probleem met trojan horse te verwijderen

[kweezie wabbit]

Onderstaande kreeg ik via mail van eddebfinn

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:54:44, on 30-3-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\AVG\AVG10\avgmfapx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hyves.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Hyves

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\prxtbPHP0.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: TBSB00081 - {32B279E3-5023-4CD8-A295-70C79EDBB294} - C:\Program Files\HyvesToolbar\Hyves Toolbar\tbcore3.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: PHPNukeDU - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\prxtbPHP0.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\prxtbPHP0.dll

O3 - Toolbar: Hyves Toolbar - {AB8DC1E0-22BE-4181-B77E-02C495E031F8} - C:\Program Files\HyvesToolbar\Hyves Toolbar\tbcore3.dll

O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E957AFC-A31D-45A5-83D2-EE353F2AD0A7}: NameServer = 192.168.1.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{3E957AFC-A31D-45A5-83D2-EE353F2AD0A7}: NameServer = 192.168.1.254

O17 - HKLM\System\CS2\Services\Tcpip\..\{3E957AFC-A31D-45A5-83D2-EE353F2AD0A7}: NameServer = 192.168.1.254

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: QuestBrowse Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\QuestBrwSearch\questbrowse127.exe

O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

--

End of file - 9444 bytes

-----------------------------------------------------------------------------------------------------------

Beste eddebfinn,

Voer onderstaande uit.

Ga naar start - alle programma's - bureauaccesoires.

Zoek het icoon van het opdrachtprompt en klik er op met de rechter muisknop en kies dan in het lijstje voor uitvoeren als administrator om het opdrachtprompt te openen.

Tik in: sc stop "QuestBrowse Service" en druk op Enter.

Tik in: sc delete "QuestBrowse Service" en druk op Enter.

Tik in exit en druk Enter.

Als je op een van deze instructies een foutmelding krijgt, ga dan gewoon door met de volgende instructie.

Start Hijackthis op. Klik met de rechter muisknop op de icoon en kies dan voor “Run as administrator" of "Uitvoeren als administrator".

Selecteer “Do a system scan only”.

Vink alleen de items aan die hieronder zijn genoemd:

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\prxtbPHP0.dll

O2 - BHO: TBSB00081 - {32B279E3-5023-4CD8-A295-70C79EDBB294} - C:\Program Files\HyvesToolbar\Hyves Toolbar\tbcore3.dll

O2 - BHO: PHPNukeDU - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\prxtbPHP0.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\prxtbPHP0.dll

O3 - Toolbar: Hyves Toolbar - {AB8DC1E0-22BE-4181-B77E-02C495E031F8} - C:\Program Files\HyvesToolbar\Hyves Toolbar\tbcore3.dll

O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

Klik op 'Fix checked' om de items te verwijderen.

Verwijder het programma Ask.com via Software (indien aanwezig) of verwijder anders volgende vetgedrukte map : C:\Program Files\Ask.com

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... Dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

[kweezie wabbit]

Onderstaande per mail ontvangen.

Beste Kweezie Wabbit,

Bedankt voor je snelle reactie.

Ik durfde eerst niet alleen aan de gang te gaan maar met zo'n goede uitleg

van jou erbij dacht ik dat moet ik nog wel kunnen.

Het is mij gelukt en zie onderstaande.hierbij de log files.

Ik wist niet of ik ze naar jou mocht sturen,maar ik wist even niet hoe ik

ze anders moest posten.

Hiervoor mijn excuses.

Nogmaals en alvast weer bedankt.

alwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Databaseversie: v2012.04.05.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

edwin :: EDWIN-2 [administrator]

5-4-2012 10:04:48

mbam-log-2012-04-05 (10-04-48).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden

en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 214776

Verstreken tijd: 15 minuut/minuten, 15 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 4

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754}

(Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}

(Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Succesvol in quarantaine

geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestBrowse (Adware.QuestBrowse)

-> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 2

C:\Program Files\QuestBrwSearch (Adware.QuestBrowse) -> Succesvol in quarantaine

geplaatst en verwijderd.

C:\Documents and Settings\All Users\Application Data\QuestBrwSearch (Adware.QuestBrowse)

-> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 3

C:\Documents and Settings\All Users\Application Data\QuestBrwSearch\questbrowse127.exe

(Adware.Agent.ZGen) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\QuestBrwSearch\questbrwsearch.exe (Adware.QuestBrowse) ->

Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\QuestBrwSearch\uninstall.exe (Adware.QuestBrowse) -> Succesvol

in quarantaine geplaatst en verwijderd.

(einde)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:46:44, on 5-4-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hyves.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows

Internet Explorer provided by Hyves

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

- C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}

- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}

- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

- C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}

- C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9}

- C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java

Update\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader

Library Launcher.exe

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program

Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe

-update activex

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program

Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49}

- C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49}

- C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E957AFC-A31D-45A5-83D2-EE353F2AD0A7}:

NameServer = 192.168.1.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{3E957AFC-A31D-45A5-83D2-EE353F2AD0A7}:

NameServer = 192.168.1.254

O17 - HKLM\System\CS2\Services\Tcpip\..\{3E957AFC-A31D-45A5-83D2-EE353F2AD0A7}:

NameServer = 192.168.1.254

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

Files\AVG\AVG10\avgpp.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1}

- C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

- C:\WINDOWS\system32\browseui.dll

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity

Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program

Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX

AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance)

- MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. -

C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc.

- C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems,

Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\Fsk\SonySCSIHelperService.exe

--

End of file - 8541 bytes

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Dit is al mooi opgeruimd.

Tijd voor de volgende stap.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

• Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
  Klik hier
  Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  
• Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  
• ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
  **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
  
• Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.
  

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

Je kan het logje gewoon hieronder plakken in het tekstveld van snel reageren en dan op de knop snel reageren klikken.

Dan hoef ik het niet telkens van de mail naar hier te kopieren.

[Gast eddebfinn]

ComboFix 12-04-09.07 - edwin10-04-2012 11:04:51.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.188 [GMT 2:00]

Running from: c:\documents andsettings\edwin\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\edwin\ApplicationData\PriceGong

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\1.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\a.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\b.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\c.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\d.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\e.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\f.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\g.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\h.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\i.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\J.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\k.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\l.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\m.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\mru.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\n.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\o.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\p.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\q.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\r.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\s.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\t.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\u.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\v.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\w.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\x.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\y.xml

c:\documents and settings\edwin\ApplicationData\PriceGong\Data\z.xml

c:\program files\HyvesToolbar\HyvesToolbar\tbHElper.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_xcpip

.

.

((((((((((((((((((((((((( Files Created from 2012-03-10 to2012-04-10 )))))))))))))))))))))))))))))))

.

.

2012-04-10 08:58 . 2012-04-10 08:58 -------- d-----w- c:\windows\LastGood.Tmp

2012-04-05 08:03 . 2012-04-05 08:03 -------- d-----w- c:\documents and settings\edwin\ApplicationData\Malwarebytes

2012-04-05 08:03 . 2012-04-05 08:03 -------- d-----w- c:\documents and settings\AllUsers\Application Data\Malwarebytes

2012-04-05 08:02 . 2012-04-05 08:03 -------- d-----w- c:\program files\Malwarebytes'Anti-Malware

2012-04-05 08:02 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-05 07:49 . 2012-04-05 07:49 -------- d-----w- c:\documents andsettings\Administrator

2012-03-30 17:53 . 2012-03-30 17:53 388096 ----a-r- c:\documents and settings\edwin\ApplicationData\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-03-30 17:53 .2012-03-30 17:53 -------- d-----w- C:\TrendMicro

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-03 09:22 . 2008-03-07 04:04 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-16 16:22 3072 ------w- c:\windows\system32\iacenc.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarilymalware.

.

[-] 2008-04-13 .9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys

[-] 2008-03-07 .838DF6731742B7198F91C2D9E0468DC3 . 96512 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\atapi.sys

[-] 2008-03-07 .838DF6731742B7198F91C2D9E0468DC3 . 96512 . . [5.1.2600.5503] . .c:\windows\system32\drivers\atapi.sys

[-] 2008-03-07 .838DF6731742B7198F91C2D9E0468DC3 . 96512 . . [5.1.2600.5503] . .c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

.

[-] 2008-04-13 .B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asyncmac.sys

[-] 2008-03-07 .DA532763C5DFB8140B1FB45CDE8E371D . 14336 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\asyncmac.sys

[-] 2008-03-07 .DA532763C5DFB8140B1FB45CDE8E371D . 14336 . . [5.1.2600.5503] . .c:\windows\system32\drivers\asyncmac.sys

.

[-] 2004-08-04 .DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . .c:\windows\system32\dllcache\beep.sys

[-] 2004-08-04 .DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . .c:\windows\system32\drivers\beep.sys

.

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128. 24576 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kbdclass.sys

[-] 2008-03-07 .F46911A590C6A69CAE4CE915E3C54EA2 . 24576 . . [5.1.2600.5503] . .c:\windows\system32\drivers\kbdclass.sys

.

[-] 2008-04-13 .1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys

[-] 2008-03-07 .D89ACA7F76952917CBADE3C315B50036 . 182656 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\ndis.sys

[-] 2008-03-07 .D89ACA7F76952917CBADE3C315B50036 . 182656 . . [5.1.2600.5503] . .c:\windows\system32\drivers\ndis.sys

.

[-] 2008-04-13 .78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntfs.sys

[-] 2008-03-07 .4BAA9DE705D0EA0036642D655A36D16E . 574976 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\ntfs.sys

[-] 2008-03-07 .4BAA9DE705D0EA0036642D655A36D16E . 574976 . . [5.1.2600.5503] . .c:\windows\system32\drivers\ntfs.sys

.

[-] 2004-08-04 .73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . .c:\windows\system32\dllcache\null.sys

[-] 2004-08-04 .73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . .c:\windows\system32\drivers\null.sys

.

[-] 2008-04-14 .A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\browser.dll

[-] 2008-03-07 . 9E40E5F31E203CE90C66AF5E5D13688F. 77824 . . [5.1.2600.5503] . . c:\windows\system32\browser.dll

[-] 2008-03-07 .9E40E5F31E203CE90C66AF5E5D13688F . 77824 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\browser.dll

.

[-] 2008-04-14 .BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe

[-] 2008-03-07 .543B4545600F5B26150FF3F639AA670A . 13312 . . [5.1.2600.5503] . .c:\windows\system32\lsass.exe

[-] 2008-03-07 . 543B4545600F5B26150FF3F639AA670A. 13312 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\lsass.exe

.

[-] 2008-04-14 .13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netman.dll

[-] 2008-03-07 .A0C9CB2819059FA490B2CF43AA08D19C . 198144 . . [5.1.2600.5503] . .c:\windows\system32\netman.dll

[-] 2008-03-07 .A0C9CB2819059FA490B2CF43AA08D19C . 198144 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\netman.dll

.

[-] 2008-04-14 00:11 .1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comres.dll

[-] 2008-03-07 10:46 .800B3406E7C01AE58C50807F865718D4 . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

[-] 2008-03-07 10:46 .800B3406E7C01AE58C50807F865718D4 . 792064 . . [2001.12.4414.700] . .c:\windows\system32\dllcache\comres.dll

.

[-] 2008-04-14 .574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll

[-] 2008-03-07 .80AFFA9A10E204835F10D1E2D3A6C1EC . 409088 . . [6.7.2600.5503] . .c:\windows\system32\qmgr.dll

[-] 2008-03-07 .80AFFA9A10E204835F10D1E2D3A6C1EC . 409088 . . [6.7.2600.5503] . .c:\windows\system32\dllcache\qmgr.dll

.

[-] 2008-04-14 .ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

[-] 2008-03-07 . 3339D062572762F8E2FF102A7F8F621D. 507904 . . [5.1.2600.5503] . . c:\windows\system32\winlogon.exe

[-] 2008-03-07 .3339D062572762F8E2FF102A7F8F621D . 507904 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\winlogon.exe

.

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91. 75264 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ipsec.sys

[-] 2008-03-07 .8C2FA9ECE20F0F99E9003F060E155DB9 . 75264 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\ipsec.sys

[-] 2008-03-07 .8C2FA9ECE20F0F99E9003F060E155DB9 . 75264 . . [5.1.2600.5503] . .c:\windows\system32\drivers\ipsec.sys

.

[-] 2008-04-14 .3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cryptsvc.dll

[-] 2008-03-07 .3BE9F3160CF92FE9F9CF3B73570F1330 . 62464 . . [5.1.2600.5503] . .c:\windows\system32\cryptsvc.dll

[-] 2008-03-07 .3BE9F3160CF92FE9F9CF3B73570F1330 . 62464 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\cryptsvc.dll

.

[-] 2008-04-14 .0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\imm32.dll

[-] 2008-03-07 .B3CA87258A1F03D1931F5FC439DFDD0A . 110080 . . [5.1.2600.5503] . .c:\windows\system32\imm32.dll

[-] 2008-03-07 .B3CA87258A1F03D1931F5FC439DFDD0A . 110080 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\imm32.dll

.

