343 4336 Messenger - ok
20:23:48.0390 4336 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:23:48.0390 4336 mnmdd - ok
20:23:48.0437 4336 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:23:48.0453 4336 mnmsrvc - ok
20:23:48.0484 4336 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:23:48.0484 4336 Modem - ok
20:23:48.0515 4336 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:23:48.0515 4336 Mouclass - ok
20:23:48.0562 4336 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:23:48.0562 4336 mouhid - ok
20:23:48.0578 4336 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:23:48.0578 4336 MountMgr - ok
20:23:48.0593 4336 mraid35x - ok
20:23:48.0671 4336 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:23:48.0671 4336 MRxDAV - ok
20:23:48.0765 4336 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:23:48.0796 4336 MRxSmb - ok
20:23:48.0828 4336 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:23:48.0828 4336 MSDTC - ok
20:23:48.0859 4336 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:23:48.0859 4336 Msfs - ok
20:23:48.0875 4336 MSIServer - ok
20:23:48.0921 4336 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:23:48.0921 4336 MSKSSRV - ok
20:23:48.0953 4336 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:23:48.0953 4336 MSPCLOCK - ok
20:23:48.0984 4336 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:23:48.0984 4336 MSPQM - ok
20:23:49.0015 4336 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:23:49.0015 4336 mssmbios - ok
20:23:49.0078 4336 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:23:49.0093 4336 Mup - ok
20:23:49.0140 4336 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:23:49.0171 4336 napagent - ok
20:23:49.0218 4336 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:23:49.0234 4336 NDIS - ok
20:23:49.0296 4336 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:23:49.0296 4336 NdisTapi - ok
20:23:49.0359 4336 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:23:49.0359 4336 Ndisuio - ok
20:23:49.0406 4336 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:23:49.0406 4336 NdisWan - ok
20:23:49.0468 4336 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:23:49.0468 4336 NDProxy - ok
20:23:49.0484 4336 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:23:49.0484 4336 NetBIOS - ok
20:23:49.0515 4336 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:23:49.0531 4336 NetBT - ok
20:23:49.0578 4336 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:23:49.0609 4336 NetDDE - ok
20:23:49.0609 4336 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:23:49.0625 4336 NetDDEdsdm - ok
20:23:49.0671 4336 NetillaVPN (a84ae956ac7f9e493cac07ef98c1a3d1) C:\WINDOWS\system32\DRIVERS\Netva.sys
20:23:49.0671 4336 NetillaVPN - ok
20:23:49.0812 4336 NetillaVPNService (d5480f358c8781f46136df8c669b0d7a) C:\Program Files\AEP\SSLTunnel\nvpns.exe
20:23:49.0859 4336 NetillaVPNService - ok
20:23:49.0906 4336 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:23:49.0906 4336 Netlogon - ok
20:23:49.0937 4336 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:23:49.0968 4336 Netman - ok
20:23:50.0109 4336 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:23:50.0125 4336 NetTcpPortSharing - ok
20:23:50.0203 4336 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:23:50.0218 4336 Nla - ok
20:23:50.0250 4336 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:23:50.0250 4336 Npfs - ok
20:23:50.0390 4336 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:23:50.0437 4336 Ntfs - ok
20:23:50.0453 4336 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:23:50.0453 4336 NtLmSsp - ok
20:23:50.0515 4336 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:23:50.0562 4336 NtmsSvc - ok
20:23:50.0593 4336 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:23:50.0593 4336 Null - ok
20:23:50.0656 4336 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:23:50.0656 4336 NwlnkFlt - ok
20:23:50.0671 4336 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:23:50.0671 4336 NwlnkFwd - ok
20:23:50.0765 4336 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:23:50.0781 4336 ose - ok
20:23:50.0828 4336 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:23:50.0843 4336 Parport - ok
20:23:50.0859 4336 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:23:50.0859 4336 PartMgr - ok
20:23:50.0875 4336 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:23:50.0875 4336 ParVdm - ok
20:23:50.0906 4336 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:23:50.0921 4336 PCI - ok
20:23:50.0921 4336 PCIDump - ok
20:23:50.0968 4336 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:23:50.0968 4336 PCIIde - ok
20:23:51.0000 4336 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:23:51.0000 4336 Pcmcia - ok
20:23:51.0015 4336 PDCOMP - ok
20:23:51.0031 4336 PDFRAME - ok
20:23:51.0031 4336 PDRELI - ok
20:23:51.0046 4336 PDRFRAME - ok
20:23:51.0062 4336 perc2 - ok
20:23:51.0078 4336 perc2hib - ok
20:23:51.0140 4336 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:23:51.0140 4336 PlugPlay - ok
20:23:51.0156 4336 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:23:51.0156 4336 PolicyAgent - ok
20:23:51.0187 4336 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:23:51.0187 4336 PptpMiniport - ok
20:23:51.0203 4336 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:23:51.0203 4336 ProtectedStorage - ok
20:23:51.0218 4336 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:23:51.0218 4336 PSched - ok
20:23:51.0234 4336 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:23:51.0234 4336 Ptilink - ok
20:23:51.0250 4336 ql1080 - ok
20:23:51.0250 4336 Ql10wnt - ok
20:23:51.0265 4336 ql12160 - ok
20:23:51.0281 4336 ql1240 - ok
20:23:51.0296 4336 ql1280 - ok
20:23:51.0328 4336 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:23:51.0328 4336 RasAcd - ok
20:23:51.0375 4336 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:23:51.0375 4336 RasAuto - ok
20:23:51.0421 4336 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
20:23:51.0421 4336 Rasirda - ok
20:23:51.0468 4336 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:23:51.0468 4336 Rasl2tp - ok
20:23:51.0515 4336 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:23:51.0531 4336 RasMan - ok
20:23:51.0546 4336 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:23:51.0562 4336 RasPppoe - ok
20:23:51.0593 4336 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:23:51.0593 4336 Raspti - ok
20:23:51.0625 4336 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:23:51.0640 4336 Rdbss - ok
20:23:51.0656 4336 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:23:51.0656 4336 RDPCDD - ok
20:23:51.0718 4336 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:23:51.0734 4336 rdpdr - ok
20:23:51.0781 4336 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
20:23:51.0796 4336 RDPWD - ok
20:23:51.0843 4336 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:23:51.0859 4336 RDSessMgr - ok
20:23:51.0890 4336 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:23:51.0890 4336 redbook - ok
20:23:52.0078 4336 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
20:23:52.0109 4336 RegSrvc - ok
20:23:52.0156 4336 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:23:52.0171 4336 RemoteAccess - ok
20:23:52.0218 4336 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:23:52.0218 4336 RemoteRegistry - ok
20:23:52.0265 4336 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:23:52.0265 4336 RpcLocator - ok
20:23:52.0343 4336 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:23:52.0343 4336 RpcSs - ok
20:23:52.0406 4336 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:23:52.0421 4336 RSVP - ok
20:23:52.0531 4336 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
20:23:52.0593 4336 S24EventMonitor - ok
20:23:52.0656 4336 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:23:52.0656 4336 s24trans - ok
20:23:52.0703 4336 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:23:52.0718 4336 SamSs - ok
20:23:52.0796 4336 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:23:52.0796 4336 SASDIFSV - ok
20:23:52.0812 4336 SAS***IL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS
20:23:52.0828 4336 SAS***IL - ok
20:23:52.0875 4336 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:23:52.0890 4336 SCardSvr - ok
20:23:52.0968 4336 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:23:52.0984 4336 Schedule - ok
20:23:53.0015 4336 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:23:53.0015 4336 Secdrv - ok
20:23:53.0078 4336 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:23:53.0078 4336 seclogon - ok
20:23:53.0093 4336 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:23:53.0093 4336 SENS - ok
20:23:53.0156 4336 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:23:53.0156 4336 serenum - ok
20:23:53.0171 4336 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:23:53.0171 4336 Serial - ok
20:23:53.0234 4336 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:23:53.0234 4336 Sfloppy - ok
20:23:53.0312 4336 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:23:53.0343 4336 SharedAccess - ok
20:23:53.0406 4336 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:23:53.0421 4336 ShellHWDetection - ok
20:23:53.0421 4336 Simbad - ok
20:23:53.0468 4336 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
20:23:53.0468 4336 SMCIRDA - ok
20:23:53.0484 4336 Sparrow - ok
20:23:53.0531 4336 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:23:53.0531 4336 splitter - ok
20:23:53.0593 4336 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:23:53.0609 4336 Spooler - ok
20:23:53.0656 4336 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:23:53.0656 4336 sr - ok
20:23:53.0687 4336 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:23:53.0718 4336 srservice - ok
20:23:53.0781 4336 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:23:53.0781 4336 Srv - ok
20:23:53.0828 4336 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:23:53.0828 4336 SSDPSRV - ok
20:23:53.0906 4336 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
20:23:53.0921 4336 STAC97 - ok
20:23:54.0015 4336 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:23:54.0031 4336 stisvc - ok
20:23:54.0093 4336 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:23:54.0093 4336 swenum - ok
20:23:54.0140 4336 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:23:54.0140 4336 swmidi - ok
20:23:54.0156 4336 SwPrv - ok
20:23:54.0171 4336 symc810 - ok
20:23:54.0187 4336 symc8xx - ok
20:23:54.0187 4336 sym_hi - ok
20:23:54.0203 4336 sym_u3 - ok
20:23:54.0234 4336 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:23:54.0250 4336 sysaudio - ok
20:23:54.0296 4336 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:23:54.0312 4336 SysmonLog - ok
20:23:54.0375 4336 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:23:54.0390 4336 TapiSrv - ok
20:23:54.0500 4336 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:23:54.0515 4336 Tcpip - ok
20:23:54.0578 4336 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:23:54.0578 4336 TDPIPE - ok
20:23:54.0609 4336 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:23:54.0609 4336 TDTCP - ok
20:23:54.0671 4336 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:23:54.0671 4336 TermDD - ok
20:23:54.0750 4336 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:23:54.0750 4336 TermService - ok
20:23:54.0781 4336 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:23:54.0796 4336 Themes - ok
20:23:54.0843 4336 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:23:54.0843 4336 TlntSvr - ok
20:23:54.0859 4336 TosIde - ok
20:23:54.0921 4336 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:23:54.0953 4336 TrkWks - ok
20:23:54.0984 4336 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:23:54.0984 4336 Udfs - ok
20:23:55.0000 4336 UIUSys - ok
20:23:55.0015 4336 ultra - ok
20:23:55.0093 4336 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:23:55.0125 4336 Update - ok
20:23:55.0171 4336 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:23:55.0187 4336 upnphost - ok
20:23:55.0218 4336 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:23:55.0218 4336 UPS - ok
20:23:55.0265 4336 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:23:55.0265 4336 usbccgp - ok
20:23:55.0296 4336 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:23:55.0312 4336 usbehci - ok
20:23:55.0328 4336 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:23:55.0343 4336 usbhub - ok
20:23:55.0359 4336 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:23:55.0359 4336 usbprint - ok
20:23:55.0390 4336 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:23:55.0390 4336 usbscan - ok
20:23:55.0437 4336 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:23:55.0453 4336 USBSTOR - ok
20:23:55.0468 4336 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:23:55.0468 4336 usbuhci - ok
20:23:55.0531 4336 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:23:55.0531 4336 VgaSave - ok
20:23:55.0546 4336 ViaIde - ok
20:23:55.0578 4336 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:23:55.0578 4336 VolSnap - ok
20:23:55.0640 4336 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:23:55.0656 4336 VSS - ok
20:23:55.0875 4336 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
20:23:56.0031 4336 w29n51 - ok
20:23:56.0187 4336 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:23:56.0203 4336 W32Time - ok
20:23:56.0265 4336 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:23:56.0265 4336 Wanarp - ok
20:23:56.0312 4336 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
20:23:56.0328 4336 wceusbsh - ok
20:23:56.0328 4336 WDICA - ok
20:23:56.0390 4336 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:23:56.0390 4336 wdmaud - ok
20:23:56.0421 4336 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:23:56.0437 4336 WebClient - ok
20:23:56.0546 4336 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:23:56.0593 4336 winachsf - ok
20:23:56.0703 4336 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:23:56.0734 4336 winmgmt - ok
20:23:56.0953 4336 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
20:23:56.0984 4336 WLANKEEPER - ok
20:23:57.0046 4336 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
20:23:57.0046 4336 WmdmPmSN - ok
20:23:57.0125 4336 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:23:57.0187 4336 Wmi - ok
20:23:57.0234 4336 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:23:57.0250 4336 WmiApSrv - ok
20:23:57.0343 4336 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:23:57.0343 4336 WS2IFSL - ok
20:23:57.0406 4336 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:23:57.0406 4336 wscsvc - ok
20:23:57.0453 4336 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:23:57.0484 4336 wuauserv - ok
20:23:57.0562 4336 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:23:57.0593 4336 WZCSVC - ok
20:23:57.0609 4336 xcpip - ok
20:23:57.0656 4336 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:23:57.0671 4336 xmlprov - ok
20:23:57.0687 4336 xpsec - ok
20:23:57.0734 4336 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:23:58.0546 4336 \Device\Harddisk0\DR0 - ok
20:23:58.0562 4336 Boot (0x1200) (91d123cdc670794bbef41be835648a46) \Device\Harddisk0\DR0\Partition0
20:23:58.0562 4336 \Device\Harddisk0\DR0\Partition0 - ok
20:23:58.0562 4336 ============================================================
20:23:58.0562 4336 Scan finished
20:23:58.0562 4336 ============================================================
20:23:58.0578 4224 Detected object count: 0
20:23:58.0578 4224 Actual detected object count: 0
20:25:09.0156 4500 Deinitialize success
AVG-scan:
"";"C:\WINDOWS\system32\winlogon.exe (1160)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (672)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (448)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (3740)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (3124)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (1776)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (1696)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (1436)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\services.exe (1208)";"Trojan horse PSW.Agent.AUES";"Deleted"
"";"C:\WINDOWS\system32\igfxpers.exe (3708)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\hkcmd.exe (3700)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\alg.exe (3088)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\explorer.exe (5016)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (1872)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (1508)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (1284)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Java\jre6\bin\jusched.exe (3968)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Java\jre6\bin\jqs.exe (2488)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3784)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (468)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (328)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2972)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3816)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1900)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (5588)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (2924)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (4076)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (480)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\AVG\AVG2012\avgtray.exe (1936)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (3288)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3920)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\winlogon.exe (1160):\memory_00ff0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (672):\memory_00930000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (672):\memory_008a0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (448):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (448):\memory_00af0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (3740):\memory_00b50000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (3740):\memory_00ac0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (3124):\memory_00c00000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (3124):\memory_00b70000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1776):\memory_00a90000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1776):\memory_00a10000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1696):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1696):\memory_00af0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1436):\memory_00a90000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1436):\memory_00640000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\services.exe (1208):\memory_009c0000";"Trojan horse PSW.Agent.AUES";"Infected"
"";"C:\WINDOWS\system32\igfxpers.exe (3708):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\hkcmd.exe (3700):\memory_00cd0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\alg.exe (3088):\memory_00aa0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\explorer.exe (5016):\memory_00e10000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\explorer.exe (5016):\memory_00d80000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (1872):\memory_00f50000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (1508):\memory_05cf0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (1284):\memory_01230000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Java\jre6\bin\jusched.exe (3968):\memory_00b20000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Java\jre6\bin\jqs.exe (2488):\memory_010d0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3784):\memory_010b0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (468):\memory_01a50000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (328):\memory_01400000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2972):\memory_006a0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3816):\memory_00f70000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1900):\memory_01490000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (5588):\memory_00e90000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (2924):\memory_008f0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (4076):\memory_00da0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (480):\memory_023d0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\AVG\AVG2012\avgtray.exe (1936):\memory_01aa0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (3288):\memory_01c70000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3920):\memory_008d0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\drivers\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)"
-
ä2scan + resultaten van avg-scan die daana is uitgevoerd. Lijkt een hardnekkig probleem.
