Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

virus in (Hoofd)opstartsector?

Anoniem
Abraham54
38 antwoorden
  • Mijn laptop Acer Aspire One Pro loopt niet zoals het zou moeten (dwz vergeleken met enige tijd geleden). Veei te traag.
    Verder wil het ding niet doorstarten, dwz na aanzetten volgt opstarten van Win XP maar dan blijft het programma steken op het Welkom.
    Het rare fenomeen doet zich echter voor dat indien ik de computer daarna uit- en weer aanzet, het opstarten wel normaal verloopt.

    Ik heb gedacht aan een virus.

    Een scan met Avira Free Antivirus meldt:
    ————————————————–
    Hoofdopstartsectorscan wordt gestart:
    Hoofdopstartsector HD1
    [INFO] Er is geen virus gevonden!
    Start met het scannen van opstartsectoren:
    Hoofdopstartsector HD0
    [DETECTIE] Bevat code van het opstartsectorvirus BOO/Mebroot.A
    [OPMERKING] De opstartsector is niet gerepareerd!
    Opstartsector 'C:'
    [DETECTIE] Bevat code van het opstartsectorvirus BOO/Mebroot.A
    [OPMERKING] De opstartsector is niet gerepareerd!
    Opstartsector 'E:'
    [DETECTIE] Bevat code van het opstartsectorvirus BOO/Mebroot.A
    [OPMERKING] De opstartsector is niet gerepareerd!
    Opstartsector 'F:'
    [DETECTIE] Bevat code van het opstartsectorvirus BOO/Mebroot.A
    [OPMERKING] De opstartsector is niet gerepareerd!
    —————————————————————————-

    Maar, een scan uitgevoerd met AVG rept niet over dit "opstartsectorvirus". Wel geeft 12 vermeldingen van
    ———————————————————————————
    Trojaans paard PSW.Agent.AUET
    in o.a. ,als voorbeeld, \WINDOWS\System32\svchost.exe (944):\memory_00e00000.

    Tenslotte ook nog Anti-Malware gedraaid. Twee bestanden werden gevonden en verwijderd.
    ——————————————————————————-
    C:\System Volume Information\_restore{C67CB77C-F094-4F50-B6D8-40B98242C730}\RP398\A0071693.exe (PUP.ToolbarDownloader) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\System Volume Information\_restore{C67CB77C-F094-4F50-B6D8-40B98242C730}\RP398\A0071694.exe (PUP.ToolbarDownloader) -> Succesvol in quarantaine geplaatst en verwijderd.
    ——————————————————————————-

    Ik heb ook Hijackthis een onderzoek laten doen. Het log daarvan wil ik ook ter beoordeling aanbieden, maar het is wellicht beter dit in een later stadium te doen.

    Graag hulp!
  • Hoi ldej24, Mebroot/Sinowal is een MBR-rootkit.
    Je hebt hopelijk niet meer geïnternetbankierd met jouw notebook?

    Lees onderstaande goed, kopieer desnoods de tekst naar kladblok.


    [b:76f2b1d61e]Welk programma[/b:76f2b1d61e]: Kaspersky [b:76f2b1d61e]TDSSKiller[/b:76f2b1d61e]
    [b:76f2b1d61e]Waarvoor/waarom[/b:76f2b1d61e]: Rootkitscanner
    [b:76f2b1d61e]Moeilijkheidsgraad[/b:76f2b1d61e]: geen
    [b:76f2b1d61e]Downloadlokatie[/b:76f2b1d61e]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:76f2b1d61e]Download[/b:76f2b1d61e] [b:76f2b1d61e]TDSSKiller[/b:76f2b1d61e] [b:76f2b1d61e]hier[/b:76f2b1d61e].

    [b:76f2b1d61e]Installatie[/b:76f2b1d61e]:
    [list:76f2b1d61e][*:76f2b1d61e] pak het bestand uit op je bureaublad.[/list:u:76f2b1d61e]

    [b:76f2b1d61e]TDSSKiller gebruiken[/b:76f2b1d61e]:
    [list:76f2b1d61e][*:76f2b1d61e]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe.
    [*:76f2b1d61e]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:76f2b1d61e]Als Administrator uitvoeren[/b:76f2b1d61e].
    [*:76f2b1d61e]
  • Mijn dank voor de aanwijzingen. Ik ga er mee aan de slag, en kom er op terug.

    Wat betreft de vraag naar internetbankieren: ja, ik heb er gebruik van gemaakt in de afgelopen dagen. Moet ik mij zorgen maken over een plotselinge onaangename verrassing?
  • In principe wel, want die rootkit zal niet de enigste malware injouw systeem.
    Feitelijk kan je namelijk zeggen dat jouw PC nu onderdeel van een botnet is, dus door derden beheerd wordt.
    Bij welk bank internetbankier jij?
  • Wil het wel lukken?
  • Scan met TDSSKiller uitgevoerd. Mebroot/Sinowal gevonden en "Cure".

    Zijn er meer acties te ondernemen?