[-] 2008-04-14 .2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\linkinfo.dll

[-] 2008-03-07 .D72348D19B356D95746C2E05AAB42277 . 19968 . . [5.1.2600.5503] . .c:\windows\system32\linkinfo.dll

[-] 2008-03-07 .D72348D19B356D95746C2E05AAB42277 . 19968 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\linkinfo.dll

.

[-] 2008-04-14 .012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lpk.dll

[-] 2008-03-07 . CB32CA38054D9B63CD93AD157575D1E4. 22016 . . [5.1.2600.5503] . . c:\windows\system32\lpk.dll

[-] 2008-03-07 .CB32CA38054D9B63CD93AD157575D1E4 . 22016 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\lpk.dll

.

[-] 2008-04-14 .D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\70\msft\windows\mswincrt\msvcrt.dll

[-] 2008-04-14 .355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msvcrt.dll

[-] 2008-03-07 .D124590F14E6C6B8EB29FD643DA75D97 . 343040 . . [7.0.2600.5503] . .c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5503_x-ww_3fd50d25\msvcrt.dll

[-] 2008-03-07 .F0EC1188229A7D83398CE5FC46BD6E8B . 343040 . . [7.0.2600.5503] . .c:\windows\system32\msvcrt.dll

[-] 2008-03-07 .F0EC1188229A7D83398CE5FC46BD6E8B . 343040 . . [7.0.2600.5503] . .c:\windows\system32\dllcache\msvcrt.dll

[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035. 322560 . . [7.0.2600.0] . .c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

.

[-] 2008-04-14 .1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll

[-] 2008-03-07 .D34EAE3C748D848370122F00F5141BB8 . 407040 . . [5.1.2600.5503] . .c:\windows\system32\netlogon.dll

[-] 2008-03-07 .D34EAE3C748D848370122F00F5141BB8 . 407040 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\netlogon.dll

.

[-] 2008-04-14 .50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\powrprof.dll

[-] 2008-03-07 .3B7B2D4BD4248B71A0FC743AE92CF812 . 17408 . . [6.00.2900.5503] . .c:\windows\system32\powrprof.dll

[-] 2008-03-07 .3B7B2D4BD4248B71A0FC743AE92CF812 . 17408 . . [6.00.2900.5503] . .c:\windows\system32\dllcache\powrprof.dll

.

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084. 181248 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

[-] 2008-03-07 .C2BA8FF2528A5744AE0A7A81E3623B39 . 181248 . . [5.1.2600.5503] . .c:\windows\system32\scecli.dll

[-] 2008-03-07 .C2BA8FF2528A5744AE0A7A81E3623B39 . 181248 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\scecli.dll

.

[-] 2008-04-14 .96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfc.dll

[-] 2008-03-07 .9DE15AA953FCBB0231958DA8EAA70B8C . 5120 . . [5.1.2600.5503] . .c:\windows\system32\sfc.dll

[-] 2008-03-07 .9DE15AA953FCBB0231958DA8EAA70B8C . 5120 . .[5.1.2600.5503] . . c:\windows\system32\dllcache\sfc.dll

.

[-] 2008-04-14 .27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe

[-] 2008-03-07 .90CEF742ABE7EC1DA7DF8EF2016817CD . 14336 . . [5.1.2600.5503] . . c:\windows\system32\svchost.exe

[-] 2008-03-07 .90CEF742ABE7EC1DA7DF8EF2016817CD . 14336 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\svchost.exe

.

[-] 2008-04-14 .3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tapisrv.dll

[-] 2008-03-07 .8A3AE8286C14965EA84529555A479C35 . 249856 . . [5.1.2600.5503] . .c:\windows\system32\tapisrv.dll

[-] 2008-03-07 .8A3AE8286C14965EA84529555A479C35 . 249856 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\tapisrv.dll

.

[-] 2008-04-14 .B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll

[-] 2008-03-07 . 65A57A5D7099B439D54332A213F62EFE. 578560 . . [5.1.2600.5503] . . c:\windows\system32\user32.dll

[-] 2008-03-07 .65A57A5D7099B439D54332A213F62EFE . 578560 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\user32.dll

.

[-] 2008-04-14 .A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe

[-] 2008-03-07 .72535E77C6057F8167BBF38FC9C03FE9 . 26112 . . [5.1.2600.5503] . .c:\windows\system32\userinit.exe

[-] 2008-03-07 . 72535E77C6057F8167BBF38FC9C03FE9. 26112 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\userinit.exe

.

[-] 2008-04-14 .2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll

[-] 2008-03-07 .8CCA907AA13574173188E005467E671E . 82432 . . [5.1.2600.5503] . .c:\windows\system32\ws2_32.dll

[-] 2008-03-07 .8CCA907AA13574173188E005467E671E . 82432 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\ws2_32.dll

.

[-] 2008-04-14 .9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2help.dll

[-] 2008-03-07 .898B7BB79013FEEC5DB2ED07D0A0AA97 . 19968 . . [5.1.2600.5503] . . c:\windows\system32\ws2help.dll

[-] 2008-03-07 .898B7BB79013FEEC5DB2ED07D0A0AA97 . 19968 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\ws2help.dll

.

[-] 2008-04-14 .12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe

[-] 2008-03-07 .A546AD755FA358195C9E1386E8B10DE1 . 1033728 . . [6.00.2900.5503] . .c:\windows\explorer.exe

[-] 2008-03-07 .A546AD755FA358195C9E1386E8B10DE1 . 1033728 . . [6.00.2900.5503] . .c:\windows\system32\dllcache\explorer.exe

.

[-] 2008-04-14 .058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regedit.exe

[-] 2008-03-07 . FD37E1C4E0C4D63FF0374F3C9B68B605. 146432 . . [5.1.2600.5503] . . c:\windows\regedit.exe

[-] 2008-03-07 .FD37E1C4E0C4D63FF0374F3C9B68B605 . 146432 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\regedit.exe

.

[-] 2008-04-14 .9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ksuser.dll

[-] 2008-03-07 .B177C233C24C80A467A353456CEE6415 . 4096 . . [5.3.2600.5503] . .c:\windows\system32\ksuser.dll

[-] 2008-03-07 .B177C233C24C80A467A353456CEE6415 . 4096 . . [5.3.2600.5503] . .c:\windows\system32\dllcache\ksuser.dll

.

[-] 2008-04-14 .5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe

[-] 2008-03-07 .6355E3CAC89A910D5C80C371729660F2 . 15360 . . [5.1.2600.5503] . .c:\windows\system32\ctfmon.exe

[-] 2008-03-07 .6355E3CAC89A910D5C80C371729660F2 . 15360 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\ctfmon.exe

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378. 171008 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll

[-] 2008-03-07 .AB54E2DFF17D58350F88606FA85A02AF . 171008 . . [5.1.2600.5503] . .c:\windows\system32\srsvc.dll

[-] 2008-03-07 .AB54E2DFF17D58350F88606FA85A02AF . 171008 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\srsvc.dll

.

[-] 2008-04-14 .F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe

[-] 2008-03-07 .6645FFBDCC32812C83A7A2B2553C2AE0 . 13824 . . [5.1.2600.5503] . .c:\windows\system32\wscntfy.exe

[-] 2008-03-07 .6645FFBDCC32812C83A7A2B2553C2AE0 . 13824 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\wscntfy.exe

.

[-] 2008-04-14 .295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\xmlprov.dll

[-] 2008-03-07 .F077E30465B99436FF68E5B6ECE0728E . 129024 . . [5.1.2600.5503] . .c:\windows\system32\xmlprov.dll

[-] 2008-03-07 .F077E30465B99436FF68E5B6ECE0728E . 129024 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\xmlprov.dll

.

[-] 2008-04-14 .6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll

[-] 2008-03-07 .18A6C733089F9E28B4821C8D9501C829 . 56320 . . [5.1.2600.5503] . .c:\windows\system32\eventlog.dll

[-] 2008-03-07 .18A6C733089F9E28B4821C8D9501C829 . 56320 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\eventlog.dll

.

[-] 2008-04-14 .9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll

[-] 2008-03-07 . 3826A7E049453D8E01A7CE5539D63044. 1614848 . . [5.1.2600.5503] . . c:\windows\system32\sfcfiles.dll

[-] 2008-03-07 .3826A7E049453D8E01A7CE5539D63044 . 1614848 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\sfcfiles.dll

.

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91. 75264 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ipsec.sys

[-] 2008-03-07 .8C2FA9ECE20F0F99E9003F060E155DB9 . 75264 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\ipsec.sys

[-] 2008-03-07 .8C2FA9ECE20F0F99E9003F060E155DB9 . 75264 . . [5.1.2600.5503] . .c:\windows\system32\drivers\ipsec.sys

.

[-] 2008-04-14 .5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regsvc.dll

[-] 2008-03-07 .5858B07C7F91F1C7E95CF187C6AA0BCD . 59904 . . [5.1.2600.5503] . .c:\windows\system32\regsvc.dll

[-] 2008-03-07 .5858B07C7F91F1C7E95CF187C6AA0BCD . 59904 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\regsvc.dll

.

[-] 2008-04-14 .0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\schedsvc.dll

[-] 2008-03-07 .62DEBEDA7434D4F6D3DFCDE4F3AF7761 . 192512 . . [5.1.2600.5503] . .c:\windows\system32\schedsvc.dll

[-] 2008-03-07 .62DEBEDA7434D4F6D3DFCDE4F3AF7761 . 192512 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\schedsvc.dll

.

[-] 2008-04-14 .0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ssdpsrv.dll

[-] 2008-03-07 .7B50C000ED67FF2F446123753D5413FF . 71680 . . [5.1.2600.5503] . .c:\windows\system32\ssdpsrv.dll

[-] 2008-03-07 .7B50C000ED67FF2F446123753D5413FF . 71680 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\ssdpsrv.dll

.

[-] 2008-04-14 .FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\termsrv.dll

[-] 2008-03-07 . CCB30FBA0F11056E199F360B351E5349. 295424 . . [5.1.2600.5503] . . c:\windows\system32\termsrv.dll

[-] 2008-03-07 .CCB30FBA0F11056E199F360B351E5349 . 295424 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\termsrv.dll

.

[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9. 344064 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\hnetcfg.dll

[-] 2008-03-07 .90AEBC432E6A0CACE04A90BF53B9EBD0 . 344064 . . [5.1.2600.5503] . .c:\windows\system32\hnetcfg.dll

[-] 2008-03-07 .90AEBC432E6A0CACE04A90BF53B9EBD0 . 344064 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\hnetcfg.dll

.

[-] 2008-04-14 .D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\appmgmts.dll

[-] 2008-03-07 .B578AEE2388E06182896721C031652D8 . 167936 . . [5.1.2600.5503] . .c:\windows\system32\appmgmts.dll

[-] 2008-03-07 .B578AEE2388E06182896721C031652D8 . 167936 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\appmgmts.dll

.

[-] 2004-08-04 .9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . .c:\windows\system32\drivers\acpiec.sys

.

[-] 2008-03-06 17:43 .8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\aec.sys

[-] 2008-03-06 17:43 .8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . .c:\windows\system32\drivers\aec.sys

.

[-] 2008-04-13 .08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

[-] 2008-03-07 .AADFEBA143F0F4EF457AE0410357353D . 42368 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\agp440.sys

[-] 2008-03-07 . AADFEBA143F0F4EF457AE0410357353D. 42368 . . [5.1.2600.5503] . . c:\windows\system32\drivers\AGP440.SYS

[-] 2008-03-06 .AADFEBA143F0F4EF457AE0410357353D . 42368 . . [5.1.2600.5503] . .c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\AGP440.SYS

.

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0. 36608 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ip6fw.sys

[-] 2008-03-07 .B1157E4E295D3DEC5E62B2BB5189C0A8 . 36608 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\ip6fw.sys

[-] 2008-03-07 .B1157E4E295D3DEC5E62B2BB5189C0A8 . 36608 . . [5.1.2600.5503] . .c:\windows\system32\drivers\ip6fw.sys

.

[-] 2008-04-14 .986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msgsvc.dll

[-] 2008-03-07 .B0E62543939AD2B59B69AD2639D397DB . 33792 . . [5.1.2600.5503] . .c:\windows\system32\msgsvc.dll

[-] 2008-03-07 .B0E62543939AD2B59B69AD2639D397DB . 33792 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\msgsvc.dll

.

[-] 2008-04-14 00:12 .156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntmssvc.dll

[-] 2008-03-07 10:46 . 92FA7CCEE20701EFB2107E9B91F1B846. 435200 . . [5.1.2400.5503] . . c:\windows\system32\ntmssvc.dll

[-] 2008-03-07 10:46 .92FA7CCEE20701EFB2107E9B91F1B846 . 435200 . . [5.1.2400.5503] . .c:\windows\system32\dllcache\ntmssvc.dll

.

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91. 185856 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\upnphost.dll

[-] 2008-03-07 .18097058DDFA698E6A7AEC1D965B61B0 . 185856 . . [5.1.2600.5503] . .c:\windows\system32\upnphost.dll

[-] 2008-03-07 .18097058DDFA698E6A7AEC1D965B61B0 . 185856 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\upnphost.dll

.