Emsisoft Emergency Kit - Versie 2.0
Laatste Update: 11-8-2012 23:39:57
Scaninstellingen:
Scantype: Diepe scan
Objecten: Rootkits, Geheugen, Sporen, C:\
Scan archieven: Aan
ADS Scan: Aan
Scan gestart: 11-8-2012 23:40:27
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_9d64955df7c56982_.sys.zip -> 9d64955df7c56982.sys.1 Ontdekt: Trojan.WinNT.Necurs!E2
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_9d64955df7c56982_.sys.zip -> 9d64955df7c56982.sys Ontdekt: Trojan.WinNT.Necurs!E2
C:\Program Files\AEP\SSLTunnel\InstallVPN.exe Ontdekt: Trojan.Agent!E2
C:\Documents and Settings\Mirjam\Application Data\Sun\Java\Deployment\cache\6.0\31\2b3c0d1f-65222a6f -> rula\rulc.class Ontdekt: Exploit.Java.Blacole!E2
C:\Documents and Settings\Mirjam\Application Data\Sun\Java\Deployment\cache\6.0\31\2b3c0d1f-65222a6f -> rula\rulb.class Ontdekt: Exploit.Java.Blacole!E2
C:\Documents and Settings\Mirjam\Application Data\Sun\Java\Deployment\cache\6.0\31\2b3c0d1f-65222a6f -> rula\ruld.class Ontdekt: Exploit.Java.CVE-2012!E2
C:\Documents and Settings\Mirjam\Application Data\Sun\Java\Deployment\cache\6.0\31\2b3c0d1f-65222a6f -> rula\rula.class Ontdekt: Exploit.Java.Blacole!E2
Gescand 532251
Gevonden 7
Scan geëindigd: 12-8-2012 1:32:07
Scantijd: 1:51:40
C:\Documents and Settings\Mirjam\Application Data\Sun\Java\Deployment\cache\6.0\31\2b3c0d1f-65222a6f -> rula\ruld.class Verwijderd Exploit.Java.CVE-2012!E2
C:\Program Files\AEP\SSLTunnel\InstallVPN.exe Verwijderd Trojan.Agent!E2
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_9d64955df7c56982_.sys.zip -> 9d64955df7c56982.sys.1 Verwijderd Trojan.WinNT.Necurs!E2
Verwijderd 3
AVG-Scan
"";"C:\WINDOWS\system32\winlogon.exe (1164)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (836)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (668)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (3988)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (2264)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (1796)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (1756)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (1460)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\services.exe (1212)";"Trojan horse PSW.Agent.AUES";"Deleted"
"";"C:\WINDOWS\system32\igfxpers.exe (3524)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\hkcmd.exe (3504)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\alg.exe (3164)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\explorer.exe (152)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3744)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (3672)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3736)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (1608)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Java\jre6\bin\jusched.exe (3652)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3540)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (492)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (420)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2120)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3556)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1940)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (2320)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3692)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (4052)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3640)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\winlogon.exe (1164):\memory_00ff0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (836):\memory_00b60000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (836):\memory_00ae0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (668):\memory_00930000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (668):\memory_008a0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (3988):\memory_00b50000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (3988):\memory_00ac0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (2264):\memory_00c00000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (2264):\memory_00b70000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1796):\memory_00ad0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1796):\memory_00a10000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1756):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1756):\memory_00af0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1460):\memory_00a90000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1460):\memory_00640000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\services.exe (1212):\memory_00aa0000";"Trojan horse PSW.Agent.AUES";"Infected"
"";"C:\WINDOWS\system32\igfxpers.exe (3524):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\hkcmd.exe (3504):\memory_00cd0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\alg.exe (3164):\memory_00a60000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\explorer.exe (152):\memory_01730000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\explorer.exe (152):\memory_00ff0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3744):\memory_05cf0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (3672):\memory_01670000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3736):\memory_01280000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (1608):\memory_01310000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Java\jre6\bin\jusched.exe (3652):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3540):\memory_010c0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (492):\memory_01a50000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (420):\memory_01400000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2120):\memory_006a0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3556):\memory_00fc0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1940):\memory_01890000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (2320):\memory_067d0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3692):\memory_00da0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (4052):\memory_02400000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3640):\memory_008d0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"HKLM\SYSTEM\CurrentControlSet\services\atapi";"Found registry key with reference to infected file C:\WINDOWS\system32\DRIVERS\atapi.sys";"Moved to Virus Vault"
"";"C:\WINDOWS\system32\DRIVERS\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\drivers\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)"
-
resultaten combofix en aansluitend avg-scan:
ComboFix 12-08-09.01 - Mirjam 10-08-2012 10:12:59.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.598 [GMT 2:00]
Running from: c:\documents and settings\Mirjam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mirjam\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\drivers\rxr1z_.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RXR1Z_.SYS
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-06 22:59 . 2012-08-06 22:59 -------- d-----w- c:\documents and settings\Mirjam\Application Data\SUPERAntiSpyware.com
2012-08-06 22:58 . 2012-08-07 09:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-06 22:58 . 2012-08-06 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-08-06 22:57 . 2012-08-06 22:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-06 21:05 . 2012-08-06 21:05 388096 ----a-r- c:\documents and settings\Mirjam\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-06 21:05 . 2012-08-06 21:05 -------- d-----w- c:\program files\Trend Micro
2012-08-03 11:51 . 2012-08-03 11:51 54016 ----a-w- c:\windows\system32\drivers\ixodm.sys
2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\Mirjam\Application Data\Malwarebytes
2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-02 22:31 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-02 21:08 . 2012-08-03 08:06 -------- d-----w- c:\documents and settings\Mirjam\Application Data\eType
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 22:25 . 2012-03-29 19:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 22:25 . 2011-07-31 21:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-10-16 13:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-01-28 08:57 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-01-28 08:57 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-01-28 08:57 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-01-28 08:57 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-01-28 08:57 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-10-16 13:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-01-28 08:57 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-01-28 08:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2010-10-13 17:07 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-10-13 17:07 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-10-13 17:07 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((( SnapShot@2012-08-02_23.19.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-15 21:15 . 2012-08-07 09:12 1137132 c:\windows\system32\Restore\rstrlog.dat
+ 2012-08-06 21:05 . 2012-08-06 21:05 1094656 c:\windows\Installer\5f2a31.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DVDTray"="c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 148888]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Mirjam\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 1:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11-7-2011 1:13 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22-7-2011 18:27 12880]
R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [12-7-2011 23:55 67664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 7:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 6:09 192776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3-8-2012 0:31 655944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 1:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 1:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11-7-2011 1:14 16720]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [3-5-2004 17:26 80384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3-8-2012 0:31 22344]
R3 NetillaVPN;AEP VPN Adapter;c:\windows\system32\drivers\Netva.sys [12-8-2008 13:08 10112]
S0 cerc6;cerc6; [x]
S2 gupdate1c9a6233ac2f8f8;Google Updateservice (gupdate1c9a6233ac2f8f8);c:\program files\Google\Update\GoogleUpdate.exe [16-3-2009 12:37 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29-3-2012 21:52 250056]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys [?]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16-3-2009 12:37 133104]
S3 NetillaVPNService;AEP SSL Tunnel Helper Service;c:\program files\AEP\SSLTunnel\NVPNs.exe [12-8-2008 13:08 13824]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 22:25]
.
2012-08-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 21:09]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37]
.
2012-08-10 c:\windows\Tasks\User_Feed_Synchronization-{04FCF37C-6942-4AD6-8098-20AD25E9506F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nu.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
TCP: DhcpNameServer = 192.168.1.254 192.168.0.1
DPF: {37066585-F2BD-4F2E-A6C6-F2CB64EEE826} - hxxps://aloa.arcadis.nl/webapp/psvpns/VPNInstall.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-10 10:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1384)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(5636)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\System32\SCardSvr.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2012-08-10 10:33:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-10 08:33
ComboFix2.txt 2012-08-08 20:44
ComboFix3.txt 2012-08-07 11:29
ComboFix4.txt 2012-08-02 23:35
.
Pre-Run: 14.616.731.648 bytes free
Post-Run: 14.608.093.184 bytes free
.
- - End Of File - - EBC33F07298740C8452635919F0546B6
"";"C:\WINDOWS\system32\wuauclt.exe (1568):\memory_027e0000";"Trojan horse PSW.Agent.ASJX";"Object is inaccessible."