    Dit is het verslag:

    15:13:58.0562 10756 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
    15:13:58.0609 10756 ============================================================
    15:13:58.0609 10756 Current date / time: 2012/05/21 15:13:58.0609
    15:13:58.0609 10756 SystemInfo:
    15:13:58.0609 10756
    15:13:58.0609 10756 OS Version: 5.1.2600 ServicePack: 3.0
    15:13:58.0609 10756 Product type: Workstation
    15:13:58.0609 10756 ComputerName: ACER-1D6E3986B1
    15:13:58.0609 10756 UserName: Acer
    15:13:58.0609 10756 Windows directory: C:\WINDOWS
    15:13:58.0609 10756 System windows directory: C:\WINDOWS
    15:13:58.0609 10756 Processor architecture: Intel x86
    15:13:58.0609 10756 Number of processors: 2
    15:13:58.0609 10756 Page size: 0x1000
    15:13:58.0609 10756 Boot type: Normal boot
    15:13:58.0609 10756 ============================================================
    15:13:59.0656 10756 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    15:13:59.0656 10756 Drive \Device\Harddisk1\DR5 - Size: 0xF1000000 (3.77 Gb), SectorSize: 0x200, Cylinders: 0x1EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    15:13:59.0671 10756 ============================================================
    15:13:59.0671 10756 \Device\Harddisk0\DR0:
    15:13:59.0671 10756 MBR partitions:
    15:13:59.0671 10756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xE01000, BlocksNum 0x94FF57F
    15:13:59.0687 10756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0xA3035CF, BlocksNum 0x4D4B136
    15:13:59.0703 10756 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF04E744, BlocksNum 0x39CA37D
    15:13:59.0703 10756 \Device\Harddisk1\DR5:
    15:13:59.0703 10756 MBR partitions:
    15:13:59.0703 10756 \Device\Harddisk1\DR5\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x785BEC
    15:13:59.0703 10756 ============================================================
    15:13:59.0781 10756 C: <-> \Device\Harddisk0\DR0\Partition0
    15:13:59.0781 10756 E: <-> \Device\Harddisk0\DR0\Partition1
    15:13:59.0812 10756 F: <-> \Device\Harddisk0\DR0\Partition2
    15:13:59.0812 10756 ============================================================
    15:13:59.0812 10756 Initialize success
    15:13:59.0812 10756 ============================================================
    15:14:59.0921 11684 ============================================================
    15:14:59.0921 11684 Scan started
    15:14:59.0921 11684 Mode: Manual;
    15:14:59.0921 11684 ============================================================
    15:15:01.0000 11684 Scan interrupted by user!
    15:15:01.0000 11684 Scan interrupted by user!
    15:15:01.0000 11684 Scan interrupted by user!
    15:15:01.0000 11684 ============================================================
    15:15:01.0000 11684 Scan finished
    15:15:01.0000 11684 ============================================================
    15:15:01.0031 11264 Detected object count: 0
    15:15:01.0031 11264 Actual detected object count: 0
    15:15:39.0421 11676 ============================================================
    15:15:39.0421 11676 Scan started
    15:15:39.0421 11676 Mode: Manual; SigCheck; TDLFS;
    15:15:39.0421 11676 ============================================================
    15:15:39.0765 11676 Aavmker4 - ok
    15:15:39.0781 11676 Abiosdsk - ok
    15:15:39.0828 11676 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    15:15:40.0484 11676 abp480n5 - ok
    15:15:40.0562 11676 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    15:15:40.0828 11676 ACPI - ok
    15:15:40.0843 11676 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    15:15:41.0046 11676 ACPIEC - ok
    15:15:41.0125 11676 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    15:15:41.0328 11676 adpu160m - ok
    15:15:41.0453 11676 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    15:15:41.0687 11676 aec - ok
    15:15:41.0750 11676 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    15:15:41.0796 11676 AFD - ok
    15:15:41.0812 11676 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    15:15:42.0031 11676 agp440 - ok
    15:15:42.0156 11676 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    15:15:42.0359 11676 agpCPQ - ok
    15:15:42.0375 11676 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    15:15:42.0468 11676 Aha154x - ok
    15:15:42.0484 11676 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    15:15:42.0718 11676 aic78u2 - ok
    15:15:42.0734 11676 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    15:15:42.0937 11676 aic78xx - ok
    15:15:42.0968 11676 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll
    15:15:43.0171 11676 Alerter - ok
    15:15:43.0218 11676 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe
    15:15:43.0312 11676 ALG - ok
    15:15:43.0359 11676 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    15:15:43.0562 11676 AliIde - ok
    15:15:43.0625 11676 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    15:15:43.0843 11676 alim1541 - ok
    15:15:44.0078 11676 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
    15:15:44.0265 11676 Ambfilt - ok
    15:15:44.0437 11676 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    15:15:44.0750 11676 amdagp - ok
    15:15:44.0796 11676 ampa (fe62e9711285dc2002def9b2bc2fb220) C:\WINDOWS\system32\ampa.sys
    15:15:44.0828 11676 ampa - ok
    15:15:44.0875 11676 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    15:15:44.0984 11676 amsint - ok
    15:15:45.0015 11676 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
    15:15:45.0156 11676 androidusb - ok
    15:15:45.0156 11676 AppMgmt - ok