[-] 2008-04-14 .4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\dsound.dll

[-] 2008-03-07 .67C14344BA2F232F16800097BD776886 . 367616 . . [5.3.2600.5503] . .c:\windows\system32\dsound.dll

[-] 2008-03-07 .67C14344BA2F232F16800097BD776886 . 367616 . . [5.3.2600.5503] . .c:\windows\system32\dllcache\dsound.dll

.

[-] 2008-04-14 .0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\d3d9.dll

[-] 2008-03-07 .00F00516442EB4FA44BA37A1234009E2 . 1689088 . . [5.03.2600.5503] . .c:\windows\system32\d3d9.dll

[-] 2008-03-07 .00F00516442EB4FA44BA37A1234009E2 . 1689088 . . [5.03.2600.5503] . .c:\windows\system32\dllcache\d3d9.dll

.

[-] 2008-04-14 .A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ddraw.dll

[-] 2008-03-07 .6BC389FC4FBE08E92696AAFE19AF9238 . 279552 . . [5.03.2600.5503] . .c:\windows\system32\ddraw.dll

[-] 2008-03-07 .6BC389FC4FBE08E92696AAFE19AF9238 . 279552 . . [5.03.2600.5503] . .c:\windows\system32\dllcache\ddraw.dll

.

[-] 2008-04-14 00:12 .5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\olepro32.dll

[-] 2008-03-07 10:46 .80FF44FDF87E3AAC3745A4AA70F1D438 . 84992 . . [5.1.2600.5503] . .c:\windows\system32\olepro32.dll

[-] 2008-03-07 10:46 .80FF44FDF87E3AAC3745A4AA70F1D438 . 84992 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\olepro32.dll

.

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9. 39936 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\perfctrs.dll

[-] 2008-03-07 .04583D9D9B8016AF5865784EBB2A405D . 39936 . . [5.1.2600.5503] . .c:\windows\system32\perfctrs.dll

[-] 2008-03-07 .04583D9D9B8016AF5865784EBB2A405D . 39936 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\perfctrs.dll

.

[-] 2008-04-14 .C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\version.dll

[-] 2008-03-07 .A642A1DB20F0E023762A0EE4E422A10D . 18944 . . [5.1.2600.5503] . .c:\windows\system32\version.dll

[-] 2008-03-07 .A642A1DB20F0E023762A0EE4E422A10D . 18944 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\version.dll

.

[-] 2008-04-14 .3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll

[-] 2008-03-07 .AB54E2DFF17D58350F88606FA85A02AF . 171008 . . [5.1.2600.5503] . .c:\windows\system32\srsvc.dll

[-] 2008-03-07 .AB54E2DFF17D58350F88606FA85A02AF . 171008 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\srsvc.dll

.

[-] 2008-04-14 .54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\w32time.dll

[-] 2008-03-07 .747089D0836DE2965363E0D017AFC07E . 175104 . . [5.1.2600.5503] . .c:\windows\system32\w32time.dll

[-] 2008-03-07 .747089D0836DE2965363E0D017AFC07E . 175104 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\w32time.dll

.

[-] 2008-04-14 .8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wiaservc.dll

[-] 2008-03-07 .E736B227E428BE3FB9A1F8755E320B4B . 333824 . . [5.1.2600.5503] . .c:\windows\system32\wiaservc.dll

[-] 2008-03-07 .E736B227E428BE3FB9A1F8755E320B4B . 333824 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\wiaservc.dll

.

[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6. 18944 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\midimap.dll

[-] 2008-03-07 .1049A88D43AE4E06295C612DB9F4300C . 18944 . . [5.1.2600.5503] . .c:\windows\system32\midimap.dll

[-] 2008-03-07 .1049A88D43AE4E06295C612DB9F4300C . 18944 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\midimap.dll

.

[-] 2008-04-14 .6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . .c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rasadhlp.dll

[-] 2008-03-07 .B5517CB61ECEDE3E9AAD0AB4562E85B6 . 7680 . . [5.1.2600.5503] . .c:\windows\system32\rasadhlp.dll

[-] 2008-03-07 .B5517CB61ECEDE3E9AAD0AB4562E85B6 . 7680 . . [5.1.2600.5503] . .c:\windows\system32\dllcache\rasadhlp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit defaultentries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\programfiles\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-2839408]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiles\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\programfiles\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Adobe Reader SpeedLauncher"="c:\program files\Adobe\Reader10.0\Reader\Reader_sl.exe" [2012-01-03 35736]

"Adobe ARM"="c:\programfiles\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\programfiles\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"NeroFilterCheck"="c:\programfiles\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Reader LibraryLauncher"="c:\program files\Sony\Reader\Data\bin\launcher\ReaderLibrary Launcher.exe" [2010-07-12 906648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="starthttp://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF&inst=NzctNTU0NTQwOTMyLUZMMTArMS1MSUMrOC1TUDErMS1TUDFUQisxLVNVUCs0LUNJUCsyLVNQMVMyKzEtRERUKzI1NTc5LUREMTBGKzEtU1QxMEZBUFArMS1MMTBNSSsxLUYxME0xMklUKzEtVEJOKzEtVTEwKzE∏=90&ver=10.0.1424"[?]

.

c:\documents and settings\edwin\StartMenu\Programs\Startup\

OneNote 2007 Schermopname en Snelstarten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE[2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\sharedtools\msconfig\startupreg\PRISMSTA.EXE]

PRISMSTA.EXE START [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\sharedtools\msconfig\startupreg\swg]

2011-02-28 06:21 39408 ----a-w- c:\programfiles\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\NetworkDiagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\MicrosoftOffice\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\MicrosoftOffice\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\MicrosoftOffice\\Office12\\ONENOTE.EXE"=

"c:\\ProgramFiles\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\ProgramFiles\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:RemoteDesktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R2 Fabs;FABS - Helping agent for MAGIXmedia database;c:\program files\Common Files\MAGIXServices\Database\bin\FABS.exe [27-8-2009 17:09 1253376]

R3 PRISM_A00;PRISM 802.11gDriver;c:\windows\system32\drivers\PRISMA00.sys [14-2-2011 0:25 362688]

R3 xpsec;IPSECdriver;c:\windows\system32\drivers\xpsec.sys -->c:\windows\system32\drivers\xpsec.sys [?]

S0pughfy;pughfy;c:\windows\system32\drivers\eflariww.sys -->c:\windows\system32\drivers\eflariww.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft.NET Framework NGENv4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[18-3-2010 23:16 130384]

S2 gupdate;Google Update Service(gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28-2-2011 8:22136176]

S3 FirebirdServerMAGIXInstance;FirebirdServer - MAGIX Instance;c:\program files\Common Files\MAGIXServices\Database\bin\fbserver.exe [7-8-2008 11:10 3276800]

S3 gupdatem;Google Update Service(gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28-2-2011 8:22136176]

S3HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [28-2-2011 3:15 14336]

S3p695x9cu.sys;p695x9cu.sys;\??\c:\windows\system32\drivers\p695x9cu.sys -->c:\windows\system32\drivers\p695x9cu.sys [?]

S3 WPFFontCache_v0400;Windows PresentationFoundation Font Cache4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[18-3-2010 23:16 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - xcpip

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-10c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programfiles\Google\Update\GoogleUpdate.exe [2011-02-28 06:21]

.

2012-04-05c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programfiles\Google\Update\GoogleUpdate.exe [2011-02-28 06:21]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) =hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel -c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP:Interfaces\{3E957AFC-A31D-45A5-83D2-EE353F2AD0A7}: NameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625}- (no file)

WebBrowser-{AB8DC1E0-22BE-4181-B77E-02C495E031F8}- c:\program files\HyvesToolbar\Hyves Toolbar\tbcore3.dll

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}- (no file)

HKLM-Run-Cmaudio - cmicnfg.cpl

MSConfigStartUp-ClickPotatoLiteSA -c:\program files\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSA.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista -rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-04-10 11:26

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded UnderRunning Processes ---------------------

.

- - - - - - - > 'explorer.exe'(4020)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\program files\CommonFiles\Ahead\Lib\NeroSearchBar.dll

c:\program files\CommonFiles\Ahead\Lib\MFC71U.DLL

c:\program files\CommonFiles\Ahead\Lib\BCGCBPRO860un71.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes------------------------

.

c:\windows\system32\RunDll32.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

c:\program files\CommonFiles\Ahead\Lib\NMIndexingService.exe

c:\program files\CommonFiles\Ahead\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Completion time: 2012-04-10 11:32:24 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-10 09:32

.

Pre-Run: 34.925.953.024 bytes free

Post-Run: 35.359.780.864 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="MicrosoftWindows Recovery Console" /cmdcons

UnsupportedDebug="do not selectthis" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="MicrosoftWindows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - -A2A891ACA291277DF09A026226218AF6

alvast weer bedankt.

ik heb er het volste vertrouwen in dat alles weer goed komt.

ik heb tijdelijk mijn avg er af gegooid.

ga voor een andere virus scanner, nog een goede tip?

10 april 2012 aangepast door kweezie wabbit

[kweezie wabbit]

Andere goede gratis virusscanners zijn Avast en Avira.

[kweezie wabbit]

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Driver::

pughfy

File::

c:\windows\system32\drivers\eflariww.sys

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"=-

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

[Gast eddebfinn]

ComboFix 12-04-09.07 - edwin 13-04-2012 16:53:58.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.113 [GMT 2:00]

Running from: c:\documents and settings\edwin\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\edwin\Desktop\CFScript.txt

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

* Created a new restore point

.

FILE ::

"c:\windows\system32\drivers\eflariww.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_pughfy

-------\Service_xcpip

.

.

((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))

.

.

2012-04-13 14:46 . 2012-04-13 14:46 -------- d-----w- c:\windows\LastGood.Tmp

2012-04-10 11:19 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-04-10 11:19 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-04-10 11:19 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-04-10 11:19 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-04-10 11:19 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-04-10 11:19 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-04-10 11:19 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-04-10 11:19 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2012-04-10 11:19 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe

2012-04-10 11:19 . 2012-04-10 11:19 -------- d-----w- c:\program files\Alwil Software

2012-04-10 11:19 . 2012-04-10 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2012-04-05 08:03 . 2012-04-05 08:03 -------- d-----w- c:\documents and settings\edwin\Application Data\Malwarebytes

2012-04-05 08:03 . 2012-04-05 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-04-05 08:02 . 2012-04-05 08:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-05 08:02 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-05 07:49 . 2012-04-05 07:49 -------- d-----w- c:\documents and settings\Administrator

2012-03-30 17:53 . 2012-03-30 17:53 388096 ----a-r- c:\documents and settings\edwin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-03-30 17:53 . 2012-03-30 17:53 -------- d-----w- C:\Trend Micro

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-03 09:22 . 2008-03-07 04:04 1860096 ----a-w- c:\windows\system32\win32k.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

.

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asyncmac.sys

[-] 2008-03-07 . DA532763C5DFB8140B1FB45CDE8E371D . 14336 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\asyncmac.sys

[-] 2008-03-07 . DA532763C5DFB8140B1FB45CDE8E371D . 14336 . . [5.1.2600.5503] . . c:\windows\system32\drivers\asyncmac.sys

.

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kbdclass.sys

[-] 2008-03-07 . F46911A590C6A69CAE4CE915E3C54EA2 . 24576 . . [5.1.2600.5503] . . c:\windows\system32\drivers\kbdclass.sys

.

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys

[-] 2008-03-07 . D89ACA7F76952917CBADE3C315B50036 . 182656 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\ndis.sys

[-] 2008-03-07 . D89ACA7F76952917CBADE3C315B50036 . 182656 . . [5.1.2600.5503] . . c:\windows\system32\drivers\ndis.sys

.

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntfs.sys

[-] 2008-03-07 . 4BAA9DE705D0EA0036642D655A36D16E . 574976 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\ntfs.sys

[-] 2008-03-07 . 4BAA9DE705D0EA0036642D655A36D16E . 574976 . . [5.1.2600.5503] . . c:\windows\system32\drivers\ntfs.sys

.

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\browser.dll

[-] 2008-03-07 . 9E40E5F31E203CE90C66AF5E5D13688F . 77824 . . [5.1.2600.5503] . . c:\windows\system32\browser.dll

[-] 2008-03-07 . 9E40E5F31E203CE90C66AF5E5D13688F . 77824 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\browser.dll

.

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe

[-] 2008-03-07 . 543B4545600F5B26150FF3F639AA670A . 13312 . . [5.1.2600.5503] . . c:\windows\system32\lsass.exe

[-] 2008-03-07 . 543B4545600F5B26150FF3F639AA670A . 13312 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\lsass.exe

.

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netman.dll

[-] 2008-03-07 . A0C9CB2819059FA490B2CF43AA08D19C . 198144 . . [5.1.2600.5503] . . c:\windows\system32\netman.dll

[-] 2008-03-07 . A0C9CB2819059FA490B2CF43AA08D19C . 198144 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\netman.dll

.