"";"C:\WINDOWS\system32\wuauclt.exe (1568)";"Trojan horse PSW.Agent.ASJX";""
"";"C:\WINDOWS\system32\winlogon.exe (1384)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (3304)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (1772)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (1628)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\services.exe (1432)";"Trojan horse PSW.Agent.AUES";"Deleted"
"";"C:\WINDOWS\system32\igfxpers.exe (3644)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\hkcmd.exe (3636)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\explorer.exe (5636)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (452)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3848)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3832)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Java\jre6\bin\jusched.exe (3708)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3652)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (504)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (356)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (3156)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3672)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1912)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (4128)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3776)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (2604)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\AVG\AVG2012\avgui.exe (5920)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (3548)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3692)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\winlogon.exe (1384):\memory_00c40000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (3304):\memory_00c00000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (3304):\memory_00b70000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1772):\memory_00ad0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1772):\memory_00a50000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1628):\memory_00ae0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1628):\memory_00a60000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\services.exe (1432):\memory_006a0000";"Trojan horse PSW.Agent.AUES";"Infected"
"";"C:\WINDOWS\system32\igfxpers.exe (3644):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\hkcmd.exe (3636):\memory_00cd0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\explorer.exe (5636):\memory_00ed0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\explorer.exe (5636):\memory_00e40000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (452):\memory_00f50000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3848):\memory_05cf0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3832):\memory_01230000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Java\jre6\bin\jusched.exe (3708):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3652):\memory_02230000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (504):\memory_06980000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (356):\memory_01400000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (3156):\memory_006a0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3672):\memory_06c30000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1912):\memory_00fb0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (4128):\memory_00e90000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3776):\memory_01e20000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (2604):\memory_023d0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\AVG\AVG2012\avgui.exe (5920):\memory_025f0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (3548):\memory_01c70000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3692):\memory_00900000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"HKLM\SYSTEM\CurrentControlSet\services\atapi";"Found registry key with reference to infected file C:\WINDOWS\system32\DRIVERS\atapi.sys";"Healed"
"";"C:\WINDOWS\system32\DRIVERS\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)"
-
09:17:12.0625 3980 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:17:13.0062 3980 ============================================================
09:17:13.0062 3980 Current date / time: 2012/08/10 09:17:13.0062
09:17:13.0062 3980 SystemInfo:
09:17:13.0062 3980
09:17:13.0062 3980 OS Version: 5.1.2600 ServicePack: 3.0
09:17:13.0062 3980 Product type: Workstation
09:17:13.0062 3980 ComputerName: MIRJAM-303AF4B9
09:17:13.0062 3980 UserName: Mirjam
09:17:13.0062 3980 Windows directory: C:\WINDOWS
09:17:13.0062 3980 System windows directory: C:\WINDOWS
09:17:13.0062 3980 Processor architecture: Intel x86
09:17:13.0062 3980 Number of processors: 1
09:17:13.0062 3980 Page size: 0x1000
09:17:13.0062 3980 Boot type: Normal boot
09:17:13.0062 3980 ============================================================
09:17:17.0171 3980 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020
09:17:17.0171 3980 ============================================================
09:17:17.0171 3980 \Device\Harddisk0\DR0:
09:17:17.0171 3980 MBR partitions:
09:17:17.0171 3980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A84E60
09:17:17.0171 3980 ============================================================
09:17:17.0328 3980 C: <-> \Device\Harddisk0\DR0\Partition0
09:17:17.0328 3980 ============================================================
09:17:17.0328 3980 Initialize success
09:17:17.0328 3980 ============================================================
09:17:33.0593 5496 ============================================================
09:17:33.0593 5496 Scan started
09:17:33.0593 5496 Mode: Manual;
09:17:33.0593 5496 ============================================================
09:17:34.0125 5496 Abiosdsk - ok
09:17:34.0140 5496 abp480n5 - ok
09:17:34.0171 5496 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:17:34.0187 5496 ACPI - ok
09:17:34.0234 5496 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:17:34.0234 5496 ACPIEC - ok
09:17:34.0343 5496 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
09:17:34.0359 5496 Adobe LM Service - ok
09:17:34.0468 5496 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:17:34.0500 5496 AdobeFlashPlayerUpdateSvc - ok
09:17:34.0515 5496 adpu160m - ok
09:17:34.0578 5496 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:17:34.0593 5496 aec - ok
09:17:34.0656 5496 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:17:34.0671 5496 AegisP - ok
09:17:34.0734 5496 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:17:34.0750 5496 AFD - ok
09:17:34.0765 5496 Aha154x - ok
09:17:34.0765 5496 aic78u2 - ok
09:17:34.0781 5496 aic78xx - ok
09:17:34.0828 5496 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:17:34.0828 5496 Alerter - ok
09:17:34.0875 5496 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:17:34.0875 5496 ALG - ok
09:17:34.0890 5496 AliIde - ok
09:17:34.0890 5496 amsint - ok
09:17:34.0953 5496 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:17:34.0968 5496 AppMgmt - ok
09:17:34.0984 5496 asc - ok
09:17:34.0984 5496 asc3350p - ok
09:17:35.0000 5496 asc3550 - ok
09:17:35.0171 5496 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:17:35.0218 5496 aspnet_state - ok
09:17:35.0234 5496 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:17:35.0234 5496 AsyncMac - ok
09:17:35.0296 5496 atapi (4bd052a6bf351b00b87d2c18fa7fa9cb) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:17:35.0312 5496 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\atapi.sys. Real md5: 4bd052a6bf351b00b87d2c18fa7fa9cb, Fake md5: 43769e974a1c5105171652f38e6cb8e2
09:17:35.0312 5496 atapi ( ForgedFile.Multi.Generic ) - warning
09:17:35.0312 5496 atapi - detected ForgedFile.Multi.Generic (1)
09:17:35.0328 5496 Atdisk - ok
09:17:35.0359 5496 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:17:35.0359 5496 Atmarpc - ok
09:17:35.0421 5496 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:17:35.0421 5496 AudioSrv - ok
09:17:35.0484 5496 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:17:35.0484 5496 audstub - ok
09:17:35.0890 5496 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
09:17:36.0156 5496 AVGIDSAgent - ok
09:17:36.0312 5496 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
09:17:36.0328 5496 AVGIDSDriver - ok
09:17:36.0343 5496 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
09:17:36.0359 5496 AVGIDSEH - ok
09:17:36.0375 5496 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
09:17:36.0390 5496 AVGIDSFilter - ok
09:17:36.0406 5496 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
09:17:36.0406 5496 AVGIDSShim - ok
09:17:36.0437 5496 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:17:36.0453 5496 Avgldx86 - ok
09:17:36.0468 5496 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:17:36.0468 5496 Avgmfx86 - ok
09:17:36.0531 5496 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:17:36.0531 5496 Avgrkx86 - ok
09:17:36.0625 5496 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:17:36.0656 5496 Avgtdix - ok
09:17:36.0796 5496 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:17:36.0796 5496 avgwd - ok
09:17:36.0859 5496 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:17:36.0859 5496 b57w2k - ok
09:17:36.0921 5496 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:17:36.0921 5496 Beep - ok
09:17:37.0000 5496 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:17:37.0031 5496 BITS - ok
09:17:37.0078 5496 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:17:37.0078 5496 Browser - ok
09:17:37.0093 5496 catchme - ok
09:17:37.0109 5496 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:17:37.0109 5496 cbidf2k - ok
09:17:37.0125 5496 cd20xrnt - ok
09:17:37.0156 5496 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:17:37.0156 5496 Cdaudio - ok
09:17:37.0218 5496 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:17:37.0218 5496 Cdfs - ok
09:17:37.0265 5496 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:17:37.0281 5496 Cdrom - ok
09:17:37.0296 5496 cerc6 - ok
09:17:37.0421 5496 CFcatchme - ok
09:17:37.0437 5496 Changer - ok
09:17:37.0468 5496 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:17:37.0468 5496 CiSvc - ok
09:17:37.0484 5496 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:17:37.0500 5496 ClipSrv - ok
09:17:37.0593 5496 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:17:37.0671 5496 clr_optimization_v2.0.50727_32 - ok
09:17:37.0734 5496 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:17:37.0734 5496 CmBatt - ok
09:17:37.0750 5496 CmdIde - ok
09:17:37.0796 5496 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:17:37.0796 5496 Compbatt - ok
09:17:37.0812 5496 COMSysApp - ok
09:17:37.0843 5496 Cpqarray - ok
09:17:37.0875 5496 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:17:37.0875 5496 CryptSvc - ok
09:17:37.0890 5496 dac2w2k - ok
09:17:37.0906 5496 dac960nt - ok
09:17:37.0984 5496 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:17:37.0984 5496 DcomLaunch - ok
09:17:38.0046 5496 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:17:38.0062 5496 Dhcp - ok
09:17:38.0093 5496 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:17:38.0093 5496 Disk - ok
09:17:38.0093 5496 dmadmin - ok
09:17:38.0187 5496 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:17:38.0250 5496 dmboot - ok
09:17:38.0281 5496 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:17:38.0296 5496 dmio - ok
09:17:38.0312 5496 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:17:38.0328 5496 dmload - ok
09:17:38.0390 5496 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:17:38.0453 5496 dmserver - ok
09:17:38.0546 5496 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:17:38.0546 5496 DMusic - ok
09:17:38.0609 5496 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:17:38.0609 5496 Dnscache - ok
09:17:38.0656 5496 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:17:38.0671 5496 Dot3svc - ok
09:17:38.0671 5496 dpti2o - ok
09:17:38.0718 5496 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:17:38.0734 5496 drmkaud - ok
09:17:38.0781 5496 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:17:38.0796 5496 EapHost - ok
09:17:38.0828 5496 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:17:38.0828 5496 ERSvc - ok
09:17:38.0890 5496 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:17:38.0906 5496 Eventlog - ok
09:17:38.0984 5496 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:17:39.0000 5496 EventSystem - ok
09:17:39.0203 5496 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
09:17:39.0250 5496 EvtEng - ok
09:17:39.0312 5496 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:17:39.0343 5496 Fastfat - ok
09:17:39.0406 5496 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:17:39.0421 5496 FastUserSwitchingCompatibility - ok
09:17:39.0468 5496 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:17:39.0468 5496 Fdc - ok
09:17:39.0484 5496 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:17:39.0484 5496 Fips - ok
09:17:39.0500 5496 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:17:39.0500 5496 Flpydisk - ok
09:17:39.0578 5496 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:17:39.0593 5496 FltMgr - ok
09:17:39.0734 5496 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:17:39.0734 5496 FontCache3.0.0.0 - ok
09:17:39.0765 5496 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:17:39.0765 5496 Fs_Rec - ok
09:17:39.0812 5496 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:17:39.0859 5496 Ftdisk - ok
09:17:39.0906 5496 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:17:39.0906 5496 Gpc - ok
09:17:39.0968 5496 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
09:17:39.0968 5496 GTIPCI21 - ok
09:17:40.0125 5496 gupdate1c9a6233ac2f8f8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
09:17:40.0140 5496 gupdate1c9a6233ac2f8f8 - ok
09:17:40.0156 5496 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
09:17:40.0156 5496 gupdatem - ok
09:17:40.0218 5496 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:17:40.0234 5496 gusvc - ok
09:17:40.0312 5496 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:17:40.0312 5496 helpsvc - ok
09:17:40.0359 5496 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:17:40.0359 5496 HidServ - ok
09:17:40.0421 5496 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:17:40.0421 5496 hidusb - ok
09:17:40.0468 5496 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:17:40.0468 5496 hkmsvc - ok
09:17:40.0484 5496 hpn - ok
09:17:40.0546 5496 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
09:17:40.0562 5496 HSFHWICH - ok
09:17:40.0656 5496 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:17:40.0734 5496 HSF_DP - ok
09:17:40.0796 5496 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:17:40.0828 5496 HTTP - ok
09:17:40.0875 5496 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:17:40.0890 5496 HTTPFilter - ok
09:17:40.0906 5496 i2omgmt - ok
09:17:40.0937 5496 i2omp - ok
09:17:40.0984 5496 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:17:40.0984 5496 i8042prt - ok
09:17:41.0093 5496 ialm (d705558b6a678e894c5c67430eef67a2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:17:41.0171 5496 ialm - ok
09:17:41.0328 5496 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:17:41.0328 5496 IDriverT - ok
09:17:41.0515 5496 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:17:41.0578 5496 idsvc - ok
09:17:41.0687 5496 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:17:41.0687 5496 Imapi - ok
09:17:41.0765 5496 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:17:41.0781 5496 ImapiService - ok
09:17:41.0796 5496 ini910u - ok
09:17:41.0859 5496 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:17:41.0859 5496 IntelIde - ok
09:17:41.0921 5496 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:17:41.0921 5496 intelppm - ok
09:17:41.0953 5496 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:17:41.0953 5496 Ip6Fw - ok
09:17:42.0000 5496 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:17:42.0000 5496 IpFilterDriver - ok
09:17:42.0031 5496 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:17:42.0031 5496 IpInIp - ok
09:17:42.0093 5496 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:17:42.0109 5496 IpNat - ok
09:17:42.0156 5496 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:17:42.0171 5496 IPSec - ok
09:17:42.0187 5496 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
09:17:42.0187 5496 irda - ok
09:17:42.0234 5496 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:17:42.0250 5496 IRENUM - ok
09:17:42.0265 5496 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
09:17:42.0265 5496 Irmon - ok
09:17:42.0328 5496 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:17:42.0328 5496 isapnp - ok
09:17:42.0484 5496 JavaQuickStarterService (511ab23a292497f2c527eee5775b0bfe) C:\Program Files\Java\jre6\bin\jqs.exe
09:17:42.0500 5496 JavaQuickStarterService - ok