[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comres.dll

[-] 2008-03-07 10:46 . 800B3406E7C01AE58C50807F865718D4 . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

[-] 2008-03-07 10:46 . 800B3406E7C01AE58C50807F865718D4 . 792064 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll

.

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll

[-] 2008-03-07 . 80AFFA9A10E204835F10D1E2D3A6C1EC . 409088 . . [6.7.2600.5503] . . c:\windows\system32\qmgr.dll

[-] 2008-03-07 . 80AFFA9A10E204835F10D1E2D3A6C1EC . 409088 . . [6.7.2600.5503] . . c:\windows\system32\dllcache\qmgr.dll

.

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

[-] 2008-03-07 . 3339D062572762F8E2FF102A7F8F621D . 507904 . . [5.1.2600.5503] . . c:\windows\system32\winlogon.exe

[-] 2008-03-07 . 3339D062572762F8E2FF102A7F8F621D . 507904 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\winlogon.exe

.

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ipsec.sys

[-] 2008-03-07 . 8C2FA9ECE20F0F99E9003F060E155DB9 . 75264 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\ipsec.sys

[-] 2008-03-07 . 8C2FA9ECE20F0F99E9003F060E155DB9 . 75264 . . [5.1.2600.5503] . . c:\windows\system32\drivers\ipsec.sys

.

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cryptsvc.dll

[-] 2008-03-07 . 3BE9F3160CF92FE9F9CF3B73570F1330 . 62464 . . [5.1.2600.5503] . . c:\windows\system32\cryptsvc.dll

[-] 2008-03-07 . 3BE9F3160CF92FE9F9CF3B73570F1330 . 62464 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\cryptsvc.dll

.

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\imm32.dll

[-] 2008-03-07 . B3CA87258A1F03D1931F5FC439DFDD0A . 110080 . . [5.1.2600.5503] . . c:\windows\system32\imm32.dll

[-] 2008-03-07 . B3CA87258A1F03D1931F5FC439DFDD0A . 110080 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\imm32.dll

.

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\linkinfo.dll

[-] 2008-03-07 . D72348D19B356D95746C2E05AAB42277 . 19968 . . [5.1.2600.5503] . . c:\windows\system32\linkinfo.dll

[-] 2008-03-07 . D72348D19B356D95746C2E05AAB42277 . 19968 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\linkinfo.dll

.

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lpk.dll

[-] 2008-03-07 . CB32CA38054D9B63CD93AD157575D1E4 . 22016 . . [5.1.2600.5503] . . c:\windows\system32\lpk.dll

[-] 2008-03-07 . CB32CA38054D9B63CD93AD157575D1E4 . 22016 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\lpk.dll

.

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\70\msft\windows\mswincrt\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msvcrt.dll

[-] 2008-03-07 . D124590F14E6C6B8EB29FD643DA75D97 . 343040 . . [7.0.2600.5503] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5503_x-ww_3fd50d25\msvcrt.dll

[-] 2008-03-07 . F0EC1188229A7D83398CE5FC46BD6E8B . 343040 . . [7.0.2600.5503] . . c:\windows\system32\msvcrt.dll

[-] 2008-03-07 . F0EC1188229A7D83398CE5FC46BD6E8B . 343040 . . [7.0.2600.5503] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

.

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll

[-] 2008-03-07 . D34EAE3C748D848370122F00F5141BB8 . 407040 . . [5.1.2600.5503] . . c:\windows\system32\netlogon.dll

[-] 2008-03-07 . D34EAE3C748D848370122F00F5141BB8 . 407040 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\netlogon.dll

.

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\powrprof.dll

[-] 2008-03-07 . 3B7B2D4BD4248B71A0FC743AE92CF812 . 17408 . . [6.00.2900.5503] . . c:\windows\system32\powrprof.dll

[-] 2008-03-07 . 3B7B2D4BD4248B71A0FC743AE92CF812 . 17408 . . [6.00.2900.5503] . . c:\windows\system32\dllcache\powrprof.dll

.

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

[-] 2008-03-07 . C2BA8FF2528A5744AE0A7A81E3623B39 . 181248 . . [5.1.2600.5503] . . c:\windows\system32\scecli.dll

[-] 2008-03-07 . C2BA8FF2528A5744AE0A7A81E3623B39 . 181248 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\scecli.dll

.

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfc.dll

[-] 2008-03-07 . 9DE15AA953FCBB0231958DA8EAA70B8C . 5120 . . [5.1.2600.5503] . . c:\windows\system32\sfc.dll

[-] 2008-03-07 . 9DE15AA953FCBB0231958DA8EAA70B8C . 5120 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\sfc.dll

.

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe

[-] 2008-03-07 . 90CEF742ABE7EC1DA7DF8EF2016817CD . 14336 . . [5.1.2600.5503] . . c:\windows\system32\svchost.exe

[-] 2008-03-07 . 90CEF742ABE7EC1DA7DF8EF2016817CD . 14336 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\svchost.exe

.

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tapisrv.dll

[-] 2008-03-07 . 8A3AE8286C14965EA84529555A479C35 . 249856 . . [5.1.2600.5503] . . c:\windows\system32\tapisrv.dll

[-] 2008-03-07 . 8A3AE8286C14965EA84529555A479C35 . 249856 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\tapisrv.dll

.

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll

[-] 2008-03-07 . 65A57A5D7099B439D54332A213F62EFE . 578560 . . [5.1.2600.5503] . . c:\windows\system32\user32.dll

[-] 2008-03-07 . 65A57A5D7099B439D54332A213F62EFE . 578560 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\user32.dll

.

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe

[-] 2008-03-07 . 72535E77C6057F8167BBF38FC9C03FE9 . 26112 . . [5.1.2600.5503] . . c:\windows\system32\userinit.exe

[-] 2008-03-07 . 72535E77C6057F8167BBF38FC9C03FE9 . 26112 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\userinit.exe

.

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll

[-] 2008-03-07 . 8CCA907AA13574173188E005467E671E . 82432 . . [5.1.2600.5503] . . c:\windows\system32\ws2_32.dll

[-] 2008-03-07 . 8CCA907AA13574173188E005467E671E . 82432 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\ws2_32.dll

.

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2help.dll

[-] 2008-03-07 . 898B7BB79013FEEC5DB2ED07D0A0AA97 . 19968 . . [5.1.2600.5503] . . c:\windows\system32\ws2help.dll

[-] 2008-03-07 . 898B7BB79013FEEC5DB2ED07D0A0AA97 . 19968 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\ws2help.dll

.

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe

[-] 2008-03-07 . A546AD755FA358195C9E1386E8B10DE1 . 1033728 . . [6.00.2900.5503] . . c:\windows\explorer.exe

[-] 2008-03-07 . A546AD755FA358195C9E1386E8B10DE1 . 1033728 . . [6.00.2900.5503] . . c:\windows\system32\dllcache\explorer.exe

.

[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regedit.exe

[-] 2008-03-07 . FD37E1C4E0C4D63FF0374F3C9B68B605 . 146432 . . [5.1.2600.5503] . . c:\windows\regedit.exe

[-] 2008-03-07 . FD37E1C4E0C4D63FF0374F3C9B68B605 . 146432 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\regedit.exe

.

[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ksuser.dll

[-] 2008-03-07 . B177C233C24C80A467A353456CEE6415 . 4096 . . [5.3.2600.5503] . . c:\windows\system32\ksuser.dll

[-] 2008-03-07 . B177C233C24C80A467A353456CEE6415 . 4096 . . [5.3.2600.5503] . . c:\windows\system32\dllcache\ksuser.dll

.

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe

[-] 2008-03-07 . 6355E3CAC89A910D5C80C371729660F2 . 15360 . . [5.1.2600.5503] . . c:\windows\system32\ctfmon.exe

[-] 2008-03-07 . 6355E3CAC89A910D5C80C371729660F2 . 15360 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\ctfmon.exe

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll

[-] 2008-03-07 . AB54E2DFF17D58350F88606FA85A02AF . 171008 . . [5.1.2600.5503] . . c:\windows\system32\srsvc.dll

[-] 2008-03-07 . AB54E2DFF17D58350F88606FA85A02AF . 171008 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\srsvc.dll

.

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe

[-] 2008-03-07 . 6645FFBDCC32812C83A7A2B2553C2AE0 . 13824 . . [5.1.2600.5503] . . c:\windows\system32\wscntfy.exe

[-] 2008-03-07 . 6645FFBDCC32812C83A7A2B2553C2AE0 . 13824 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\wscntfy.exe

.

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\xmlprov.dll

[-] 2008-03-07 . F077E30465B99436FF68E5B6ECE0728E . 129024 . . [5.1.2600.5503] . . c:\windows\system32\xmlprov.dll

[-] 2008-03-07 . F077E30465B99436FF68E5B6ECE0728E . 129024 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\xmlprov.dll

.

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll

[-] 2008-03-07 . 18A6C733089F9E28B4821C8D9501C829 . 56320 . . [5.1.2600.5503] . . c:\windows\system32\eventlog.dll

[-] 2008-03-07 . 18A6C733089F9E28B4821C8D9501C829 . 56320 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\eventlog.dll

.

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll

[-] 2008-03-07 . 3826A7E049453D8E01A7CE5539D63044 . 1614848 . . [5.1.2600.5503] . . c:\windows\system32\sfcfiles.dll

[-] 2008-03-07 . 3826A7E049453D8E01A7CE5539D63044 . 1614848 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\sfcfiles.dll

.

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ipsec.sys

[-] 2008-03-07 . 8C2FA9ECE20F0F99E9003F060E155DB9 . 75264 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\ipsec.sys

[-] 2008-03-07 . 8C2FA9ECE20F0F99E9003F060E155DB9 . 75264 . . [5.1.2600.5503] . . c:\windows\system32\drivers\ipsec.sys

.

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regsvc.dll

[-] 2008-03-07 . 5858B07C7F91F1C7E95CF187C6AA0BCD . 59904 . . [5.1.2600.5503] . . c:\windows\system32\regsvc.dll

[-] 2008-03-07 . 5858B07C7F91F1C7E95CF187C6AA0BCD . 59904 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\regsvc.dll

.

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\schedsvc.dll

[-] 2008-03-07 . 62DEBEDA7434D4F6D3DFCDE4F3AF7761 . 192512 . . [5.1.2600.5503] . . c:\windows\system32\schedsvc.dll

[-] 2008-03-07 . 62DEBEDA7434D4F6D3DFCDE4F3AF7761 . 192512 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\schedsvc.dll

.

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ssdpsrv.dll

[-] 2008-03-07 . 7B50C000ED67FF2F446123753D5413FF . 71680 . . [5.1.2600.5503] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-03-07 . 7B50C000ED67FF2F446123753D5413FF . 71680 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\ssdpsrv.dll

.

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\termsrv.dll

[-] 2008-03-07 . CCB30FBA0F11056E199F360B351E5349 . 295424 . . [5.1.2600.5503] . . c:\windows\system32\termsrv.dll

[-] 2008-03-07 . CCB30FBA0F11056E199F360B351E5349 . 295424 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\termsrv.dll

.

[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\hnetcfg.dll

[-] 2008-03-07 . 90AEBC432E6A0CACE04A90BF53B9EBD0 . 344064 . . [5.1.2600.5503] . . c:\windows\system32\hnetcfg.dll

[-] 2008-03-07 . 90AEBC432E6A0CACE04A90BF53B9EBD0 . 344064 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\hnetcfg.dll

.

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\appmgmts.dll

[-] 2008-03-07 . B578AEE2388E06182896721C031652D8 . 167936 . . [5.1.2600.5503] . . c:\windows\system32\appmgmts.dll

[-] 2008-03-07 . B578AEE2388E06182896721C031652D8 . 167936 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\appmgmts.dll

.

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[-] 2008-03-06 17:43 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\aec.sys

[-] 2008-03-06 17:43 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

.

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

[-] 2008-03-07 . AADFEBA143F0F4EF457AE0410357353D . 42368 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\agp440.sys

[-] 2008-03-07 . AADFEBA143F0F4EF457AE0410357353D . 42368 . . [5.1.2600.5503] . . c:\windows\system32\drivers\AGP440.SYS

[-] 2008-03-06 . AADFEBA143F0F4EF457AE0410357353D . 42368 . . [5.1.2600.5503] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\AGP440.SYS

.

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ip6fw.sys

[-] 2008-03-07 . B1157E4E295D3DEC5E62B2BB5189C0A8 . 36608 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\ip6fw.sys

[-] 2008-03-07 . B1157E4E295D3DEC5E62B2BB5189C0A8 . 36608 . . [5.1.2600.5503] . . c:\windows\system32\drivers\ip6fw.sys

.

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msgsvc.dll

[-] 2008-03-07 . B0E62543939AD2B59B69AD2639D397DB . 33792 . . [5.1.2600.5503] . . c:\windows\system32\msgsvc.dll

[-] 2008-03-07 . B0E62543939AD2B59B69AD2639D397DB . 33792 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\msgsvc.dll

.