09:17:42.0531 5496 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:17:42.0531 5496 Kbdclass - ok
09:17:42.0578 5496 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:17:42.0578 5496 kbdhid - ok
09:17:42.0640 5496 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:17:42.0656 5496 kmixer - ok
09:17:42.0718 5496 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:17:42.0734 5496 KSecDD - ok
09:17:42.0796 5496 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:17:42.0796 5496 LanmanServer - ok
09:17:42.0859 5496 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:17:42.0875 5496 lanmanworkstation - ok
09:17:42.0890 5496 lbrtfdc - ok
09:17:42.0953 5496 LightScribeService (00944d59948596721d17510c94cd3e4f) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:17:42.0953 5496 LightScribeService - ok
09:17:43.0015 5496 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:17:43.0015 5496 LmHosts - ok
09:17:43.0046 5496 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
09:17:43.0046 5496 MBAMProtector - ok
09:17:43.0187 5496 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:17:43.0234 5496 MBAMService - ok
09:17:43.0343 5496 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
09:17:43.0359 5496 MDM - ok
09:17:43.0421 5496 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:17:43.0421 5496 mdmxsdk - ok
09:17:43.0468 5496 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:17:43.0468 5496 Messenger - ok
09:17:43.0515 5496 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:17:43.0515 5496 mnmdd - ok
09:17:43.0562 5496 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:17:43.0578 5496 mnmsrvc - ok
09:17:43.0609 5496 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:17:43.0625 5496 Modem - ok
09:17:43.0656 5496 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:17:43.0656 5496 Mouclass - ok
09:17:43.0765 5496 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:17:43.0796 5496 mouhid - ok
09:17:43.0828 5496 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:17:43.0828 5496 MountMgr - ok
09:17:43.0843 5496 mraid35x - ok
09:17:43.0875 5496 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:17:43.0875 5496 MRxDAV - ok
09:17:43.0984 5496 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:17:44.0015 5496 MRxSmb - ok
09:17:44.0046 5496 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:17:44.0046 5496 MSDTC - ok
09:17:44.0078 5496 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:17:44.0078 5496 Msfs - ok
09:17:44.0093 5496 MSIServer - ok
09:17:44.0109 5496 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:17:44.0109 5496 MSKSSRV - ok
09:17:44.0140 5496 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:17:44.0140 5496 MSPCLOCK - ok
09:17:44.0156 5496 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:17:44.0171 5496 MSPQM - ok
09:17:44.0218 5496 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:17:44.0234 5496 mssmbios - ok
09:17:44.0281 5496 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:17:44.0296 5496 Mup - ok
09:17:44.0343 5496 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:17:44.0375 5496 napagent - ok
09:17:44.0453 5496 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:17:44.0468 5496 NDIS - ok
09:17:44.0531 5496 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:17:44.0531 5496 NdisTapi - ok
09:17:44.0578 5496 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:17:44.0578 5496 Ndisuio - ok
09:17:44.0625 5496 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:17:44.0625 5496 NdisWan - ok
09:17:44.0687 5496 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:17:44.0687 5496 NDProxy - ok
09:17:44.0703 5496 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:17:44.0703 5496 NetBIOS - ok
09:17:44.0734 5496 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:17:44.0750 5496 NetBT - ok
09:17:44.0812 5496 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:17:44.0828 5496 NetDDE - ok
09:17:44.0843 5496 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:17:44.0843 5496 NetDDEdsdm - ok
09:17:44.0890 5496 NetillaVPN (a84ae956ac7f9e493cac07ef98c1a3d1) C:\WINDOWS\system32\DRIVERS\Netva.sys
09:17:44.0890 5496 NetillaVPN - ok
09:17:44.0984 5496 NetillaVPNService (d5480f358c8781f46136df8c669b0d7a) C:\Program Files\AEP\SSLTunnel\nvpns.exe
09:17:44.0984 5496 NetillaVPNService - ok
09:17:45.0015 5496 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:17:45.0015 5496 Netlogon - ok
09:17:45.0062 5496 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:17:45.0062 5496 Netman - ok
09:17:45.0218 5496 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:17:45.0234 5496 NetTcpPortSharing - ok
09:17:45.0312 5496 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:17:45.0375 5496 Nla - ok
09:17:45.0437 5496 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:17:45.0437 5496 Npfs - ok
09:17:45.0531 5496 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:17:45.0578 5496 Ntfs - ok
09:17:45.0593 5496 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:17:45.0593 5496 NtLmSsp - ok
09:17:45.0640 5496 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:17:45.0687 5496 NtmsSvc - ok
09:17:45.0718 5496 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:17:45.0718 5496 Null - ok
09:17:45.0781 5496 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:17:45.0781 5496 NwlnkFlt - ok
09:17:45.0796 5496 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:17:45.0812 5496 NwlnkFwd - ok
09:17:45.0906 5496 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:17:45.0921 5496 ose - ok
09:17:45.0968 5496 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:17:45.0968 5496 Parport - ok
09:17:45.0984 5496 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:17:46.0000 5496 PartMgr - ok
09:17:46.0046 5496 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:17:46.0046 5496 ParVdm - ok
09:17:46.0078 5496 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:17:46.0078 5496 PCI - ok
09:17:46.0093 5496 PCIDump - ok
09:17:46.0125 5496 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:17:46.0125 5496 PCIIde - ok
09:17:46.0140 5496 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:17:46.0156 5496 Pcmcia - ok
09:17:46.0156 5496 PDCOMP - ok
09:17:46.0171 5496 PDFRAME - ok
09:17:46.0187 5496 PDRELI - ok
09:17:46.0203 5496 PDRFRAME - ok
09:17:46.0203 5496 perc2 - ok
09:17:46.0218 5496 perc2hib - ok
09:17:46.0296 5496 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:17:46.0296 5496 PlugPlay - ok
09:17:46.0312 5496 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:17:46.0312 5496 PolicyAgent - ok
09:17:46.0406 5496 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:17:46.0406 5496 PptpMiniport - ok
09:17:46.0421 5496 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:17:46.0421 5496 ProtectedStorage - ok
09:17:46.0437 5496 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:17:46.0453 5496 PSched - ok
09:17:46.0484 5496 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:17:46.0484 5496 Ptilink - ok
09:17:46.0500 5496 ql1080 - ok
09:17:46.0515 5496 Ql10wnt - ok
09:17:46.0515 5496 ql12160 - ok
09:17:46.0531 5496 ql1240 - ok
09:17:46.0546 5496 ql1280 - ok
09:17:46.0578 5496 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:17:46.0578 5496 RasAcd - ok
09:17:46.0609 5496 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:17:46.0625 5496 RasAuto - ok
09:17:46.0671 5496 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
09:17:46.0671 5496 Rasirda - ok
09:17:46.0687 5496 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:17:46.0703 5496 Rasl2tp - ok
09:17:46.0734 5496 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:17:46.0750 5496 RasMan - ok
09:17:46.0765 5496 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:17:46.0765 5496 RasPppoe - ok
09:17:46.0781 5496 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:17:46.0781 5496 Raspti - ok
09:17:46.0828 5496 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:17:46.0843 5496 Rdbss - ok
09:17:46.0859 5496 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:17:46.0875 5496 RDPCDD - ok
09:17:46.0921 5496 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:17:46.0937 5496 rdpdr - ok
09:17:47.0000 5496 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
09:17:47.0031 5496 RDPWD - ok
09:17:47.0078 5496 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:17:47.0093 5496 RDSessMgr - ok
09:17:47.0125 5496 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:17:47.0140 5496 redbook - ok
09:17:47.0312 5496 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
09:17:47.0343 5496 RegSrvc - ok
09:17:47.0406 5496 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:17:47.0406 5496 RemoteAccess - ok
09:17:47.0484 5496 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:17:47.0484 5496 RemoteRegistry - ok
09:17:47.0531 5496 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:17:47.0531 5496 RpcLocator - ok
09:17:47.0593 5496 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
09:17:47.0609 5496 RpcSs - ok
09:17:47.0671 5496 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:17:47.0703 5496 RSVP - ok
09:17:47.0812 5496 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
09:17:47.0875 5496 S24EventMonitor - ok
09:17:47.0921 5496 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:17:47.0921 5496 s24trans - ok
09:17:47.0984 5496 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:17:47.0984 5496 SamSs - ok
09:17:48.0078 5496 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:17:48.0078 5496 SASDIFSV - ok
09:17:48.0093 5496 SAS***IL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS
09:17:48.0093 5496 SAS***IL - ok
09:17:48.0156 5496 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:17:48.0171 5496 SCardSvr - ok
09:17:48.0234 5496 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:17:48.0281 5496 Schedule - ok
09:17:48.0312 5496 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:17:48.0328 5496 Secdrv - ok
09:17:48.0359 5496 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:17:48.0359 5496 seclogon - ok
09:17:48.0468 5496 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:17:48.0468 5496 SENS - ok
09:17:48.0546 5496 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:17:48.0562 5496 serenum - ok
09:17:48.0609 5496 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:17:48.0609 5496 Serial - ok
09:17:48.0671 5496 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:17:48.0671 5496 Sfloppy - ok
09:17:48.0750 5496 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:17:48.0765 5496 SharedAccess - ok
09:17:48.0828 5496 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:17:48.0828 5496 ShellHWDetection - ok
09:17:48.0843 5496 Simbad - ok
09:17:48.0890 5496 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
09:17:48.0890 5496 SMCIRDA - ok
09:17:48.0906 5496 Sparrow - ok
09:17:48.0953 5496 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:17:48.0953 5496 splitter - ok
09:17:49.0015 5496 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:17:49.0015 5496 Spooler - ok
09:17:49.0078 5496 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:17:49.0078 5496 sr - ok
09:17:49.0125 5496 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:17:49.0125 5496 srservice - ok
09:17:49.0187 5496 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:17:49.0203 5496 Srv - ok
09:17:49.0296 5496 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:17:49.0296 5496 SSDPSRV - ok
09:17:49.0375 5496 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
09:17:49.0390 5496 STAC97 - ok
09:17:49.0453 5496 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:17:49.0453 5496 stisvc - ok
09:17:49.0500 5496 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:17:49.0515 5496 swenum - ok
09:17:49.0531 5496 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:17:49.0531 5496 swmidi - ok
09:17:49.0546 5496 SwPrv - ok
09:17:49.0562 5496 symc810 - ok
09:17:49.0578 5496 symc8xx - ok
09:17:49.0593 5496 sym_hi - ok
09:17:49.0609 5496 sym_u3 - ok
09:17:49.0656 5496 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:17:49.0671 5496 sysaudio - ok
09:17:49.0718 5496 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:17:49.0734 5496 SysmonLog - ok
09:17:49.0781 5496 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:17:49.0796 5496 TapiSrv - ok
09:17:49.0859 5496 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:17:49.0890 5496 Tcpip - ok
09:17:49.0953 5496 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:17:49.0953 5496 TDPIPE - ok
09:17:49.0984 5496 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:17:49.0984 5496 TDTCP - ok
09:17:50.0000 5496 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:17:50.0015 5496 TermDD - ok
09:17:50.0046 5496 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:17:50.0062 5496 TermService - ok
09:17:50.0125 5496 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:17:50.0125 5496 Themes - ok
09:17:50.0171 5496 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:17:50.0187 5496 TlntSvr - ok
09:17:50.0203 5496 TosIde - ok
09:17:50.0250 5496 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:17:50.0265 5496 TrkWks - ok
09:17:50.0296 5496 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:17:50.0296 5496 Udfs - ok
09:17:50.0312 5496 UIUSys - ok
09:17:50.0328 5496 ultra - ok
09:17:50.0421 5496 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:17:50.0453 5496 Update - ok
09:17:50.0500 5496 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:17:50.0515 5496 upnphost - ok
09:17:50.0546 5496 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:17:50.0546 5496 UPS - ok
09:17:50.0625 5496 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:17:50.0625 5496 usbccgp - ok
09:17:50.0765 5496 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:17:50.0781 5496 usbehci - ok
09:17:50.0796 5496 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:17:50.0796 5496 usbhub - ok
09:17:50.0828 5496 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:17:50.0843 5496 usbprint - ok
09:17:50.0859 5496 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:17:50.0859 5496 usbscan - ok
09:17:50.0906 5496 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:17:50.0906 5496 USBSTOR - ok
09:17:50.0968 5496 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:17:50.0968 5496 usbuhci - ok
09:17:51.0078 5496 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:17:51.0078 5496 VgaSave - ok
09:17:51.0093 5496 ViaIde - ok
09:17:51.0125 5496 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:17:51.0125 5496 VolSnap - ok
09:17:51.0187 5496 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:17:51.0203 5496 VSS - ok
09:17:51.0421 5496 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
09:17:51.0578 5496 w29n51 - ok
09:17:51.0750 5496 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:17:51.0765 5496 W32Time - ok
09:17:51.0828 5496 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:17:51.0843 5496 Wanarp - ok
09:17:51.0890 5496 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
09:17:51.0906 5496 wceusbsh - ok
09:17:51.0906 5496 WDICA - ok
09:17:51.0984 5496 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:17:51.0984 5496 wdmaud - ok
09:17:52.0046 5496 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:17:52.0062 5496 WebClient - ok
09:17:52.0156 5496 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:17:52.0203 5496 winachsf - ok
09:17:52.0312 5496 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:17:52.0312 5496 winmgmt - ok
09:17:52.0515 5496 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
09:17:52.0546 5496 WLANKEEPER - ok
09:17:52.0593 5496 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
09:17:52.0593 5496 WmdmPmSN - ok
09:17:52.0687 5496 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:17:52.0734 5496 Wmi - ok
09:17:52.0796 5496 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:17:52.0812 5496 WmiApSrv - ok
09:17:52.0906 5496 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:17:52.0921 5496 WS2IFSL - ok
09:17:52.0984 5496 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:17:52.0984 5496 wscsvc - ok
09:17:53.0046 5496 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:17:53.0062 5496 wuauserv - ok
09:17:53.0140 5496 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:17:53.0156 5496 WZCSVC - ok
09:17:53.0156 5496 xcpip - ok
09:17:53.0218 5496 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:17:53.0234 5496 xmlprov - ok
09:17:53.0250 5496 xpsec - ok
09:17:53.0328 5496 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:17:54.0156 5496 \Device\Harddisk0\DR0 - ok
09:17:54.0156 5496 Boot (0x1200) (91d123cdc670794bbef41be835648a46) \Device\Harddisk0\DR0\Partition0
09:17:54.0171 5496 \Device\Harddisk0\DR0\Partition0 - ok
09:17:54.0171 5496 ============================================================
09:17:54.0171 5496 Scan finished
09:17:54.0187 5496 ============================================================
09:17:54.0218 5488 Detected object count: 1