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntmssvc.dll

[-] 2008-03-07 10:46 . 92FA7CCEE20701EFB2107E9B91F1B846 . 435200 . . [5.1.2400.5503] . . c:\windows\system32\ntmssvc.dll

[-] 2008-03-07 10:46 . 92FA7CCEE20701EFB2107E9B91F1B846 . 435200 . . [5.1.2400.5503] . . c:\windows\system32\dllcache\ntmssvc.dll

.

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\upnphost.dll

[-] 2008-03-07 . 18097058DDFA698E6A7AEC1D965B61B0 . 185856 . . [5.1.2600.5503] . . c:\windows\system32\upnphost.dll

[-] 2008-03-07 . 18097058DDFA698E6A7AEC1D965B61B0 . 185856 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\upnphost.dll

.

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\dsound.dll

[-] 2008-03-07 . 67C14344BA2F232F16800097BD776886 . 367616 . . [5.3.2600.5503] . . c:\windows\system32\dsound.dll

[-] 2008-03-07 . 67C14344BA2F232F16800097BD776886 . 367616 . . [5.3.2600.5503] . . c:\windows\system32\dllcache\dsound.dll

.

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\d3d9.dll

[-] 2008-03-07 . 00F00516442EB4FA44BA37A1234009E2 . 1689088 . . [5.03.2600.5503] . . c:\windows\system32\d3d9.dll

[-] 2008-03-07 . 00F00516442EB4FA44BA37A1234009E2 . 1689088 . . [5.03.2600.5503] . . c:\windows\system32\dllcache\d3d9.dll

.

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ddraw.dll

[-] 2008-03-07 . 6BC389FC4FBE08E92696AAFE19AF9238 . 279552 . . [5.03.2600.5503] . . c:\windows\system32\ddraw.dll

[-] 2008-03-07 . 6BC389FC4FBE08E92696AAFE19AF9238 . 279552 . . [5.03.2600.5503] . . c:\windows\system32\dllcache\ddraw.dll

.

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\olepro32.dll

[-] 2008-03-07 10:46 . 80FF44FDF87E3AAC3745A4AA70F1D438 . 84992 . . [5.1.2600.5503] . . c:\windows\system32\olepro32.dll

[-] 2008-03-07 10:46 . 80FF44FDF87E3AAC3745A4AA70F1D438 . 84992 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\olepro32.dll

.

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\perfctrs.dll

[-] 2008-03-07 . 04583D9D9B8016AF5865784EBB2A405D . 39936 . . [5.1.2600.5503] . . c:\windows\system32\perfctrs.dll

[-] 2008-03-07 . 04583D9D9B8016AF5865784EBB2A405D . 39936 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\perfctrs.dll

.

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\version.dll

[-] 2008-03-07 . A642A1DB20F0E023762A0EE4E422A10D . 18944 . . [5.1.2600.5503] . . c:\windows\system32\version.dll

[-] 2008-03-07 . A642A1DB20F0E023762A0EE4E422A10D . 18944 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\version.dll

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll

[-] 2008-03-07 . AB54E2DFF17D58350F88606FA85A02AF . 171008 . . [5.1.2600.5503] . . c:\windows\system32\srsvc.dll

[-] 2008-03-07 . AB54E2DFF17D58350F88606FA85A02AF . 171008 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\srsvc.dll

.

[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\w32time.dll

[-] 2008-03-07 . 747089D0836DE2965363E0D017AFC07E . 175104 . . [5.1.2600.5503] . . c:\windows\system32\w32time.dll

[-] 2008-03-07 . 747089D0836DE2965363E0D017AFC07E . 175104 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\w32time.dll

.

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wiaservc.dll

[-] 2008-03-07 . E736B227E428BE3FB9A1F8755E320B4B . 333824 . . [5.1.2600.5503] . . c:\windows\system32\wiaservc.dll

[-] 2008-03-07 . E736B227E428BE3FB9A1F8755E320B4B . 333824 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\wiaservc.dll

.

[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\midimap.dll

[-] 2008-03-07 . 1049A88D43AE4E06295C612DB9F4300C . 18944 . . [5.1.2600.5503] . . c:\windows\system32\midimap.dll

[-] 2008-03-07 . 1049A88D43AE4E06295C612DB9F4300C . 18944 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\midimap.dll

.

[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rasadhlp.dll

[-] 2008-03-07 . B5517CB61ECEDE3E9AAD0AB4562E85B6 . 7680 . . [5.1.2600.5503] . . c:\windows\system32\rasadhlp.dll

[-] 2008-03-07 . B5517CB61ECEDE3E9AAD0AB4562E85B6 . 7680 . . [5.1.2600.5503] . . c:\windows\system32\dllcache\rasadhlp.dll

.

((((((((((((((((((((((((((((( SnapShot@2012-04-10_09.24.59 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-12 08:02 . 2009-07-12 08:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

- 2009-07-12 08:02 . 2009-07-12 08:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

- 2009-07-12 08:02 . 2009-07-12 08:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

- 2009-07-12 08:02 . 2009-07-12 08:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

- 2009-07-12 08:02 . 2009-07-12 08:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

- 2009-07-12 08:02 . 2009-07-12 08:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

- 2009-07-12 08:02 . 2009-07-12 08:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

- 2009-07-12 08:02 . 2009-07-12 08:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

- 2009-07-12 08:02 . 2009-07-12 08:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

- 2009-07-12 08:02 . 2009-07-12 08:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

- 2009-07-12 08:02 . 2009-07-12 08:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

- 2009-07-12 08:02 . 2009-07-12 08:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

- 2009-07-12 08:05 . 2009-07-12 08:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

- 2009-07-12 08:05 . 2009-07-12 08:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

- 2009-07-12 08:02 . 2009-07-12 08:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

- 2009-07-12 08:02 . 2009-07-12 08:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

- 2009-07-12 08:05 . 2009-07-12 08:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

- 2009-07-12 08:02 . 2009-07-12 08:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

- 2009-07-12 08:02 . 2009-07-12 08:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

- 2009-07-12 08:02 . 2009-07-12 08:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-28 39408]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-12 906648]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

.

c:\documents and settings\edwin\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE]

PRISMSTA.EXE START [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2011-02-28 06:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10-4-2012 13:19 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10-4-2012 13:19 17744]

R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27-8-2009 17:09 1253376]

R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [14-2-2011 0:25 362688]

R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 23:16 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28-2-2011 8:22 136176]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7-8-2008 11:10 3276800]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28-2-2011 8:22 136176]

S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [28-2-2011 3:15 14336]

S3 p695x9cu.sys;p695x9cu.sys;\??\c:\windows\system32\drivers\p695x9cu.sys --> c:\windows\system32\drivers\p695x9cu.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 23:16 753504]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - xcpip

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 06:21]

.

2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 06:21]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: Interfaces\{3E957AFC-A31D-45A5-83D2-EE353F2AD0A7}: NameServer = 192.168.1.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-04-13 17:09

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\windows\TEMP\_asw_aisI.tm~a04036\onefile 0 bytes

c:\windows\TEMP\_asw_aisI.tm~a04036\setup.lok 0 bytes

.

scan completed successfully

hidden files: 2

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1316)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll

c:\program files\Common Files\Ahead\Lib\MFC71U.DLL

c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Completion time: 2012-04-13 17:16:11 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-13 15:16

ComboFix2.txt 2012-04-10 09:32

.

Pre-Run: 34.862.227.456 bytes free

Post-Run: 34.937.335.808 bytes free

.

- - End Of File - - 7402A294B91C34926A62261C7A79C7EC

blijf het spannend vinden!

groetjes edwin

[kweezie wabbit]

Dat ziet er goed uit.

Wat heeft de virusscanner nu nog te melden over trojaase paarden?

[Gast eddebfinn]

Hij gaf nog 2 virus meldingen windows32 exe.malware en een windows32 exe.trojan.deze werden gevonden met avast.

Ik heb deze direct verwijderd en ben nu een complete scan opnieuw aan het doen.

[kape]

Download TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

[Gast eddebfinn]

20:39:29.0156 0772 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

20:39:31.0171 0772 ============================================================

20:39:31.0203 0772 Current date / time: 2012/04/14 20:39:31.0171

20:39:31.0203 0772 SystemInfo:

20:39:31.0203 0772

20:39:31.0203 0772 OS Version: 5.1.2600 ServicePack: 3.0

20:39:31.0203 0772 Product type: Workstation

20:39:31.0203 0772 ComputerName: EDWIN-2

20:39:31.0234 0772 UserName: edwin

20:39:31.0234 0772 Windows directory: C:\WINDOWS

20:39:31.0234 0772 System windows directory: C:\WINDOWS

20:39:31.0234 0772 Processor architecture: Intel x86

20:39:31.0234 0772 Number of processors: 2

20:39:31.0265 0772 Page size: 0x1000

20:39:31.0265 0772 Boot type: Normal boot

20:39:31.0265 0772 ============================================================

20:39:42.0171 0772 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

20:39:42.0312 0772 \Device\Harddisk0\DR0:

20:39:43.0218 0772 MBR used

20:39:43.0218 0772 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6B6DE25

20:39:43.0234 0772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x6B6DEA3, BlocksNum 0xBEA6D5D

20:39:43.0390 0772 Initialize success

20:39:43.0390 0772 ============================================================

20:40:01.0406 5688 ============================================================

20:40:01.0406 5688 Scan started

20:40:01.0406 5688 Mode: Manual;

20:40:01.0406 5688 ============================================================

20:40:01.0796 5688 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys

20:40:01.0812 5688 Aavmker4 - ok

20:40:01.0875 5688 Abiosdsk - ok

20:40:01.0906 5688 abp480n5 - ok

20:40:01.0968 5688 ACPI (7563c2166940df4bd740fca01fab2f55) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:40:02.0015 5688 ACPI - ok

20:40:02.0109 5688 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

20:40:02.0109 5688 ACPIEC - ok

20:40:02.0171 5688 adpu160m - ok

20:40:02.0281 5688 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

20:40:02.0296 5688 aec - ok

20:40:02.0390 5688 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

20:40:02.0734 5688 AFD - ok

20:40:02.0875 5688 agp440 (aadfeba143f0f4ef457ae0410357353d) C:\WINDOWS\system32\DRIVERS\agp440.sys

20:40:02.0906 5688 agp440 - ok

20:40:02.0968 5688 Aha154x - ok

20:40:03.0031 5688 aic78u2 - ok

20:40:03.0078 5688 aic78xx - ok

20:40:03.0140 5688 Alerter (bd0b616b309969e077c1345ef5b63aba) C:\WINDOWS\system32\alrsvc.dll

20:40:03.0156 5688 Alerter - ok

20:40:03.0218 5688 ALG (e876e7ced87ad15d0bcfcbcfc2cadb0c) C:\WINDOWS\System32\alg.exe

20:40:03.0218 5688 ALG - ok

20:40:03.0250 5688 AliIde - ok

20:40:03.0296 5688 amsint - ok

20:40:03.0359 5688 AppMgmt (b578aee2388e06182896721c031652d8) C:\WINDOWS\System32\appmgmts.dll

20:40:03.0406 5688 AppMgmt - ok

20:40:03.0484 5688 Arp1394 (aaa2066ca87be8cb3803e526aef72284) C:\WINDOWS\system32\DRIVERS\arp1394.sys

20:40:03.0515 5688 Arp1394 - ok

20:40:03.0562 5688 asc - ok

20:40:03.0609 5688 asc3350p - ok

20:40:03.0640 5688 asc3550 - ok

20:40:03.0734 5688 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

20:40:03.0781 5688 aspnet_state - ok

20:40:04.0109 5688 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys

20:40:04.0125 5688 aswFsBlk - ok

20:40:04.0203 5688 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys

20:40:04.0218 5688 aswMon2 - ok

20:40:04.0296 5688 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys

20:40:04.0312 5688 aswRdr - ok

20:40:04.0390 5688 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys

20:40:04.0390 5688 aswSP - ok

20:40:04.0468 5688 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys

20:40:04.0468 5688 aswTdi - ok

20:40:04.0515 5688 AsyncMac (da532763c5dfb8140b1fb45cde8e371d) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:40:04.0546 5688 AsyncMac - ok

20:40:04.0625 5688 atapi (838df6731742b7198f91c2d9e0468dc3) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:40:04.0625 5688 atapi - ok

20:40:04.0687 5688 Atdisk - ok

20:40:04.0781 5688 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

20:40:04.0828 5688 ati2mtag - ok

20:40:04.0937 5688 Atmarpc (ade33e7444e347ee6fe34cfccb94d678) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:40:04.0953 5688 Atmarpc - ok

20:40:05.0031 5688 AudioSrv (f247fecf0f95bb8db23081d3b9d182b5) C:\WINDOWS\System32\audiosrv.dll

20:40:05.0078 5688 AudioSrv - ok

20:40:05.0375 5688 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:40:05.0406 5688 audstub - ok