09:17:54.0218 5488 Actual detected object count: 1
09:18:11.0218 5488 atapi ( ForgedFile.Multi.Generic ) - skipped by user
09:18:11.0218 5488 atapi ( ForgedFile.Multi.Generic ) - User select action: Skip
-
"";""";"HKLM\SYSTEM\CurrentControlSet\services\atapi";"Found registry key with reference to infected file C:\WINDOWS\system32\DRIVERS\atapi.sys";"Moved to Virus Vault"
"";"C:\WINDOWS\system32\DRIVERS\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\drivers\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\wuauclt.exe (2836)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\winlogon.exe (1168)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (788)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (772)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (560)";"Trojan horse PSW.Agent.AUET";"Deleted"
C:\WINDOWS\system32\svchost.exe (2532)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (1716)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (1640)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (1412)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\services.exe (1220)";"Trojan horse PSW.Agent.AUES";"Deleted"
"";"C:\WINDOWS\system32\igfxpers.exe (264)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\hkcmd.exe (1848)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\alg.exe (3300)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\explorer.exe (160)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (2096)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (528)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (3776)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3964)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Java\jre6\bin\jusched.exe (256)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Java\jre6\bin\jucheck.exe (2448)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Internet Explorer\iexplore.exe (4948)";"Trojan horse PSW.Agent.ARMW";"Deleted"
"";"C:\Program Files\Internet Explorer\iexplore.exe (3536)";"Trojan horse PSW.Agent.ARMW";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3704)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (472)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (336)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2400)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (1620)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1860)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (2892)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3848)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (1136)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\AVG\AVG2012\avgmfapx.exe (4736)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3760)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\wuauclt.exe (2836):\memory_027e0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\winlogon.exe (1168):\memory_00df0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (788):\memory_00b50000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (788):\memory_00ac0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (772):\memory_00c30000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (772):\memory_00bb0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (560):\memory_00930000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (560):\memory_008a0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (2532):\memory_00c00000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (2532):\memory_00b70000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1716):\memory_00ae0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1716):\memory_00a10000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1640):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1640):\memory_00af0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1412):\memory_00a90000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1412):\memory_00640000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\services.exe (1220):\memory_009b0000";"Trojan horse PSW.Agent.AUES";"Infected"
"";"C:\WINDOWS\system32\igfxpers.exe (264):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\hkcmd.exe (1848):\memory_00cd0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\alg.exe (3300):\memory_00aa0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\explorer.exe (160):\memory_01730000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\explorer.exe (160):\memory_00ff0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (2096):\memory_00e90000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (528):\memory_05cf0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (3776):\memory_01470000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (3964):\memory_01280000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Java\jre6\bin\jusched.exe (256):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Java\jre6\bin\jucheck.exe (2448):\memory_00df0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Internet Explorer\iexplore.exe (4948):\memory_02000000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Internet Explorer\iexplore.exe (4948):\memory_009d0000";"Trojan horse PSW.Agent.ARMW";"Infected"
"";"C:\Program Files\Internet Explorer\iexplore.exe (3536):\memory_00f20000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Internet Explorer\iexplore.exe (3536):\memory_009c0000";"Trojan horse PSW.Agent.ARMW";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3704):\memory_01050000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (472):\memory_06c80000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (336):\memory_01b20000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2400):\memory_006a0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (1620):\memory_013c0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1860):\memory_00fb0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (2892):\memory_01620000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3848):\memory_00d40000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (1136):\memory_019e0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\AVG\AVG2012\avgmfapx.exe (4736):\memory_01090000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3760):\memory_008d0000";"Trojan horse PSW.Agent.ASJX";"Infected"
-
ComboFix 12-08-08.01 - Mirjam 08-08-2012 22:10:30.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.410 [GMT 2:00]
Running from: c:\documents and settings\Mirjam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mirjam\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\drivers\ixodm.sys"
"c:\windows\system32\drivers\rxr1z_.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mirjam\Local Settings\Application Data\Ilivid Player
c:\documents and settings\Mirjam\Local Settings\Application Data\Ilivid Player\script.qscript
c:\program files\iLivid
c:\program files\iLivid\fantastic\icon.ico
c:\program files\iLivid\ftalk.ico
c:\program files\iLivid\Helper.dll
c:\program files\iLivid\ilivid.exe
c:\program files\iLivid\ilivid.ico
c:\program files\iLivid\imageformats\qgif4.dll
c:\program files\iLivid\imageformats\qjpeg4.dll
c:\program files\iLivid\libeay32.dll
c:\program files\iLivid\libgcc_s_dw2-1.dll
c:\program files\iLivid\mingwm10.dll
c:\program files\iLivid\phonon4.dll
c:\program files\iLivid\QtCore4.dll
c:\program files\iLivid\QtGui4.dll
c:\program files\iLivid\QtNetwork4.dll
c:\program files\iLivid\QtScript4.dll
c:\program files\iLivid\QtSvg4.dll
c:\program files\iLivid\QtWebKit4.dll
c:\program files\iLivid\QtXmlPatterns4.dll
c:\program files\iLivid\script.qscript
c:\program files\iLivid\script1.81.qscript
c:\program files\iLivid\ssleay32.dll
c:\program files\iLivid\uninstall.exe
c:\program files\iLivid\VLC\activex\axvlc.dll
c:\program files\iLivid\VLC\activex\axvlc.dll.manifest
c:\program files\iLivid\VLC\activex\README.TXT
c:\program files\iLivid\VLC\activex\test.html
c:\program files\iLivid\VLC\AUTHORS.txt
c:\program files\iLivid\VLC\COPYING.txt
c:\program files\iLivid\VLC\http\.hosts
c:\program files\iLivid\VLC\http\dialogs\.hosts
c:\program files\iLivid\VLC\http\dialogs\browse
c:\program files\iLivid\VLC\http\dialogs\footer
c:\program files\iLivid\VLC\http\dialogs\input
c:\program files\iLivid\VLC\http\dialogs\main
c:\program files\iLivid\VLC\http\dialogs\mosaic
c:\program files\iLivid\VLC\http\dialogs\playlist
c:\program files\iLivid\VLC\http\dialogs\sout
c:\program files\iLivid\VLC\http\dialogs\vlm
c:\program files\iLivid\VLC\http\favicon.ico
c:\program files\iLivid\VLC\http\flash.html
c:\program files\iLivid\VLC\http\iehacks.css
c:\program files\iLivid\VLC\http\images\delete.png
c:\program files\iLivid\VLC\http\images\delete_small.png
c:\program files\iLivid\VLC\http\images\eject.png
c:\program files\iLivid\VLC\http\images\empty.png
c:\program files\iLivid\VLC\http\images\fullscreen.png
c:\program files\iLivid\VLC\http\images\help.png
c:\program files\iLivid\VLC\http\images\info.png
c:\program files\iLivid\VLC\http\images\loop.png
c:\program files\iLivid\VLC\http\images\minus.png
c:\program files\iLivid\VLC\http\images\next.png
c:\program files\iLivid\VLC\http\images\pause.png
c:\program files\iLivid\VLC\http\images\play.png
c:\program files\iLivid\VLC\http\images\playlist.png
c:\program files\iLivid\VLC\http\images\playlist_small.png
c:\program files\iLivid\VLC\http\images\plus.png
c:\program files\iLivid\VLC\http\images\prev.png
c:\program files\iLivid\VLC\http\images\refresh.png
c:\program files\iLivid\VLC\http\images\repeat.png
c:\program files\iLivid\VLC\http\images\sd.png
c:\program files\iLivid\VLC\http\images\shuffle.png
c:\program files\iLivid\VLC\http\images\slider_bar.png
c:\program files\iLivid\VLC\http\images\slider_left.png
c:\program files\iLivid\VLC\http\images\slider_point.png
c:\program files\iLivid\VLC\http\images\slider_right.png
c:\program files\iLivid\VLC\http\images\slow.png
c:\program files\iLivid\VLC\http\images\snapshot.png
c:\program files\iLivid\VLC\http\images\sort.png
c:\program files\iLivid\VLC\http\images\sout.png
c:\program files\iLivid\VLC\http\images\speaker.png
c:\program files\iLivid\VLC\http\images\speaker_mute.png
c:\program files\iLivid\VLC\http\images\stop.png
c:\program files\iLivid\VLC\http\images\vlc16x16.png
c:\program files\iLivid\VLC\http\images\volume_down.png
c:\program files\iLivid\VLC\http\images\volume_up.png
c:\program files\iLivid\VLC\http\images\white.png
c:\program files\iLivid\VLC\http\images\white_cross_small.png
c:\program files\iLivid\VLC\http\index.html
c:\program files\iLivid\VLC\http\js\functions.js
c:\program files\iLivid\VLC\http\js\mosaic.js
c:\program files\iLivid\VLC\http\js\vlm.js
c:\program files\iLivid\VLC\http\mosaic.html
c:\program files\iLivid\VLC\http\requests\browse.xml
c:\program files\iLivid\VLC\http\requests\playlist.xml
c:\program files\iLivid\VLC\http\requests\readme.txt
c:\program files\iLivid\VLC\http\requests\status.xml
c:\program files\iLivid\VLC\http\requests\vlm.xml
c:\program files\iLivid\VLC\http\requests\vlm_cmd.xml
c:\program files\iLivid\VLC\http\style.css
c:\program files\iLivid\VLC\http\vlm.html
c:\program files\iLivid\VLC\http\vlm_export.html
c:\program files\iLivid\VLC\languages\bengali.nsh
c:\program files\iLivid\VLC\languages\brazilian_portuguese.nsh
c:\program files\iLivid\VLC\languages\bulgarian.nsh
c:\program files\iLivid\VLC\languages\catalan.nsh
c:\program files\iLivid\VLC\languages\danish.nsh
c:\program files\iLivid\VLC\languages\declaration.nsh
c:\program files\iLivid\VLC\languages\dutch.nsh
c:\program files\iLivid\VLC\languages\english.nsh
c:\program files\iLivid\VLC\languages\estonian.nsh
c:\program files\iLivid\VLC\languages\finnish.nsh
c:\program files\iLivid\VLC\languages\french.nsh
c:\program files\iLivid\VLC\languages\german.nsh
c:\program files\iLivid\VLC\languages\hungarian.nsh
c:\program files\iLivid\VLC\languages\italian.nsh
c:\program files\iLivid\VLC\languages\japanese.nsh
c:\program files\iLivid\VLC\languages\lithuanian.nsh
c:\program files\iLivid\VLC\languages\occitan.nsh
c:\program files\iLivid\VLC\languages\polish.nsh
c:\program files\iLivid\VLC\languages\punjabi.nsh
c:\program files\iLivid\VLC\languages\romanian.nsh
c:\program files\iLivid\VLC\languages\schinese.nsh
c:\program files\iLivid\VLC\languages\slovak.nsh
c:\program files\iLivid\VLC\languages\slovenian.nsh
c:\program files\iLivid\VLC\languages\sorani.nsh
c:\program files\iLivid\VLC\languages\spanish.nsh
c:\program files\iLivid\VLC\libvlc.dll
c:\program files\iLivid\VLC\libvlc.dll.manifest
c:\program files\iLivid\VLC\libvlccore.dll
c:\program files\iLivid\VLC\locale\ach\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\af\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\am\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\ar\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\ast\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\be\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\bg\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\bn\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\br\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\ca\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\cgg\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\ckb\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\co\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\cs\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\da\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\de\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\el\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\en_GB\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\es\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\et\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\eu\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\fa\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\ff\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\fi\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\fr\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\fur\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\ga\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\gl\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\he\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\hi\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\hr\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\hu\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\hy\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\id\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\is\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\it\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\ja\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\ka\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\kk\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\km\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\ko\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\lg\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\lt\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\lv\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\mk\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\ml\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\mn\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\ms\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\my\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\nb\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\ne\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\nl\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\nn\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\oc\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\pa\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\pl\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\ps\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\ro\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\ru\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\si\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\sk\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\sl\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\sq\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\sr\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\sv\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\ta\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\tet\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\th\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\tl\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\tr\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\uk\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\vi\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\wa\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\locale\zu\LC_MESSAGES\vlc.mo
c:\program files\iLivid\VLC\lua\extensions\allocine-fr.lua
c:\program files\iLivid\VLC\lua\extensions\imdb.lua
c:\program files\iLivid\VLC\lua\extensions\README.txt
c:\program files\iLivid\VLC\lua\http\.hosts
c:\program files\iLivid\VLC\lua\http\custom.lua