20:40:05.0500 5688 avast! Antivirus (b2386a8e66891f7cfec9f5a03f0f1210) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

20:40:05.0500 5688 avast! Antivirus - ok

20:40:05.0500 5688 avast! Mail Scanner (b2386a8e66891f7cfec9f5a03f0f1210) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

20:40:05.0500 5688 avast! Mail Scanner - ok

20:40:05.0500 5688 avast! Web Scanner (b2386a8e66891f7cfec9f5a03f0f1210) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

20:40:05.0500 5688 avast! Web Scanner - ok

20:40:05.0578 5688 Avgfwdx (8be661c16fbf84a73bcec84b6b4a9db5) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

20:40:05.0593 5688 Avgfwdx - ok

20:40:05.0593 5688 Avgfwfd (8be661c16fbf84a73bcec84b6b4a9db5) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

20:40:05.0593 5688 Avgfwfd - ok

20:40:05.0734 5688 avgfws (c0b5a964c1c329ed19e5a4b6e49ea1fe) C:\Program Files\AVG\AVG2012\avgfws.exe

20:40:05.0812 5688 avgfws - ok

20:40:06.0046 5688 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files\AVG\AVG2012\avgidsagent.exe

20:40:06.0187 5688 AVGIDSAgent - ok

20:40:06.0265 5688 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys

20:40:06.0265 5688 AVGIDSDriver - ok

20:40:06.0343 5688 AVGIDSEH (f4050c31e6a83cf1e4cdc80d165f7f08) C:\WINDOWS\system32\DRIVERS\avgidsehx.sys

20:40:06.0343 5688 AVGIDSEH - ok

20:40:06.0437 5688 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys

20:40:06.0453 5688 AVGIDSFilter - ok

20:40:06.0531 5688 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys

20:40:06.0531 5688 AVGIDSShim - ok

20:40:06.0609 5688 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

20:40:06.0625 5688 Avgldx86 - ok

20:40:06.0703 5688 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

20:40:06.0718 5688 Avgmfx86 - ok

20:40:06.0781 5688 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

20:40:06.0796 5688 Avgrkx86 - ok

20:40:06.0890 5688 Avgtdix (b2fc9d4de6a2e57a4dfb5a11440c5b85) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

20:40:06.0921 5688 Avgtdix - ok

20:40:07.0015 5688 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

20:40:07.0015 5688 avgwd - ok

20:40:07.0109 5688 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:40:07.0109 5688 Beep - ok

20:40:07.0171 5688 BITS (80affa9a10e204835f10d1e2d3a6c1ec) C:\WINDOWS\system32\qmgr.dll

20:40:07.0593 5688 BITS - ok

20:40:07.0703 5688 Browser (9e40e5f31e203ce90c66af5e5d13688f) C:\WINDOWS\System32\browser.dll

20:40:07.0734 5688 Browser - ok

20:40:07.0734 5688 catchme - ok

20:40:07.0812 5688 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:40:07.0828 5688 cbidf2k - ok

20:40:07.0890 5688 cd20xrnt - ok

20:40:07.0937 5688 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:40:07.0953 5688 Cdaudio - ok

20:40:08.0031 5688 Cdfs (cd319f3a4bfc23e9fb392b94afd59641) C:\WINDOWS\system32\drivers\Cdfs.sys

20:40:08.0062 5688 Cdfs - ok

20:40:08.0156 5688 Cdrom (9961d4cf6c01d2b3e6ba7e9a15b55f31) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:40:08.0187 5688 Cdrom - ok

20:40:08.0250 5688 Changer - ok

20:40:08.0312 5688 CiSvc (ecde37d2ed4e640080e54c9afd18ee41) C:\WINDOWS\system32\cisvc.exe

20:40:08.0343 5688 CiSvc - ok

20:40:08.0406 5688 ClipSrv (d1ba0a09d773e6e6be5971e9fbc2da06) C:\WINDOWS\system32\clipsrv.exe

20:40:08.0406 5688 ClipSrv - ok

20:40:08.0500 5688 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:40:08.0562 5688 clr_optimization_v2.0.50727_32 - ok

20:40:08.0687 5688 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:40:08.0734 5688 clr_optimization_v4.0.30319_32 - ok

20:40:08.0812 5688 CmdIde - ok

20:40:08.0921 5688 cmuda (b7d9e7d64c1fd830856807e63356178d) C:\WINDOWS\system32\drivers\cmuda.sys

20:40:09.0031 5688 cmuda - ok

20:40:09.0093 5688 COMSysApp - ok

20:40:09.0140 5688 Cpqarray - ok

20:40:09.0187 5688 CryptSvc (3be9f3160cf92fe9f9cf3b73570f1330) C:\WINDOWS\System32\cryptsvc.dll

20:40:09.0218 5688 CryptSvc - ok

20:40:09.0265 5688 dac2w2k - ok

20:40:09.0312 5688 dac960nt - ok

20:40:09.0375 5688 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

20:40:09.0421 5688 DcomLaunch - ok

20:40:09.0500 5688 Dhcp (abe660c4266b32b1f7e659ef03e0e922) C:\WINDOWS\System32\dhcpcsvc.dll

20:40:09.0515 5688 Dhcp - ok

20:40:09.0562 5688 Disk (8c7776b0f84bfc3507e2d8f5cee13db4) C:\WINDOWS\system32\DRIVERS\disk.sys

20:40:09.0609 5688 Disk - ok

20:40:09.0656 5688 dmadmin - ok

20:40:09.0781 5688 dmboot (132f36f598a03b0bd845f565e7fd9705) C:\WINDOWS\system32\drivers\dmboot.sys

20:40:09.0843 5688 dmboot - ok

20:40:09.0953 5688 dmio (e4052fa551f255ce15567b992876b17c) C:\WINDOWS\system32\drivers\dmio.sys

20:40:09.0968 5688 dmio - ok

20:40:10.0062 5688 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:40:10.0062 5688 dmload - ok

20:40:10.0109 5688 dmserver (134bdcf1f743bfbed275b73afd502cf1) C:\WINDOWS\System32\dmserver.dll

20:40:10.0140 5688 dmserver - ok

20:40:10.0250 5688 DMusic (e9c1ef7b2d0d0ee2c467dc0fe61eb5ee) C:\WINDOWS\system32\drivers\DMusic.sys

20:40:10.0265 5688 DMusic - ok

20:40:10.0343 5688 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

20:40:10.0375 5688 Dnscache - ok

20:40:10.0468 5688 Dot3svc (48de421c3b577b499e95c3b0b9055432) C:\WINDOWS\System32\dot3svc.dll

20:40:10.0484 5688 Dot3svc - ok

20:40:10.0546 5688 dpti2o - ok

20:40:10.0609 5688 drmkaud (bc73d3e69ebe5a75bed5881ecc188fab) C:\WINDOWS\system32\drivers\drmkaud.sys

20:40:10.0625 5688 drmkaud - ok

20:40:10.0703 5688 EapHost (1e36912943e60bc765b92d23701c45e4) C:\WINDOWS\System32\eapsvc.dll

20:40:10.0703 5688 EapHost - ok

20:40:10.0765 5688 ERSvc (90dd05870612cd69bb5f6d2596c4b9d6) C:\WINDOWS\System32\ersvc.dll

20:40:10.0796 5688 ERSvc - ok

20:40:10.0875 5688 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

20:40:10.0875 5688 Eventlog - ok

20:40:10.0984 5688 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

20:40:11.0000 5688 EventSystem - ok

20:40:11.0093 5688 Fabs - ok

20:40:11.0203 5688 Fastfat (3b8d65d84dde6accbde1318b5c7a18eb) C:\WINDOWS\system32\drivers\Fastfat.sys

20:40:11.0234 5688 Fastfat - ok

20:40:11.0328 5688 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

20:40:11.0843 5688 FastUserSwitchingCompatibility - ok

20:40:11.0937 5688 Fdc (7491ad23e3f48df2f33e368179d63b40) C:\WINDOWS\system32\DRIVERS\fdc.sys

20:40:11.0968 5688 Fdc - ok

20:40:12.0062 5688 FETNDISB (cc6b6df3c35c20531492e1b700f700fa) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys

20:40:12.0140 5688 FETNDISB - ok

20:40:12.0218 5688 Fips (f06da3260b440a0f6432a50222b880ea) C:\WINDOWS\system32\drivers\Fips.sys

20:40:12.0234 5688 Fips - ok

20:40:12.0421 5688 FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe

20:40:13.0578 5688 FirebirdServerMAGIXInstance - ok

20:40:13.0671 5688 Flpydisk (28271c4c9cc2248c1cea8ff903298c4b) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

20:40:13.0671 5688 Flpydisk - ok

20:40:13.0781 5688 FltMgr (15835809e26cb8e27bf19860b5a6caa9) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

20:40:13.0828 5688 FltMgr - ok

20:40:13.0953 5688 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

20:40:13.0968 5688 FontCache3.0.0.0 - ok

20:40:14.0062 5688 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:40:14.0062 5688 Fs_Rec - ok

20:40:14.0125 5688 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:40:14.0140 5688 Ftdisk - ok

20:40:14.0218 5688 Gpc (455a242ecb4296eca80d319566d6971e) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:40:14.0250 5688 Gpc - ok

20:40:14.0343 5688 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

20:40:14.0359 5688 gupdate - ok

20:40:14.0359 5688 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

20:40:14.0359 5688 gupdatem - ok

20:40:14.0406 5688 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

20:40:14.0437 5688 gusvc - ok

20:40:14.0562 5688 helpsvc (092620eb30864486be588d2367e6ac28) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

20:40:14.0562 5688 helpsvc - ok

20:40:14.0656 5688 HidServ (d52e548518ecee4e364dc95d234bba4a) C:\WINDOWS\System32\hidserv.dll

20:40:14.0859 5688 HidServ - ok

20:40:14.0953 5688 HidUsb (0e59f9eb06bd4cc0a7f34bb852615247) C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:40:14.0984 5688 HidUsb - ok

20:40:15.0062 5688 hkmsvc (5cfb08b84abc3dffa54849a272012f40) C:\WINDOWS\System32\kmsvc.dll

20:40:15.0343 5688 hkmsvc - ok

20:40:15.0437 5688 HPFXBULK (d63b7f6b2b992c0b566f44efde620b5d) C:\WINDOWS\system32\drivers\hpfxbulk.sys

20:40:15.0656 5688 HPFXBULK - ok

20:40:15.0750 5688 HPFXFAX (2bdff04d7d9a3cf07d9417cd366756e1) C:\WINDOWS\system32\drivers\hpfxfax.sys

20:40:15.0937 5688 HPFXFAX - ok

20:40:16.0000 5688 hpn - ok

20:40:16.0078 5688 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

20:40:16.0093 5688 HTTP - ok

20:40:16.0171 5688 HTTPFilter (94429263065b17070adfc1ed6a2d3f70) C:\WINDOWS\System32\w3ssl.dll

20:40:16.0328 5688 HTTPFilter - ok

20:40:16.0406 5688 i2omgmt - ok

20:40:16.0437 5688 i2omp - ok

20:40:16.0500 5688 i8042prt (b1d5ac772c9602519abf878da44f2993) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:40:16.0531 5688 i8042prt - ok

20:40:16.0671 5688 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:40:16.0718 5688 idsvc - ok

20:40:16.0812 5688 Imapi (22abef00814937a22c4f4828eadc3ef8) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:40:16.0843 5688 Imapi - ok

20:40:16.0921 5688 ImapiService (39cc28cd352cc192aeb843fb8665895f) C:\WINDOWS\system32\imapi.exe

20:40:16.0953 5688 ImapiService - ok

20:40:17.0031 5688 ini910u - ok

20:40:17.0109 5688 IntelIde (dc14e711e57269e1d31675f969048e37) C:\WINDOWS\system32\DRIVERS\intelide.sys

20:40:17.0140 5688 IntelIde - ok

20:40:17.0281 5688 intelppm (58959c4c8d8c0534f0e161c8e8899c96) C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:40:17.0312 5688 intelppm - ok

20:40:17.0390 5688 Ip6Fw (b1157e4e295d3dec5e62b2bb5189c0a8) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

20:40:17.0406 5688 Ip6Fw - ok

20:40:17.0515 5688 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:40:17.0546 5688 IpFilterDriver - ok

20:40:17.0625 5688 IpInIp (89638a2b685902cb4e70cd5d9ef33156) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:40:17.0640 5688 IpInIp - ok

20:40:17.0765 5688 IpNat (a5791aec1588bfd76295de679b147c55) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:40:17.0796 5688 IpNat - ok

20:40:17.0890 5688 IPSec (8c2fa9ece20f0f99e9003f060e155db9) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:40:17.0906 5688 IPSec - ok

20:40:18.0015 5688 IRENUM (f17106f5e19039bc7ec7f6c54ba82f21) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:40:18.0031 5688 IRENUM - ok

20:40:18.0140 5688 isapnp (4d08fbb3bd7b6cce4f352d3d5a1c5154) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:40:18.0187 5688 isapnp - ok