c:\program files\iLivid\VLC\lua\http\dialogs\.hosts
c:\program files\iLivid\VLC\lua\http\dialogs\browse
c:\program files\iLivid\VLC\lua\http\dialogs\footer
c:\program files\iLivid\VLC\lua\http\dialogs\input
c:\program files\iLivid\VLC\lua\http\dialogs\main
c:\program files\iLivid\VLC\lua\http\dialogs\mosaic
c:\program files\iLivid\VLC\lua\http\dialogs\playlist
c:\program files\iLivid\VLC\lua\http\dialogs\sout
c:\program files\iLivid\VLC\lua\http\dialogs\vlm
c:\program files\iLivid\VLC\lua\http\favicon.ico
c:\program files\iLivid\VLC\lua\http\flash.html
c:\program files\iLivid\VLC\lua\http\iehacks.css
c:\program files\iLivid\VLC\lua\http\images\delete.png
c:\program files\iLivid\VLC\lua\http\images\delete_small.png
c:\program files\iLivid\VLC\lua\http\images\eject.png
c:\program files\iLivid\VLC\lua\http\images\empty.png
c:\program files\iLivid\VLC\lua\http\images\fullscreen.png
c:\program files\iLivid\VLC\lua\http\images\help.png
c:\program files\iLivid\VLC\lua\http\images\info.png
c:\program files\iLivid\VLC\lua\http\images\loop.png
c:\program files\iLivid\VLC\lua\http\images\minus.png
c:\program files\iLivid\VLC\lua\http\images\next.png
c:\program files\iLivid\VLC\lua\http\images\pause.png
c:\program files\iLivid\VLC\lua\http\images\play.png
c:\program files\iLivid\VLC\lua\http\images\playlist.png
c:\program files\iLivid\VLC\lua\http\images\playlist_small.png
c:\program files\iLivid\VLC\lua\http\images\plus.png
c:\program files\iLivid\VLC\lua\http\images\prev.png
c:\program files\iLivid\VLC\lua\http\images\refresh.png
c:\program files\iLivid\VLC\lua\http\images\repeat.png
c:\program files\iLivid\VLC\lua\http\images\reset.png
c:\program files\iLivid\VLC\lua\http\images\sd.png
c:\program files\iLivid\VLC\lua\http\images\shuffle.png
c:\program files\iLivid\VLC\lua\http\images\slider_bar.png
c:\program files\iLivid\VLC\lua\http\images\slider_left.png
c:\program files\iLivid\VLC\lua\http\images\slider_point.png
c:\program files\iLivid\VLC\lua\http\images\slider_right.png
c:\program files\iLivid\VLC\lua\http\images\slow.png
c:\program files\iLivid\VLC\lua\http\images\snapshot.png
c:\program files\iLivid\VLC\lua\http\images\sort.png
c:\program files\iLivid\VLC\lua\http\images\sout.png
c:\program files\iLivid\VLC\lua\http\images\speaker.png
c:\program files\iLivid\VLC\lua\http\images\speaker_mute.png
c:\program files\iLivid\VLC\lua\http\images\stop.png
c:\program files\iLivid\VLC\lua\http\images\vlc16x16.png
c:\program files\iLivid\VLC\lua\http\images\volume_down.png
c:\program files\iLivid\VLC\lua\http\images\volume_up.png
c:\program files\iLivid\VLC\lua\http\images\white.png
c:\program files\iLivid\VLC\lua\http\images\white_cross_small.png
c:\program files\iLivid\VLC\lua\http\index.html
c:\program files\iLivid\VLC\lua\http\js\functions.js
c:\program files\iLivid\VLC\lua\http\js\mosaic.js
c:\program files\iLivid\VLC\lua\http\js\vlm.js
c:\program files\iLivid\VLC\lua\http\mosaic.html
c:\program files\iLivid\VLC\lua\http\requests\browse.xml
c:\program files\iLivid\VLC\lua\http\requests\playlist.xml
c:\program files\iLivid\VLC\lua\http\requests\readme.txt
c:\program files\iLivid\VLC\lua\http\requests\status.xml
c:\program files\iLivid\VLC\lua\http\requests\vlm.xml
c:\program files\iLivid\VLC\lua\http\requests\vlm_cmd.xml
c:\program files\iLivid\VLC\lua\http\style.css
c:\program files\iLivid\VLC\lua\http\vlm.html
c:\program files\iLivid\VLC\lua\http\vlm_export.html
c:\program files\iLivid\VLC\lua\intf\dummy.lua
c:\program files\iLivid\VLC\lua\intf\dumpmeta.lua
c:\program files\iLivid\VLC\lua\intf\hotkeys.lua
c:\program files\iLivid\VLC\lua\intf\http.lua
c:\program files\iLivid\VLC\lua\intf\luac.lua
c:\program files\iLivid\VLC\lua\intf\modules\common.lua
c:\program files\iLivid\VLC\lua\intf\modules\host.lua
c:\program files\iLivid\VLC\lua\intf\rc.lua
c:\program files\iLivid\VLC\lua\intf\README.txt
c:\program files\iLivid\VLC\lua\intf\telnet.lua
c:\program files\iLivid\VLC\lua\meta\art\01_googleimage.lua
c:\program files\iLivid\VLC\lua\meta\art\02_frenchtv.lua
c:\program files\iLivid\VLC\lua\meta\art\03_lastfm.lua
c:\program files\iLivid\VLC\lua\meta\art\04_musicbrainz.lua
c:\program files\iLivid\VLC\lua\meta\art\README.txt
c:\program files\iLivid\VLC\lua\meta\fetcher\README.txt
c:\program files\iLivid\VLC\lua\meta\fetcher\tvrage.lua
c:\program files\iLivid\VLC\lua\meta\reader\filename.lua
c:\program files\iLivid\VLC\lua\meta\reader\README.txt
c:\program files\iLivid\VLC\lua\modules\sandbox.lua
c:\program files\iLivid\VLC\lua\modules\simplexml.lua
c:\program files\iLivid\VLC\lua\playlist\anevia_streams.lua
c:\program files\iLivid\VLC\lua\playlist\anevia_xml.lua
c:\program files\iLivid\VLC\lua\playlist\appletrailers.lua
c:\program files\iLivid\VLC\lua\playlist\bbc_co_uk.lua
c:\program files\iLivid\VLC\lua\playlist\break.lua
c:\program files\iLivid\VLC\lua\playlist\canalplus.lua
c:\program files\iLivid\VLC\lua\playlist\cue.lua
c:\program files\iLivid\VLC\lua\playlist\dailymotion.lua
c:\program files\iLivid\VLC\lua\playlist\france2.lua
c:\program files\iLivid\VLC\lua\playlist\googlevideo.lua
c:\program files\iLivid\VLC\lua\playlist\jamendo.lua
c:\program files\iLivid\VLC\lua\playlist\joox.lua
c:\program files\iLivid\VLC\lua\playlist\katsomo.lua
c:\program files\iLivid\VLC\lua\playlist\koreus.lua
c:\program files\iLivid\VLC\lua\playlist\lelombrik.lua
c:\program files\iLivid\VLC\lua\playlist\megavideo.lua
c:\program files\iLivid\VLC\lua\playlist\metacafe.lua
c:\program files\iLivid\VLC\lua\playlist\metachannels.lua
c:\program files\iLivid\VLC\lua\playlist\mpora.lua
c:\program files\iLivid\VLC\lua\playlist\pinkbike.lua
c:\program files\iLivid\VLC\lua\playlist\README.txt
c:\program files\iLivid\VLC\lua\playlist\rockbox_fm_presets.lua
c:\program files\iLivid\VLC\lua\playlist\vimeo.lua
c:\program files\iLivid\VLC\lua\playlist\youtube.lua
c:\program files\iLivid\VLC\lua\playlist\youtube_homepage.lua
c:\program files\iLivid\VLC\lua\README.txt
c:\program files\iLivid\VLC\lua\sd\fmc.lua
c:\program files\iLivid\VLC\lua\sd\freebox.lua
c:\program files\iLivid\VLC\lua\sd\icecast.lua
c:\program files\iLivid\VLC\lua\sd\jamendo.lua
c:\program files\iLivid\VLC\lua\sd\metachannels.lua
c:\program files\iLivid\VLC\lua\sd\README.txt
c:\program files\iLivid\VLC\mozilla\npvlc.dll
c:\program files\iLivid\VLC\mozilla\npvlc.dll.manifest
c:\program files\iLivid\VLC\NEWS.txt
c:\program files\iLivid\VLC\NSIS\UAC.dll
c:\program files\iLivid\VLC\NSIS\UAC.nsh
c:\program files\iLivid\VLC\osdmenu\default.cfg
c:\program files\iLivid\VLC\osdmenu\default\selected\bw.png
c:\program files\iLivid\VLC\osdmenu\default\selected\esc.png
c:\program files\iLivid\VLC\osdmenu\default\selected\fw.png
c:\program files\iLivid\VLC\osdmenu\default\selected\next.png
c:\program files\iLivid\VLC\osdmenu\default\selected\play_pause.png
c:\program files\iLivid\VLC\osdmenu\default\selected\previous.png
c:\program files\iLivid\VLC\osdmenu\default\selected\stop.png
c:\program files\iLivid\VLC\osdmenu\default\selected\volume.png
c:\program files\iLivid\VLC\osdmenu\default\selection\bw.png
c:\program files\iLivid\VLC\osdmenu\default\selection\esc.png
c:\program files\iLivid\VLC\osdmenu\default\selection\fw.png
c:\program files\iLivid\VLC\osdmenu\default\selection\next.png
c:\program files\iLivid\VLC\osdmenu\default\selection\play_pause.png
c:\program files\iLivid\VLC\osdmenu\default\selection\previous.png
c:\program files\iLivid\VLC\osdmenu\default\selection\stop.png
c:\program files\iLivid\VLC\osdmenu\default\selection\volume.png
c:\program files\iLivid\VLC\osdmenu\default\unselected.png
c:\program files\iLivid\VLC\osdmenu\default\volume\volume_00.png
c:\program files\iLivid\VLC\osdmenu\default\volume\volume_01.png
c:\program files\iLivid\VLC\osdmenu\default\volume\volume_02.png
c:\program files\iLivid\VLC\osdmenu\default\volume\volume_03.png
c:\program files\iLivid\VLC\osdmenu\default\volume\volume_04.png
c:\program files\iLivid\VLC\osdmenu\default\volume\volume_05.png
c:\program files\iLivid\VLC\osdmenu\default\volume\volume_06.png
c:\program files\iLivid\VLC\osdmenu\default\volume\volume_07.png
c:\program files\iLivid\VLC\osdmenu\default\volume\volume_08.png
c:\program files\iLivid\VLC\osdmenu\default\volume\volume_09.png
c:\program files\iLivid\VLC\osdmenu\default\volume\volume_10.png
c:\program files\iLivid\VLC\plugins\liba52_plugin.dll
c:\program files\iLivid\VLC\plugins\liba52tofloat32_plugin.dll
c:\program files\iLivid\VLC\plugins\liba52tospdif_plugin.dll
c:\program files\iLivid\VLC\plugins\libaccess_attachment_plugin.dll
c:\program files\iLivid\VLC\plugins\libaccess_bd_plugin.dll
c:\program files\iLivid\VLC\plugins\libaccess_fake_plugin.dll
c:\program files\iLivid\VLC\plugins\libaccess_ftp_plugin.dll
c:\program files\iLivid\VLC\plugins\libaccess_http_plugin.dll
c:\program files\iLivid\VLC\plugins\libaccess_imem_plugin.dll
c:\program files\iLivid\VLC\plugins\libaccess_mms_plugin.dll
c:\program files\iLivid\VLC\plugins\libaccess_output_dummy_plugin.dll
c:\program files\iLivid\VLC\plugins\libaccess_output_file_plugin.dll
c:\program files\iLivid\VLC\plugins\libaccess_output_http_plugin.dll
c:\program files\iLivid\VLC\plugins\libaccess_output_shout_plugin.dll
c:\program files\iLivid\VLC\plugins\libaccess_output_udp_plugin.dll
c:\program files\iLivid\VLC\plugins\libaccess_realrtsp_plugin.dll
c:\program files\iLivid\VLC\plugins\libaccess_smb_plugin.dll
c:\program files\iLivid\VLC\plugins\libaccess_tcp_plugin.dll
c:\program files\iLivid\VLC\plugins\libaccess_udp_plugin.dll
c:\program files\iLivid\VLC\plugins\libadjust_plugin.dll
c:\program files\iLivid\VLC\plugins\libadpcm_plugin.dll
c:\program files\iLivid\VLC\plugins\libaes3_plugin.dll
c:\program files\iLivid\VLC\plugins\libaiff_plugin.dll
c:\program files\iLivid\VLC\plugins\libalphamask_plugin.dll
c:\program files\iLivid\VLC\plugins\libaout_directx_plugin.dll
c:\program files\iLivid\VLC\plugins\libaout_file_plugin.dll
c:\program files\iLivid\VLC\plugins\libaout_sdl_plugin.dll
c:\program files\iLivid\VLC\plugins\libaraw_plugin.dll
c:\program files\iLivid\VLC\plugins\libasf_plugin.dll
c:\program files\iLivid\VLC\plugins\libatmo_plugin.dll
c:\program files\iLivid\VLC\plugins\libau_plugin.dll
c:\program files\iLivid\VLC\plugins\libaudio_format_plugin.dll
c:\program files\iLivid\VLC\plugins\libaudiobargraph_a_plugin.dll
c:\program files\iLivid\VLC\plugins\libaudiobargraph_v_plugin.dll
c:\program files\iLivid\VLC\plugins\libaudioscrobbler_plugin.dll
c:\program files\iLivid\VLC\plugins\libavcodec_plugin.dll
c:\program files\iLivid\VLC\plugins\libavi_plugin.dll
c:\program files\iLivid\VLC\plugins\libball_plugin.dll
c:\program files\iLivid\VLC\plugins\libbda_plugin.dll
c:\program files\iLivid\VLC\plugins\libblend_plugin.dll
c:\program files\iLivid\VLC\plugins\libblendbench_plugin.dll
c:\program files\iLivid\VLC\plugins\libbluescreen_plugin.dll
c:\program files\iLivid\VLC\plugins\libcaca_plugin.dll
c:\program files\iLivid\VLC\plugins\libcanvas_plugin.dll
c:\program files\iLivid\VLC\plugins\libcc_plugin.dll
c:\program files\iLivid\VLC\plugins\libcdda_plugin.dll
c:\program files\iLivid\VLC\plugins\libcdg_plugin.dll
c:\program files\iLivid\VLC\plugins\libchain_plugin.dll
c:\program files\iLivid\VLC\plugins\libchorus_flanger_plugin.dll
c:\program files\iLivid\VLC\plugins\libclone_plugin.dll
c:\program files\iLivid\VLC\plugins\libcolorthres_plugin.dll
c:\program files\iLivid\VLC\plugins\libconverter_fixed_plugin.dll
c:\program files\iLivid\VLC\plugins\libcrop_plugin.dll
c:\program files\iLivid\VLC\plugins\libcroppadd_plugin.dll
c:\program files\iLivid\VLC\plugins\libcvdsub_plugin.dll
c:\program files\iLivid\VLC\plugins\libdeinterlace_plugin.dll
c:\program files\iLivid\VLC\plugins\libdemux_cdg_plugin.dll
c:\program files\iLivid\VLC\plugins\libdemuxdump_plugin.dll
c:\program files\iLivid\VLC\plugins\libdirac_plugin.dll
c:\program files\iLivid\VLC\plugins\libdirect3d_plugin.dll
c:\program files\iLivid\VLC\plugins\libdirectx_plugin.dll
c:\program files\iLivid\VLC\plugins\libdmo_plugin.dll
c:\program files\iLivid\VLC\plugins\libdolby_surround_decoder_plugin.dll
c:\program files\iLivid\VLC\plugins\libdrawable_plugin.dll
c:\program files\iLivid\VLC\plugins\libdshow_plugin.dll
c:\program files\iLivid\VLC\plugins\libdts_plugin.dll
c:\program files\iLivid\VLC\plugins\libdtstofloat32_plugin.dll
c:\program files\iLivid\VLC\plugins\libdtstospdif_plugin.dll
c:\program files\iLivid\VLC\plugins\libdummy_plugin.dll
c:\program files\iLivid\VLC\plugins\libdvbsub_plugin.dll
c:\program files\iLivid\VLC\plugins\libdvdnav_plugin.dll
c:\program files\iLivid\VLC\plugins\libdvdread_plugin.dll
c:\program files\iLivid\VLC\plugins\libequalizer_plugin.dll
c:\program files\iLivid\VLC\plugins\liberase_plugin.dll
c:\program files\iLivid\VLC\plugins\libes_plugin.dll
c:\program files\iLivid\VLC\plugins\libexport_plugin.dll
c:\program files\iLivid\VLC\plugins\libextract_plugin.dll
c:\program files\iLivid\VLC\plugins\libfaad_plugin.dll
c:\program files\iLivid\VLC\plugins\libfake_plugin.dll
c:\program files\iLivid\VLC\plugins\libfilesystem_plugin.dll
c:\program files\iLivid\VLC\plugins\libflac_plugin.dll
c:\program files\iLivid\VLC\plugins\libflacsys_plugin.dll
c:\program files\iLivid\VLC\plugins\libfloat32_mixer_plugin.dll
c:\program files\iLivid\VLC\plugins\libfluidsynth_plugin.dll
c:\program files\iLivid\VLC\plugins\libfolder_plugin.dll
c:\program files\iLivid\VLC\plugins\libfreetype_plugin.dll
c:\program files\iLivid\VLC\plugins\libgaussianblur_plugin.dll
c:\program files\iLivid\VLC\plugins\libgestures_plugin.dll
c:\program files\iLivid\VLC\plugins\libglobalhotkeys_plugin.dll
c:\program files\iLivid\VLC\plugins\libglwin32_plugin.dll
c:\program files\iLivid\VLC\plugins\libgme_plugin.dll
c:\program files\iLivid\VLC\plugins\libgnutls_plugin.dll
c:\program files\iLivid\VLC\plugins\libgoom_plugin.dll
c:\program files\iLivid\VLC\plugins\libgradient_plugin.dll
c:\program files\iLivid\VLC\plugins\libgrain_plugin.dll
c:\program files\iLivid\VLC\plugins\libgrey_yuv_plugin.dll
c:\program files\iLivid\VLC\plugins\libh264_plugin.dll
c:\program files\iLivid\VLC\plugins\libheadphone_channel_mixer_plugin.dll
c:\program files\iLivid\VLC\plugins\libhotkeys_plugin.dll
c:\program files\iLivid\VLC\plugins\libi420_rgb_mmx_plugin.dll
c:\program files\iLivid\VLC\plugins\libi420_rgb_plugin.dll
c:\program files\iLivid\VLC\plugins\libi420_rgb_sse2_plugin.dll
c:\program files\iLivid\VLC\plugins\libi420_yuy2_mmx_plugin.dll
c:\program files\iLivid\VLC\plugins\libi420_yuy2_plugin.dll
c:\program files\iLivid\VLC\plugins\libi420_yuy2_sse2_plugin.dll
c:\program files\iLivid\VLC\plugins\libi422_i420_plugin.dll
c:\program files\iLivid\VLC\plugins\libi422_yuy2_mmx_plugin.dll
c:\program files\iLivid\VLC\plugins\libi422_yuy2_plugin.dll
c:\program files\iLivid\VLC\plugins\libi422_yuy2_sse2_plugin.dll
c:\program files\iLivid\VLC\plugins\libinvert_plugin.dll
c:\program files\iLivid\VLC\plugins\libinvmem_plugin.dll
c:\program files\iLivid\VLC\plugins\libkate_plugin.dll
c:\program files\iLivid\VLC\plugins\liblibass_plugin.dll
c:\program files\iLivid\VLC\plugins\liblibmpeg2_plugin.dll
c:\program files\iLivid\VLC\plugins\liblive555_plugin.dll
c:\program files\iLivid\VLC\plugins\liblogger_plugin.dll
c:\program files\iLivid\VLC\plugins\liblogo_plugin.dll
c:\program files\iLivid\VLC\plugins\liblpcm_plugin.dll
c:\program files\iLivid\VLC\plugins\liblua_plugin.dll
c:\program files\iLivid\VLC\plugins\libmagnify_plugin.dll
c:\program files\iLivid\VLC\plugins\libmarq_plugin.dll
c:\program files\iLivid\VLC\plugins\libmediadirs_plugin.dll
c:\program files\iLivid\VLC\plugins\libmemcpy3dn_plugin.dll
c:\program files\iLivid\VLC\plugins\libmemcpymmx_plugin.dll
c:\program files\iLivid\VLC\plugins\libmemcpymmxext_plugin.dll
c:\program files\iLivid\VLC\plugins\libmirror_plugin.dll
c:\program files\iLivid\VLC\plugins\libmjpeg_plugin.dll
c:\program files\iLivid\VLC\plugins\libmkv_plugin.dll
c:\program files\iLivid\VLC\plugins\libmod_plugin.dll
c:\program files\iLivid\VLC\plugins\libmono_plugin.dll
c:\program files\iLivid\VLC\plugins\libmosaic_plugin.dll
c:\program files\iLivid\VLC\plugins\libmotionblur_plugin.dll
c:\program files\iLivid\VLC\plugins\libmotiondetect_plugin.dll
c:\program files\iLivid\VLC\plugins\libmp4_plugin.dll
c:\program files\iLivid\VLC\plugins\libmpc_plugin.dll
c:\program files\iLivid\VLC\plugins\libmpeg_audio_plugin.dll
c:\program files\iLivid\VLC\plugins\libmpgatofixed32_plugin.dll
c:\program files\iLivid\VLC\plugins\libmpgv_plugin.dll
c:\program files\iLivid\VLC\plugins\libmsn_plugin.dll
c:\program files\iLivid\VLC\plugins\libmux_asf_plugin.dll
c:\program files\iLivid\VLC\plugins\libmux_avi_plugin.dll
c:\program files\iLivid\VLC\plugins\libmux_dummy_plugin.dll
c:\program files\iLivid\VLC\plugins\libmux_mp4_plugin.dll
c:\program files\iLivid\VLC\plugins\libmux_mpjpeg_plugin.dll
c:\program files\iLivid\VLC\plugins\libmux_ogg_plugin.dll
c:\program files\iLivid\VLC\plugins\libmux_ps_plugin.dll
c:\program files\iLivid\VLC\plugins\libmux_ts_plugin.dll
c:\program files\iLivid\VLC\plugins\libmux_wav_plugin.dll