20:40:18.0296 5688 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe

20:40:18.0312 5688 JavaQuickStarterService - ok

20:40:18.0406 5688 Kbdclass (f46911a590c6a69cae4ce915e3c54ea2) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:40:18.0437 5688 Kbdclass - ok

20:40:18.0531 5688 kbdhid (74e6777eb19269a81259d9e3fa8e0cf6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

20:40:18.0546 5688 kbdhid - ok

20:40:18.0640 5688 kmixer (724fa1e8877b52d0c6a876d41ea558e7) C:\WINDOWS\system32\drivers\kmixer.sys

20:40:18.0640 5688 kmixer - ok

20:40:18.0765 5688 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

20:40:18.0796 5688 KSecDD - ok

20:40:18.0875 5688 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

20:40:19.0093 5688 LanmanServer - ok

20:40:19.0265 5688 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

20:40:19.0546 5688 lanmanworkstation - ok

20:40:19.0750 5688 lbrtfdc - ok

20:40:19.0828 5688 LmHosts (e3c57c9f6dd7983bfdd047493722d2bb) C:\WINDOWS\System32\lmhsvc.dll

20:40:19.0828 5688 LmHosts - ok

20:40:19.0921 5688 Messenger (b0e62543939ad2b59b69ad2639d397db) C:\WINDOWS\System32\msgsvc.dll

20:40:20.0093 5688 Messenger - ok

20:40:20.0203 5688 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

20:40:20.0234 5688 Microsoft Office Groove Audit Service - ok

20:40:20.0328 5688 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

20:40:20.0343 5688 mnmdd - ok

20:40:20.0421 5688 mnmsrvc (5b3dda2ac7dc6b516baf74e3b3a88dc1) C:\WINDOWS\system32\mnmsrvc.exe

20:40:20.0718 5688 mnmsrvc - ok

20:40:20.0859 5688 Modem (027315af46fb8fe59fd654f7804d3440) C:\WINDOWS\system32\drivers\Modem.sys

20:40:20.0875 5688 Modem - ok

20:40:20.0968 5688 Mouclass (be8ba5d4c4adee75f6b4dc77b8c18726) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:40:21.0000 5688 Mouclass - ok

20:40:21.0093 5688 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:40:21.0109 5688 mouhid - ok

20:40:21.0187 5688 MountMgr (4e73ca698169b63690cd170d62af5289) C:\WINDOWS\system32\drivers\MountMgr.sys

20:40:21.0218 5688 MountMgr - ok

20:40:21.0281 5688 mraid35x - ok

20:40:21.0359 5688 MRxDAV (ac9a33d0836545e72e878d6b2ee66ed3) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:40:21.0390 5688 MRxDAV - ok

20:40:21.0500 5688 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:40:21.0890 5688 MRxSmb - ok

20:40:21.0968 5688 MSDTC (af8467d683e8d3d7950e980d447645f6) C:\WINDOWS\system32\msdtc.exe

20:40:22.0171 5688 MSDTC - ok

20:40:22.0265 5688 Msfs (921a36437283d1303c42996877976ea0) C:\WINDOWS\system32\drivers\Msfs.sys

20:40:22.0281 5688 Msfs - ok

20:40:22.0328 5688 MSIServer - ok

20:40:22.0406 5688 MSKSSRV (8d235f3b33089ce8c02e3a56c55cfa2a) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:40:22.0437 5688 MSKSSRV - ok

20:40:22.0515 5688 MSPCLOCK (60b0a7b75a169efc90a7d28b762f1d7a) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:40:22.0546 5688 MSPCLOCK - ok

20:40:22.0625 5688 MSPQM (5ff45f159dd6f9292cd0645706593ade) C:\WINDOWS\system32\drivers\MSPQM.sys

20:40:22.0640 5688 MSPQM - ok

20:40:22.0734 5688 mssmbios (227da9e3a1a6fc04210d2392b9ea9026) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:40:22.0750 5688 mssmbios - ok

20:40:22.0828 5688 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys

20:40:22.0843 5688 ms_mpu401 - ok

20:40:23.0015 5688 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

20:40:23.0031 5688 Mup - ok

20:40:23.0125 5688 napagent (2b0c4bbc291dd4608ead2f2cbce10e5c) C:\WINDOWS\System32\qagentrt.dll

20:40:23.0156 5688 napagent - ok

20:40:23.0312 5688 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

20:40:23.0375 5688 NBService - ok

20:40:23.0484 5688 NDIS (d89aca7f76952917cbade3c315b50036) C:\WINDOWS\system32\drivers\NDIS.sys

20:40:23.0515 5688 NDIS - ok

20:40:23.0609 5688 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:40:23.0781 5688 NdisTapi - ok

20:40:23.0890 5688 Ndisuio (6c299f28150bf94c304b5b2f9aef0c9a) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:40:23.0890 5688 Ndisuio - ok

20:40:23.0984 5688 NdisWan (026b1fc7ed7761ff1330047580d8345e) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:40:24.0015 5688 NdisWan - ok

20:40:24.0109 5688 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

20:40:24.0125 5688 NDProxy - ok

20:40:24.0218 5688 NetBIOS (34691c114a1e3df953d4f918c1068fb6) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:40:24.0234 5688 NetBIOS - ok

20:40:24.0328 5688 NetBT (fcf68116195adf2777644187303f206a) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:40:24.0343 5688 NetBT - ok

20:40:24.0437 5688 NetDDE (6b4edeffebbd705a1160f27a821532b3) C:\WINDOWS\system32\netdde.exe

20:40:24.0640 5688 NetDDE - ok

20:40:24.0671 5688 NetDDEdsdm (6b4edeffebbd705a1160f27a821532b3) C:\WINDOWS\system32\netdde.exe

20:40:24.0671 5688 NetDDEdsdm - ok

20:40:24.0765 5688 Netlogon (543b4545600f5b26150ff3f639aa670a) C:\WINDOWS\system32\lsass.exe

20:40:24.0765 5688 Netlogon - ok

20:40:24.0875 5688 Netman (a0c9cb2819059fa490b2cf43aa08d19c) C:\WINDOWS\System32\netman.dll

20:40:25.0046 5688 Netman - ok

20:40:25.0187 5688 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:40:25.0187 5688 NetTcpPortSharing - ok

20:40:25.0296 5688 NIC1394 (e54114c34a338313ea622dfadeada0d4) C:\WINDOWS\system32\DRIVERS\nic1394.sys

20:40:25.0312 5688 NIC1394 - ok

20:40:25.0406 5688 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

20:40:25.0406 5688 Nla - ok

20:40:25.0531 5688 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

20:40:25.0546 5688 NMIndexingService - ok

20:40:25.0640 5688 Npfs (682d9c1b2219bccda7d033e2706fdb50) C:\WINDOWS\system32\drivers\Npfs.sys

20:40:25.0656 5688 Npfs - ok

20:40:25.0781 5688 Ntfs (4baa9de705d0ea0036642d655a36d16e) C:\WINDOWS\system32\drivers\Ntfs.sys

20:40:25.0843 5688 Ntfs - ok

20:40:25.0953 5688 NtLmSsp (543b4545600f5b26150ff3f639aa670a) C:\WINDOWS\system32\lsass.exe

20:40:25.0953 5688 NtLmSsp - ok

20:40:26.0062 5688 NtmsSvc (92fa7ccee20701efb2107e9b91f1b846) C:\WINDOWS\system32\ntmssvc.dll

20:40:26.0281 5688 NtmsSvc - ok

20:40:26.0390 5688 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:40:26.0390 5688 Null - ok

20:40:26.0453 5688 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:40:26.0468 5688 NwlnkFlt - ok

20:40:26.0562 5688 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:40:26.0562 5688 NwlnkFwd - ok

20:40:26.0687 5688 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

20:40:26.0718 5688 odserv - ok

20:40:26.0812 5688 ohci1394 (7012cf464c9ded9509564ed4c7bf2b07) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

20:40:26.0828 5688 ohci1394 - ok

20:40:26.0890 5688 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:40:26.0921 5688 ose - ok

20:40:26.0984 5688 p695x9cu.sys - ok

20:40:27.0046 5688 Parport (86c656bfb7df47da74f681ff1b75fe81) C:\WINDOWS\system32\DRIVERS\parport.sys

20:40:27.0062 5688 Parport - ok

20:40:27.0171 5688 PartMgr (e1c9c03d779b559a10a744709eb194b4) C:\WINDOWS\system32\drivers\PartMgr.sys

20:40:27.0203 5688 PartMgr - ok

20:40:27.0281 5688 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

20:40:27.0296 5688 ParVdm - ok

20:40:27.0531 5688 PCI (48affb14e2bed45d37b72894e7923444) C:\WINDOWS\system32\DRIVERS\pci.sys

20:40:27.0609 5688 PCI - ok

20:40:27.0734 5688 PCIDump - ok

20:40:27.0812 5688 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

20:40:27.0812 5688 PCIIde - ok

20:40:27.0921 5688 Pcmcia (b054facb7eb88946033a9e703569e885) C:\WINDOWS\system32\drivers\Pcmcia.sys

20:40:27.0937 5688 Pcmcia - ok

20:40:28.0000 5688 PDCOMP - ok

20:40:28.0031 5688 PDFRAME - ok

20:40:28.0078 5688 PDRELI - ok

20:40:28.0109 5688 PDRFRAME - ok

20:40:28.0171 5688 perc2 - ok

20:40:28.0203 5688 perc2hib - ok

20:40:28.0281 5688 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

20:40:28.0281 5688 PlugPlay - ok

20:40:28.0359 5688 PolicyAgent (543b4545600f5b26150ff3f639aa670a) C:\WINDOWS\system32\lsass.exe

20:40:28.0359 5688 PolicyAgent - ok

20:40:28.0453 5688 PptpMiniport (0f14d1f70cb752e1b3bdc8f9e1764712) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:40:28.0468 5688 PptpMiniport - ok

20:40:28.0562 5688 PRISM_A00 (621848f689066206d710c468ef145cde) C:\WINDOWS\system32\DRIVERS\PRISMA00.sys

20:40:28.0625 5688 PRISM_A00 - ok

20:40:28.0718 5688 ProtectedStorage (543b4545600f5b26150ff3f639aa670a) C:\WINDOWS\system32\lsass.exe

20:40:28.0718 5688 ProtectedStorage - ok

20:40:28.0828 5688 PSched (57e14e15ac0f50d33335669a3b764f0a) C:\WINDOWS\system32\DRIVERS\psched.sys

20:40:28.0859 5688 PSched - ok

20:40:28.0937 5688 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:40:28.0953 5688 Ptilink - ok

20:40:29.0015 5688 ql1080 - ok

20:40:29.0062 5688 Ql10wnt - ok

20:40:29.0125 5688 ql12160 - ok

20:40:29.0171 5688 ql1240 - ok

20:40:29.0234 5688 ql1280 - ok

20:40:29.0281 5688 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:40:29.0296 5688 RasAcd - ok

20:40:29.0375 5688 RasAuto (034ae40c0d63cd1bc909fe4cd0149148) C:\WINDOWS\System32\rasauto.dll

20:40:29.0562 5688 RasAuto - ok

20:40:29.0656 5688 Rasl2tp (946afd1d88e27f9d1fb90846e059f28d) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:40:29.0671 5688 Rasl2tp - ok

20:40:29.0765 5688 RasMan (78fe0f702de2c52b523e3093339e9d55) C:\WINDOWS\System32\rasmans.dll

20:40:30.0000 5688 RasMan - ok

20:40:30.0093 5688 RasPppoe (2a6ea23ef68a0f509b045b105ec2bc5c) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:40:30.0125 5688 RasPppoe - ok

20:40:30.0218 5688 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:40:30.0234 5688 Raspti - ok

20:40:30.0312 5688 Rdbss (9534c6ac6e389efec8b2794c379d97e7) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:40:30.0328 5688 Rdbss - ok

20:40:30.0421 5688 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:40:30.0421 5688 RDPCDD - ok

20:40:30.0500 5688 rdpdr (1e9ea73d5f49f7b0ce9f0f4f3d63242b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

20:40:30.0546 5688 rdpdr - ok

20:40:30.0656 5688 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

20:40:30.0875 5688 RDPWD - ok

20:40:30.0953 5688 RDSessMgr (55280866297d954f31679885ed58d077) C:\WINDOWS\system32\sessmgr.exe

20:40:31.0218 5688 RDSessMgr - ok

20:40:31.0312 5688 redbook (805d17f1ec3626bb98b62db45cebe187) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:40:31.0328 5688 redbook - ok

20:40:31.0421 5688 RemoteAccess (2c6425ed9acd2b52d346f77d7e48bed3) C:\WINDOWS\System32\mprdim.dll

20:40:31.0437 5688 RemoteAccess - ok

20:40:31.0515 5688 RemoteRegistry (5858b07c7f91f1c7e95cf187c6aa0bcd) C:\WINDOWS\system32\regsvc.dll

20:40:31.0546 5688 RemoteRegistry - ok

20:40:31.0609 5688 RpcLocator (3835e5b6404d27d1c05bc33b296c3905) C:\WINDOWS\system32\locator.exe

20:40:31.0828 5688 RpcLocator - ok

20:40:31.0937 5688 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

20:40:31.0937 5688 RpcSs - ok

20:40:32.0046 5688 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

20:40:32.0234 5688 RSVP - ok

20:40:32.0312 5688 SamSs (543b4545600f5b26150ff3f639aa670a) C:\WINDOWS\system32\lsass.exe

20:40:32.0312 5688 SamSs - ok

20:40:32.0421 5688 SCardSvr (93c707f59d097db907998174158c8530) C:\WINDOWS\System32\SCardSvr.exe

20:40:32.0625 5688 SCardSvr - ok

20:40:32.0718 5688 Schedule (62debeda7434d4f6d3dfcde4f3af7761) C:\WINDOWS\system32\schedsvc.dll

20:40:32.0921 5688 Schedule - ok

20:40:33.0015 5688 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:40:33.0031 5688 Secdrv - ok

20:40:33.0109 5688 seclogon (c6f49f6f4f1cdcaa25d1bf545eae838f) C:\WINDOWS\System32\seclogon.dll

20:40:33.0296 5688 seclogon - ok

20:40:33.0390 5688 SENS (f2da97b960da71cfff49c966ab74d2fc) C:\WINDOWS\system32\sens.dll

20:40:33.0390 5688 SENS - ok

20:40:33.0484 5688 serenum (ef126141d909a8fa89df35f44dfb1f2f) C:\WINDOWS\system32\DRIVERS\serenum.sys

20:40:33.0500 5688 serenum - ok

20:40:33.0593 5688 Serial (cf82322fa0b7a1e2f910eacc9d002b39) C:\WINDOWS\system32\DRIVERS\serial.sys

20:40:33.0593 5688 Serial - ok

20:40:33.0718 5688 Sfloppy (439cec05c6f6e68feb95f5b4fc01e9f3) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:40:33.0734 5688 Sfloppy - ok

20:40:33.0812 5688 SharedAccess (91a696f08daeb53f77ee725b304f3246) C:\WINDOWS\System32\ipnathlp.dll

20:40:34.0140 5688 SharedAccess - ok

20:40:34.0250 5688 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

20:40:34.0250 5688 ShellHWDetection - ok

20:40:34.0328 5688 Simbad - ok

20:40:34.0406 5688 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

20:40:34.0656 5688 Sony SCSI Helper Service - ok

20:40:34.0765 5688 Sparrow - ok

20:40:34.0843 5688 splitter (ad4c32a5e4802f9596bc87598bec5efa) C:\WINDOWS\system32\drivers\splitter.sys

20:40:34.0875 5688 splitter - ok

20:40:34.0968 5688 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

20:40:34.0968 5688 Spooler - ok

20:40:35.0062 5688 sr (e8aebf1e13d550bed140c1c6015e71b4) C:\WINDOWS\system32\DRIVERS\sr.sys

20:40:35.0078 5688 sr - ok

20:40:35.0234 5688 srservice (ab54e2dff17d58350f88606fa85a02af) C:\WINDOWS\system32\srsvc.dll

20:40:35.0453 5688 srservice - ok

20:40:35.0578 5688 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

20:40:35.0640 5688 Srv - ok

20:40:35.0734 5688 SSDPSRV (7b50c000ed67ff2f446123753d5413ff) C:\WINDOWS\System32\ssdpsrv.dll

20:40:35.0953 5688 SSDPSRV - ok

20:40:36.0046 5688 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

20:40:36.0062 5688 StillCam - ok

20:40:36.0156 5688 stisvc (e736b227e428be3fb9a1f8755e320b4b) C:\WINDOWS\system32\wiaservc.dll

20:40:36.0375 5688 stisvc - ok

20:40:36.0484 5688 swenum (492f74db817ff4bcb582ade7495e9b7b) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:40:36.0500 5688 swenum - ok

20:40:36.0593 5688 swmidi (6fb4b1734f613d614cc0f6a28d7fd2e5) C:\WINDOWS\system32\drivers\swmidi.sys

20:40:36.0625 5688 swmidi - ok

20:40:36.0671 5688 SwPrv - ok

20:40:36.0734 5688 symc810 - ok

20:40:36.0796 5688 symc8xx - ok

20:40:36.0859 5688 sym_hi - ok

20:40:36.0921 5688 sym_u3 - ok

20:40:36.0984 5688 sysaudio (b29ca8e11142186468c62a2dd30e2e84) C:\WINDOWS\system32\drivers\sysaudio.sys

20:40:37.0015 5688 sysaudio - ok

20:40:37.0109 5688 SysmonLog (c4c34141a39385f64fc423c7c8b245df) C:\WINDOWS\system32\smlogsvc.exe

20:40:37.0328 5688 SysmonLog - ok

20:40:37.0406 5688 TapiSrv (8a3ae8286c14965ea84529555a479c35) C:\WINDOWS\System32\tapisrv.dll

20:40:37.0625 5688 TapiSrv - ok

20:40:37.0812 5688 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:40:37.0859 5688 Tcpip - ok

20:40:37.0984 5688 TDPIPE (7a15c6872b75f0db426c97429200292e) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:40:37.0984 5688 TDPIPE - ok

20:40:38.0140 5688 TDTCP (cd471c6ad7b3b85695be281baf71c27e) C:\WINDOWS\system32\drivers\TDTCP.sys

20:40:38.0156 5688 TDTCP - ok

20:40:38.0250 5688 TermDD (3d648f177f9637a33070f918ca17d191) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:40:38.0265 5688 TermDD - ok

20:40:38.0359 5688 TermService (ccb30fba0f11056e199f360b351e5349) C:\WINDOWS\System32\termsrv.dll

20:40:38.0625 5688 TermService - ok

20:40:38.0718 5688 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

20:40:38.0734 5688 Themes - ok

20:40:38.0796 5688 TlntSvr (d4e29bd6ff231a2fb8201d0df0e89f18) C:\WINDOWS\system32\tlntsvr.exe

20:40:38.0953 5688 TlntSvr - ok

20:40:39.0015 5688 TosIde - ok

20:40:39.0093 5688 TrkWks (a9218e2cbdcc33cdc0ed0ad14e8863fa) C:\WINDOWS\system32\trkwks.dll

20:40:39.0250 5688 TrkWks - ok

20:40:39.0343 5688 Udfs (0149ba616f4f84eea280ebbbe2727379) C:\WINDOWS\system32\drivers\Udfs.sys

20:40:39.0375 5688 Udfs - ok

20:40:39.0437 5688 ultra - ok

20:40:39.0515 5688 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe

20:40:39.0515 5688 UMWdf - ok

20:40:39.0625 5688 Update (ce14abc02a88b8c9d08726f21a1e3e7a) C:\WINDOWS\system32\DRIVERS\update.sys

20:40:39.0671 5688 Update - ok

20:40:39.0765 5688 upnphost (18097058ddfa698e6a7aec1d965b61b0) C:\WINDOWS\System32\upnphost.dll

20:40:39.0937 5688 upnphost - ok

20:40:40.0046 5688 UPS (2ef7ef0b1d49139b2fe2f6d2f4504810) C:\WINDOWS\System32\ups.exe

20:40:40.0125 5688 UPS - ok

20:40:40.0203 5688 usbccgp (a1a80dfef1b7c1f86a2170ae0e9376f6) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:40:40.0250 5688 usbccgp - ok

20:40:40.0343 5688 usbehci (a272f17643aae348f7e296ebdcdbd48d) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:40:40.0359 5688 usbehci - ok

20:40:40.0437 5688 usbhub (ab16f57df6adceb94ca74ae33800cce4) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:40:40.0437 5688 usbhub - ok

20:40:40.0531 5688 usbprint (bf4acc6fa22ec157ef27f414860a358d) C:\WINDOWS\system32\DRIVERS\usbprint.sys

20:40:40.0531 5688 usbprint - ok

20:40:40.0625 5688 usbscan (3a2fdd0341d3dae241b6a182d1d85649) C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:40:40.0625 5688 usbscan - ok

20:40:40.0687 5688 usbstor (27e3998c0ff792be5ad48e5cdc53cf86) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:40:40.0718 5688 usbstor - ok

20:40:40.0812 5688 usbuhci (79f2e86c56453942b951a979cfe1c619) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:40:40.0843 5688 usbuhci - ok

20:40:40.0937 5688 VgaSave (e3894343f9c7a6a5b5a4051bb2a51dff) C:\WINDOWS\System32\drivers\vga.sys

20:40:40.0968 5688 VgaSave - ok

20:40:41.0031 5688 ViaIde - ok

20:40:41.0093 5688 VolSnap (734738d29213de1ee15fdb7bbd134fe7) C:\WINDOWS\system32\drivers\VolSnap.sys

20:40:41.0125 5688 VolSnap - ok

20:40:41.0234 5688 VSS (aa8fcfe8ad758f1eb4e91c35ca567120) C:\WINDOWS\System32\vssvc.exe

20:40:41.0453 5688 VSS - ok

20:40:41.0546 5688 W32Time (747089d0836de2965363e0d017afc07e) C:\WINDOWS\system32\w32time.dll

20:40:41.0703 5688 W32Time - ok

20:40:41.0812 5688 Wanarp (b1c554ee64ae2d6515b0893e047c90d6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:40:41.0828 5688 Wanarp - ok

20:40:41.0890 5688 WDICA - ok

20:40:41.0953 5688 wdmaud (9b8065c28267b639776bbab90bf6c841) C:\WINDOWS\system32\drivers\wdmaud.sys

20:40:41.0968 5688 wdmaud - ok

20:40:42.0046 5688 WebClient (1e5809bb10c4935910470e0c7b727524) C:\WINDOWS\System32\webclnt.dll

20:40:42.0218 5688 WebClient - ok

20:40:42.0359 5688 winmgmt (fcc16fd46afdd9996c61236c50d4dd21) C:\WINDOWS\system32\wbem\WMIsvc.dll

20:40:42.0609 5688 winmgmt - ok

20:40:42.0703 5688 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll

20:40:42.0859 5688 WmdmPmSN - ok

20:40:43.0093 5688 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

20:40:43.0140 5688 Wmi - ok

20:40:43.0265 5688 WmiApSrv (40844f8dde70e0955f5660a669f33d0c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

20:40:43.0546 5688 WmiApSrv - ok

20:40:43.0781 5688 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

20:40:43.0828 5688 WPFFontCache_v0400 - ok

20:40:43.0937 5688 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

20:40:43.0953 5688 WS2IFSL - ok

20:40:44.0031 5688 wscsvc (b7fe5cda268792d2abaab56946afe3be) C:\WINDOWS\system32\wscsvc.dll

20:40:44.0234 5688 wscsvc - ok

20:40:44.0328 5688 wuauserv (b64e5c23f7939ed28f040b1ab269d8ab) C:\WINDOWS\system32\wuauserv.dll

20:40:44.0453 5688 wuauserv - ok

20:40:44.0546 5688 WZCSVC (78502b4f25c91a61e3acfb2f33b6b7a1) C:\WINDOWS\System32\wzcsvc.dll

20:40:44.0796 5688 WZCSVC - ok

20:40:44.0875 5688 xcpip - ok

20:40:44.0937 5688 xmlprov (f077e30465b99436ff68e5b6ece0728e) C:\WINDOWS\System32\xmlprov.dll

20:40:45.0093 5688 xmlprov - ok

20:40:45.0156 5688 xpsec - ok

20:40:45.0187 5688 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0

20:40:45.0187 5688 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected

20:40:45.0187 5688 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)

20:40:45.0187 5688 Boot (0x1200) (c019de945667642aef45a278a6fc21c7) \Device\Harddisk0\DR0\Partition0

20:40:45.0203 5688 \Device\Harddisk0\DR0\Partition0 - ok

20:40:45.0218 5688 Boot (0x1200) (7eec6bcfaca2da64601ff8e7baaea209) \Device\Harddisk0\DR0\Partition1

20:40:45.0234 5688 \Device\Harddisk0\DR0\Partition1 - ok

20:40:45.0234 5688 ============================================================

20:40:45.0234 5688 Scan finished

20:40:45.0234 5688 ============================================================

20:40:45.0250 3412 Detected object count: 1

20:40:45.0250 3412 Actual detected object count: 1

20:41:13.0187 3412 \Device\Harddisk0\DR0\# - copied to quarantine

20:41:13.0187 3412 \Device\Harddisk0\DR0 - copied to quarantine

20:41:13.0312 3412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot

20:41:13.0375 3412 \Device\Harddisk0\DR0 - ok

20:41:13.0375 3412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure

20:41:55.0984 5452 Deinitialize success

via de virusscanner van avast vindt hij niets.

als ik avg2012 erop los laat geeft hij aan( C:\windows\system32\service.exe(1620):\memory_010f0000 trojaans paard PSW.Agent.AUES) als gevonden virussen.

pc is enorm traag en downloaden gaat al helemaal niet.

Alvast weer bedankt voor de moeite.