c:\program files\iLivid\VLC\plugins\libnetsync_plugin.dll
c:\program files\iLivid\VLC\plugins\libnoise_plugin.dll
c:\program files\iLivid\VLC\plugins\libnormvol_plugin.dll
c:\program files\iLivid\VLC\plugins\libnsc_plugin.dll
c:\program files\iLivid\VLC\plugins\libnsv_plugin.dll
c:\program files\iLivid\VLC\plugins\libntservice_plugin.dll
c:\program files\iLivid\VLC\plugins\libnuv_plugin.dll
c:\program files\iLivid\VLC\plugins\libogg_plugin.dll
c:\program files\iLivid\VLC\plugins\liboldhttp_plugin.dll
c:\program files\iLivid\VLC\plugins\liboldrc_plugin.dll
c:\program files\iLivid\VLC\plugins\liboldtelnet_plugin.dll
c:\program files\iLivid\VLC\plugins\libosd_parser_plugin.dll
c:\program files\iLivid\VLC\plugins\libosdmenu_plugin.dll
c:\program files\iLivid\VLC\plugins\libpacketizer_copy_plugin.dll
c:\program files\iLivid\VLC\plugins\libpacketizer_dirac_plugin.dll
c:\program files\iLivid\VLC\plugins\libpacketizer_flac_plugin.dll
c:\program files\iLivid\VLC\plugins\libpacketizer_h264_plugin.dll
c:\program files\iLivid\VLC\plugins\libpacketizer_mlp_plugin.dll
c:\program files\iLivid\VLC\plugins\libpacketizer_mpeg4audio_plugin.dll
c:\program files\iLivid\VLC\plugins\libpacketizer_mpeg4video_plugin.dll
c:\program files\iLivid\VLC\plugins\libpacketizer_mpegvideo_plugin.dll
c:\program files\iLivid\VLC\plugins\libpacketizer_vc1_plugin.dll
c:\program files\iLivid\VLC\plugins\libpanoramix_plugin.dll
c:\program files\iLivid\VLC\plugins\libparam_eq_plugin.dll
c:\program files\iLivid\VLC\plugins\libplaylist_plugin.dll
c:\program files\iLivid\VLC\plugins\libpng_plugin.dll
c:\program files\iLivid\VLC\plugins\libpodcast_plugin.dll
c:\program files\iLivid\VLC\plugins\libportaudio_plugin.dll
c:\program files\iLivid\VLC\plugins\libpostproc_plugin.dll
c:\program files\iLivid\VLC\plugins\libprojectm_plugin.dll
c:\program files\iLivid\VLC\plugins\libps_plugin.dll
c:\program files\iLivid\VLC\plugins\libpsychedelic_plugin.dll
c:\program files\iLivid\VLC\plugins\libpuzzle_plugin.dll
c:\program files\iLivid\VLC\plugins\libpva_plugin.dll
c:\program files\iLivid\VLC\plugins\libqt4_plugin.dll
c:\program files\iLivid\VLC\plugins\libquicktime_plugin.dll
c:\program files\iLivid\VLC\plugins\librawaud_plugin.dll
c:\program files\iLivid\VLC\plugins\librawdv_plugin.dll
c:\program files\iLivid\VLC\plugins\librawvid_plugin.dll
c:\program files\iLivid\VLC\plugins\librawvideo_plugin.dll
c:\program files\iLivid\VLC\plugins\libreal_plugin.dll
c:\program files\iLivid\VLC\plugins\librealvideo_plugin.dll
c:\program files\iLivid\VLC\plugins\libremoteosd_plugin.dll
c:\program files\iLivid\VLC\plugins\libripple_plugin.dll
c:\program files\iLivid\VLC\plugins\librotate_plugin.dll
c:\program files\iLivid\VLC\plugins\librss_plugin.dll
c:\program files\iLivid\VLC\plugins\librtp_plugin.dll
c:\program files\iLivid\VLC\plugins\librv32_plugin.dll
c:\program files\iLivid\VLC\plugins\libsap_plugin.dll
c:\program files\iLivid\VLC\plugins\libscale_plugin.dll
c:\program files\iLivid\VLC\plugins\libscaletempo_plugin.dll
c:\program files\iLivid\VLC\plugins\libscene_plugin.dll
c:\program files\iLivid\VLC\plugins\libschroedinger_plugin.dll
c:\program files\iLivid\VLC\plugins\libscreen_plugin.dll
c:\program files\iLivid\VLC\plugins\libsdl_image_plugin.dll
c:\program files\iLivid\VLC\plugins\libsharpen_plugin.dll
c:\program files\iLivid\VLC\plugins\libsimple_channel_mixer_plugin.dll
c:\program files\iLivid\VLC\plugins\libskins2_plugin.dll
c:\program files\iLivid\VLC\plugins\libsmf_plugin.dll
c:\program files\iLivid\VLC\plugins\libspatializer_plugin.dll
c:\program files\iLivid\VLC\plugins\libspdif_mixer_plugin.dll
c:\program files\iLivid\VLC\plugins\libspeex_plugin.dll
c:\program files\iLivid\VLC\plugins\libspudec_plugin.dll
c:\program files\iLivid\VLC\plugins\libstats_plugin.dll
c:\program files\iLivid\VLC\plugins\libstream_filter_rar_plugin.dll
c:\program files\iLivid\VLC\plugins\libstream_filter_record_plugin.dll
c:\program files\iLivid\VLC\plugins\libstream_out_autodel_plugin.dll
c:\program files\iLivid\VLC\plugins\libstream_out_bridge_plugin.dll
c:\program files\iLivid\VLC\plugins\libstream_out_description_plugin.dll
c:\program files\iLivid\VLC\plugins\libstream_out_display_plugin.dll
c:\program files\iLivid\VLC\plugins\libstream_out_dummy_plugin.dll
c:\program files\iLivid\VLC\plugins\libstream_out_duplicate_plugin.dll
c:\program files\iLivid\VLC\plugins\libstream_out_es_plugin.dll
c:\program files\iLivid\VLC\plugins\libstream_out_gather_plugin.dll
c:\program files\iLivid\VLC\plugins\libstream_out_mosaic_bridge_plugin.dll
c:\program files\iLivid\VLC\plugins\libstream_out_raop_plugin.dll
c:\program files\iLivid\VLC\plugins\libstream_out_record_plugin.dll
c:\program files\iLivid\VLC\plugins\libstream_out_rtp_plugin.dll
c:\program files\iLivid\VLC\plugins\libstream_out_smem_plugin.dll
c:\program files\iLivid\VLC\plugins\libstream_out_standard_plugin.dll
c:\program files\iLivid\VLC\plugins\libstream_out_transcode_plugin.dll
c:\program files\iLivid\VLC\plugins\libsubsdec_plugin.dll
c:\program files\iLivid\VLC\plugins\libsubsusf_plugin.dll
c:\program files\iLivid\VLC\plugins\libsubtitle_plugin.dll
c:\program files\iLivid\VLC\plugins\libsvcdsub_plugin.dll
c:\program files\iLivid\VLC\plugins\libswscale_plugin.dll
c:\program files\iLivid\VLC\plugins\libt140_plugin.dll
c:\program files\iLivid\VLC\plugins\libtaglib_plugin.dll
c:\program files\iLivid\VLC\plugins\libtheora_plugin.dll
c:\program files\iLivid\VLC\plugins\libtransform_plugin.dll
c:\program files\iLivid\VLC\plugins\libtrivial_channel_mixer_plugin.dll
c:\program files\iLivid\VLC\plugins\libtrivial_mixer_plugin.dll
c:\program files\iLivid\VLC\plugins\libts_plugin.dll
c:\program files\iLivid\VLC\plugins\libtta_plugin.dll
c:\program files\iLivid\VLC\plugins\libtwolame_plugin.dll
c:\program files\iLivid\VLC\plugins\libty_plugin.dll
c:\program files\iLivid\VLC\plugins\libugly_resampler_plugin.dll
c:\program files\iLivid\VLC\plugins\libvc1_plugin.dll
c:\program files\iLivid\VLC\plugins\libvcd_plugin.dll
c:\program files\iLivid\VLC\plugins\libvideo_filter_wrapper_plugin.dll
c:\program files\iLivid\VLC\plugins\libvisual_plugin.dll
c:\program files\iLivid\VLC\plugins\libvmem_plugin.dll
c:\program files\iLivid\VLC\plugins\libvobsub_plugin.dll
c:\program files\iLivid\VLC\plugins\libvoc_plugin.dll
c:\program files\iLivid\VLC\plugins\libvod_rtsp_plugin.dll
c:\program files\iLivid\VLC\plugins\libvorbis_plugin.dll
c:\program files\iLivid\VLC\plugins\libvout_sdl_plugin.dll
c:\program files\iLivid\VLC\plugins\libvout_wrapper_plugin.dll
c:\program files\iLivid\VLC\plugins\libwall_plugin.dll
c:\program files\iLivid\VLC\plugins\libwav_plugin.dll
c:\program files\iLivid\VLC\plugins\libwave_plugin.dll
c:\program files\iLivid\VLC\plugins\libwaveout_plugin.dll
c:\program files\iLivid\VLC\plugins\libwingdi_plugin.dll
c:\program files\iLivid\VLC\plugins\libx264_plugin.dll
c:\program files\iLivid\VLC\plugins\libxa_plugin.dll
c:\program files\iLivid\VLC\plugins\libxml_plugin.dll
c:\program files\iLivid\VLC\plugins\libxtag_plugin.dll
c:\program files\iLivid\VLC\plugins\libyuv_plugin.dll
c:\program files\iLivid\VLC\plugins\libyuvp_plugin.dll
c:\program files\iLivid\VLC\plugins\libyuy2_i420_plugin.dll
c:\program files\iLivid\VLC\plugins\libyuy2_i422_plugin.dll
c:\program files\iLivid\VLC\plugins\libzip_plugin.dll
c:\program files\iLivid\VLC\plugins\libzvbi_plugin.dll
c:\program files\iLivid\VLC\plugins\plugins-04041e-3e8.dat
c:\program files\iLivid\VLC\README.txt
c:\program files\iLivid\VLC\sdk\include\vlc\deprecated.h
c:\program files\iLivid\VLC\sdk\include\vlc\libvlc.h
c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_events.h
c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media.h
c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_discoverer.h
c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_library.h
c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_list.h
c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_list_player.h
c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_media_player.h
c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_structures.h
c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_version.h
c:\program files\iLivid\VLC\sdk\include\vlc\libvlc_vlm.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_access.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_acl.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_aout.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_aout_mixer.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_arrays.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_art_finder.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_avcodec.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_bits.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_block.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_block_helper.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_charset.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_codec.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_common.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_config.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_config_cat.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_configuration.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_cpu.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_demux.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_dialog.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_epg.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_es.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_es_out.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_events.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_filter.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_fourcc.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_fs.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_gcrypt.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_http.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_httpd.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_image.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_inhibit.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_input.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_input_item.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_main.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_md5.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_messages.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_meta.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_modules.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_mouse.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_mtime.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_objects.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_picture.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_picture_fifo.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_picture_pool.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_playlist.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_plugin.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_probe.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_rand.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_services_discovery.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_sout.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_sql.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_stream.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_strings.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_subpicture.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_threads.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_url.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_variables.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_video_splitter.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vlm.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout_display.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout_opengl.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout_window.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_xlib.h
c:\program files\iLivid\VLC\sdk\include\vlc\plugins\vlc_xml.h
c:\program files\iLivid\VLC\sdk\include\vlc\vlc.h
c:\program files\iLivid\VLC\sdk\lib\libvlc.dll.a
c:\program files\iLivid\VLC\sdk\lib\libvlc.la
c:\program files\iLivid\VLC\sdk\lib\libvlccore.dll.a
c:\program files\iLivid\VLC\sdk\lib\libvlccore.la
c:\program files\iLivid\VLC\sdk\lib\pkgconfig\libvlc.pc
c:\program files\iLivid\VLC\sdk\lib\pkgconfig\vlc-plugin.pc
c:\program files\iLivid\VLC\skins\default.vlt
c:\program files\iLivid\VLC\skins\fonts\FreeSans.ttf
c:\program files\iLivid\VLC\skins\fonts\FreeSansBold.ttf
c:\program files\iLivid\VLC\skins\skin.catalog
c:\program files\iLivid\VLC\skins\skin.dtd
c:\program files\iLivid\VLC\spad.nsi
c:\program files\iLivid\VLC\THANKS.txt
c:\program files\iLivid\VLC\vlc-cache-gen.exe
c:\program files\iLivid\VLC\vlc.exe
c:\program files\iLivid\VLC\vlc.exe.manifest
c:\program files\iLivid\VLC\vlc.ico
c:\program files\iLivid\VLC\vlc.win32.nsi
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RXR1Z_.SYS
-------\Service_rxr1z_.sys
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-06 22:59 . 2012-08-06 22:59 -------- d-----w- c:\documents and settings\Mirjam\Application Data\SUPERAntiSpyware.com
2012-08-06 22:58 . 2012-08-07 09:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-06 22:58 . 2012-08-06 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-08-06 22:57 . 2012-08-06 22:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-06 21:05 . 2012-08-06 21:05 388096 ----a-r- c:\documents and settings\Mirjam\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-06 21:05 . 2012-08-06 21:05 -------- d-----w- c:\program files\Trend Micro
2012-08-03 11:51 . 2012-08-03 11:51 54016 ----a-w- c:\windows\system32\drivers\ixodm.sys
2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\Mirjam\Application Data\Malwarebytes
2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-02 22:31 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-02 21:08 . 2012-08-03 08:06 -------- d-----w- c:\documents and settings\Mirjam\Application Data\eType
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 22:25 . 2012-03-29 19:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 22:25 . 2011-07-31 21:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-10-16 13:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-01-28 08:57 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-01-28 08:57 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-01-28 08:57 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-01-28 08:57 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-01-28 08:57 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-10-16 13:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-01-28 08:57 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-01-28 08:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2010-10-13 17:07 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-10-13 17:07 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-10-13 17:07 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-02_23.19.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-15 21:15 . 2012-08-07 09:12 1137132 c:\windows\system32\Restore\rstrlog.dat
+ 2012-08-06 21:05 . 2012-08-06 21:05 1094656 c:\windows\Installer\5f2a31.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DVDTray"="c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 148888]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Mirjam\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 1:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11-7-2011 1:13 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22-7-2011 18:27 12880]
R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [12-7-2011 23:55 67664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 7:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 6:09 192776]
R2 gupdate1c9a6233ac2f8f8;Google Updateservice (gupdate1c9a6233ac2f8f8);c:\program files\Google\Update\GoogleUpdate.exe [16-3-2009 12:37 133104]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3-8-2012 0:31 655944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 1:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 1:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11-7-2011 1:14 16720]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [3-5-2004 17:26 80384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3-8-2012 0:31 22344]
R3 NetillaVPN;AEP VPN Adapter;c:\windows\system32\drivers\Netva.sys [12-8-2008 13:08 10112]
S0 cerc6;cerc6; [x]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29-3-2012 21:52 250056]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys [?]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16-3-2009 12:37 133104]
S3 NetillaVPNService;AEP SSL Tunnel Helper Service;c:\program files\AEP\SSLTunnel\NVPNs.exe [12-8-2008 13:08 13824]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 22:25]
.
2012-08-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 21:09]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37]
.
2012-08-08 c:\windows\Tasks\User_Feed_Synchronization-{04FCF37C-6942-4AD6-8098-20AD25E9506F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nu.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
TCP: DhcpNameServer = 192.168.1.254 192.168.0.1
DPF: {37066585-F2BD-4F2E-A6C6-F2CB64EEE826} - hxxps://aloa.arcadis.nl/webapp/psvpns/VPNInstall.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-iLivid - c:\program files\iLivid\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-08-08 22:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1160)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(4780)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD
c:\program files\WinRAR\rarext.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\AVG\AVG2012\avgsysx.dll
c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\System32\SCardSvr.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-08-08 22:44:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 20:44
ComboFix2.txt 2012-08-07 11:29
ComboFix3.txt 2012-08-02 23:35
.
Pre-Run: 14.495.412.224 bytes free
Post-Run: 14.292.815.872 bytes free
.
- - End Of File - - 5C25903E9AE46E78B265BB653909A61A
-
Ik zit met (ongeveer) hetzelfde probleem als wat in andere discussies is geschetst: computer merkbaar trager en start niet meer automatisch op; kiezen voor opstarten vanaf een punt dat de computer zonder problemen opstartte (o.i.d.). AVG spoort het e.e.a. op maar de computer blijft geinfecteerd.
Ik heb een aantal acties uitgevoerd zoals herboven beschreven. Graag zou ik mijn computer weer "trojan-vrij" krijgen, wie helpt?
onderstaand de logfile van combofix, logfile van hijackthis en een overzicht van de avg-scan met de gedetecteerde bestanden.
COMBOFIX
ComboFix 12-08-07.02 - Mirjam 07-08-2012 13:10:03.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.563 [GMT 2:00]
Running from: c:\documents and settings\Mirjam\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-06 22:59 . 2012-08-06 22:59 -------- d-----w- c:\documents and settings\Mirjam\Application Data\SUPERAntiSpyware.com
2012-08-06 22:58 . 2012-08-07 09:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-06 22:58 . 2012-08-06 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-08-06 22:57 . 2012-08-06 22:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-06 21:05 . 2012-08-06 21:05 388096 ----a-r- c:\documents and settings\Mirjam\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-06 21:05 . 2012-08-06 21:05 -------- d-----w- c:\program files\Trend Micro
2012-08-03 12:30 . 2012-08-03 12:30 -------- d-----w- c:\documents and settings\Mirjam\Local Settings\Application Data\Ilivid Player
2012-08-03 12:29 . 2012-08-07 09:12 -------- d-----w- c:\program files\iLivid
2012-08-03 11:51 . 2012-08-03 11:51 54016 ----a-w- c:\windows\system32\drivers\ixodm.sys
2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\Mirjam\Application Data\Malwarebytes
2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-02 22:31 . 2012-08-02 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-02 22:31 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-02 21:08 . 2012-08-03 08:06 -------- d-----w- c:\documents and settings\Mirjam\Application Data\eType
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 22:25 . 2012-03-29 19:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 22:25 . 2011-07-31 21:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-10-16 13:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-01-28 08:57 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-01-28 08:57 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-01-28 08:57 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-01-28 08:57 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-01-28 08:57 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-10-16 13:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-01-28 08:57 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-01-28 08:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2010-10-13 17:07 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-10-13 17:07 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-10-13 17:07 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((( SnapShot@2012-08-02_23.19.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-15 21:15 . 2012-08-07 09:12 1137132 c:\windows\system32\Restore\rstrlog.dat
+ 2012-08-06 21:05 . 2012-08-06 21:05 1094656 c:\windows\Installer\5f2a31.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DVDTray"="c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 148888]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Mirjam\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 1:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11-7-2011 1:13 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22-7-2011 18:27 12880]
R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [12-7-2011 23:55 67664]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 1:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 1:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11-7-2011 1:14 16720]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [3-5-2004 17:26 80384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3-8-2012 0:31 22344]
R3 NetillaVPN;AEP VPN Adapter;c:\windows\system32\drivers\Netva.sys [12-8-2008 13:08 10112]
S0 cerc6;cerc6; [x]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Mirjam\LOCALS~1\Temp\CFcatchme.sys [?]
S3 rxr1z_.sys;rxr1z_.sys;\??\c:\windows\system32\drivers\rxr1z_.sys --> c:\windows\system32\drivers\rxr1z_.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 22:25]
.
2012-08-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 21:09]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 10:37]
.
2012-08-06 c:\windows\Tasks\User_Feed_Synchronization-{04FCF37C-6942-4AD6-8098-20AD25E9506F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nu.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
TCP: DhcpNameServer = 192.168.1.254 192.168.0.1
DPF: {37066585-F2BD-4F2E-A6C6-F2CB64EEE826} - hxxps://aloa.arcadis.nl/webapp/psvpns/VPNInstall.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-07 13:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1176)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2432)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\System32\SCardSvr.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\AVG\AVG2012\AVGIDSAgent.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-08-07 13:29:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-07 11:29
ComboFix2.txt 2012-08-02 23:35
.
Pre-Run: 14.146.965.504 bytes free
Post-Run: 14.505.811.968 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 23EFE9FAF819432F7DD132EE6C42B871
HijackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:48:39, on 7-8-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\21.0.1180.60\npchrome_frame.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {37066585-F2BD-4F2E-A6C6-F2CB64EEE826} (AEP SSL Tunnel Client ActiveX Control) - https://aloa.arcadis.nl/webapp/psvpns/VPNInstall.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1235246462472&h=1e17d89d0dc1d6bf9f1ace3cfaf1f2fb/&filename=jinstall-6u12-windows-i586-jc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\21.0.1180.60\npchrome_frame.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updateservice (gupdate1c9a6233ac2f8f8) (gupdate1c9a6233ac2f8f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: AEP SSL Tunnel Helper Service (NetillaVPNService) - AEP Networks, Inc. - C:\Program Files\AEP\SSLTunnel\nvpns.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Mirjam/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 9800 bytes
AVG-scan result
"";"C:\WINDOWS\system32\winlogon.exe (1176)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (3344)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (1744)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\svchost.exe (1572)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\WINDOWS\system32\services.exe (1220)";"Trojan horse PSW.Agent.AUES";"Deleted"
"";"C:\WINDOWS\system32\igfxpers.exe (3644)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\hkcmd.exe (3608)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\explorer.exe (2432)";"Trojan horse PSW.Agent.AUET";"Deleted"
"";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (1732)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (644)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (676)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Java\jre6\bin\jusched.exe (3908)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Java\jre6\bin\jucheck.exe (5852)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3700)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (512)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (408)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (3156)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3776)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1860)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (5772)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (3012)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (4032)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (2240)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\AVG\AVG2012\avgui.exe (4772)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\AVG\AVG2012\avgtray.exe (4092)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (3432)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3860)";"Trojan horse PSW.Agent.ASJX";"Deleted"
"";"C:\WINDOWS\system32\winlogon.exe (1176):\memory_00da0000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (3344):\memory_00c00000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (3344):\memory_00b70000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1744):\memory_00a90000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1744):\memory_00a10000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1572):\memory_00a90000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\svchost.exe (1572):\memory_00640000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\WINDOWS\system32\services.exe (1220):\memory_00930000";"Trojan horse PSW.Agent.AUES";"Infected"
"";"C:\WINDOWS\system32\igfxpers.exe (3644):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\system32\hkcmd.exe (3608):\memory_00cd0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\explorer.exe (2432):\memory_016f0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\WINDOWS\explorer.exe (2432):\memory_00d20000";"Trojan horse PSW.Agent.AUET";"Infected"
"";"C:\PROGRA~1\MI3AA1~1\rapimgr.exe (1732):\memory_00f50000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (644):\memory_05c90000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Microsoft ActiveSync\wcescomm.exe (676):\memory_01230000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Java\jre6\bin\jusched.exe (3908):\memory_00b70000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Java\jre6\bin\jucheck.exe (5852):\memory_01860000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (3700):\memory_01050000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (512):\memory_02880000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (408):\memory_00f90000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (3156):\memory_006a0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (3776):\memory_00f70000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1860):\memory_00eb0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (5772):\memory_00e90000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (3012):\memory_008f0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (4032):\memory_00cc0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (2240):\memory_03090000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\AVG\AVG2012\avgui.exe (4772):\memory_01d00000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\AVG\AVG2012\avgtray.exe (4092):\memory_01aa0000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (3432):\memory_01c20000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (3860):\memory_00900000";"Trojan horse PSW.Agent.ASJX";"Infected"
"";"HKLM\SYSTEM\CurrentControlSet\services\atapi";"Found registry key with reference to infected file C:\WINDOWS\system32\DRIVERS\atapi.sys";"Healed"
"";"C:\WINDOWS\system32\DRIVERS\atapi.sys";"Corrupted executable file";"Object is white-listed (critical/system file that should not be removed)"
Trojan horse PSW.Agent.ASJX en Trojan horse PSW.Agent.AUET verwijderen
in Archief Bestrijding malware & virussen
Geplaatst:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-16 23:26:59
-----------------------------
23:26:59.453 OS Version: Windows 5.1.2600 Service Pack 3
23:26:59.453 Number of processors: 1 586 0xD08
23:26:59.453 ComputerName: MIRJAM-303AF4B9 UserName: Mirjam
23:27:04.375 Initialize success
23:27:39.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:27:39.328 Disk 0 Vendor: ST9408114A 8.03 Size: 38154MB BusType: 3
23:27:39.328 Disk 0 MBR read successfully
23:27:39.328 Disk 0 MBR scan
23:27:39.328 Disk 0 Windows XP default MBR code
23:27:39.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38153 MB offset 63
23:27:39.359 Disk 0 scanning sectors +78139039
23:27:39.453 Disk 0 scanning C:\WINDOWS\system32\drivers
23:27:45.937 Service scanning
23:27:48.125 Service atapi C:\WINDOWS\system32\DRIVERS\atapi.sys **LOCKED** 32
23:28:01.296 Modules scanning
23:28:08.578 Disk 0 trace - called modules:
23:28:08.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
23:28:08.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8715bab8]
23:28:09.109 3 CLASSPNP.SYS[f75c7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x871dd940]
23:28:09.109 Scan finished successfully
23:29:08.734 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
23:29:08.750 The log file has been saved successfully to "E:\aswMBR.txt"