    15:15:45.0343 11676 AR5416 (41074707ba49d02e240c7b960217aabe) C:\WINDOWS\system32\DRIVERS\athw.sys
    15:15:45.0531 11676 AR5416 - ok
    15:15:45.0703 11676 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    15:15:46.0015 11676 asc - ok
    15:15:46.0109 11676 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    15:15:46.0281 11676 asc3350p - ok
    15:15:46.0296 11676 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    15:15:46.0515 11676 asc3550 - ok
    15:15:46.0625 11676 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    15:15:46.0687 11676 aspnet_state - ok
    15:15:46.0703 11676 aswFsBlk - ok
    15:15:46.0703 11676 aswMon2 - ok
    15:15:46.0718 11676 aswRdr - ok
    15:15:46.0734 11676 aswSP - ok
    15:15:46.0750 11676 aswTdi - ok
    15:15:46.0781 11676 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    15:15:47.0000 11676 AsyncMac - ok
    15:15:47.0046 11676 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    15:15:47.0265 11676 atapi - ok
    15:15:47.0281 11676 Atdisk - ok
    15:15:47.0328 11676 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    15:15:47.0546 11676 Atmarpc - ok
    15:15:47.0625 11676 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll
    15:15:47.0859 11676 AudioSrv - ok
    15:15:47.0937 11676 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    15:15:48.0156 11676 audstub - ok
    15:15:48.0703 11676 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
    15:15:49.0218 11676 AVGIDSAgent - ok
    15:15:49.0390 11676 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
    15:15:49.0421 11676 AVGIDSDriver - ok
    15:15:49.0437 11676 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
    15:15:49.0468 11676 AVGIDSFilter - ok
    15:15:49.0500 11676 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
    15:15:49.0531 11676 AVGIDSHX - ok
    15:15:49.0562 11676 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
    15:15:49.0593 11676 AVGIDSShim - ok
    15:15:49.0640 11676 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    15:15:49.0687 11676 Avgldx86 - ok
    15:15:49.0718 11676 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    15:15:49.0765 11676 Avgmfx86 - ok
    15:15:49.0781 11676 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    15:15:49.0828 11676 Avgrkx86 - ok
    15:15:49.0875 11676 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    15:15:49.0921 11676 Avgtdix - ok
    15:15:50.0031 11676 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    15:15:50.0062 11676 avgwd - ok
    15:15:50.0109 11676 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    15:15:50.0343 11676 Beep - ok
    15:15:50.0453 11676 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll
    15:15:50.0765 11676 BITS - ok
    15:15:50.0812 11676 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll
    15:15:51.0031 11676 Browser - ok
    15:15:51.0109 11676 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    15:15:51.0328 11676 cbidf - ok
    15:15:51.0343 11676 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    15:15:51.0546 11676 cbidf2k - ok
    15:15:51.0593 11676 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    15:15:51.0828 11676 CCDECODE - ok
    15:15:51.0843 11676 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    15:15:51.0937 11676 cd20xrnt - ok
    15:15:51.0953 11676 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    15:15:52.0171 11676 Cdaudio - ok
    15:15:52.0218 11676 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    15:15:52.0421 11676 Cdfs - ok
    15:15:52.0500 11676 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    15:15:52.0578 11676 Cdrom - ok
    15:15:52.0578 11676 Changer - ok
    15:15:52.0609 11676 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe
    15:15:52.0843 11676 CiSvc - ok
    15:15:52.0906 11676 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe
    15:15:53.0125 11676 ClipSrv - ok
    15:15:53.0281 11676 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:15:53.0328 11676 clr_optimization_v2.0.50727_32 - ok
    15:15:53.0390 11676 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:15:53.0421 11676 clr_optimization_v4.0.30319_32 - ok
    15:15:53.0437 11676 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    15:15:53.0656 11676 CmBatt - ok
    15:15:53.0718 11676 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    15:15:53.0953 11676 CmdIde - ok
    15:15:53.0953 11676 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    15:15:54.0187 11676 Compbatt - ok
    15:15:54.0203 11676 COMSysApp - ok
    15:15:54.0218 11676 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    15:15:54.0437 11676 Cpqarray - ok
    15:15:54.0484 11676 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
    15:15:54.0500 11676 cpuz135 - ok
    15:15:54.0546 11676 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll
    15:15:54.0765 11676 CryptSvc - ok
    15:15:54.0781 11676 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    15:15:55.0000 11676 dac2w2k - ok
    15:15:55.0000 11676 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    15:15:55.0234 11676 dac960nt - ok
    15:15:55.0343 11676 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
    15:15:55.0421 11676 DcomLaunch - ok
    15:15:55.0453 11676 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
    15:15:55.0484 11676 dgderdrv - ok
    15:15:55.0546 11676 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll
    15:15:55.0781 11676 Dhcp - ok
    15:15:55.0828 11676 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    15:15:56.0046 11676 Disk - ok
    15:15:56.0125 11676 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
    15:15:56.0171 11676 DKbFltr - ok
    15:15:56.0187 11676 dmadmin - ok
    15:15:56.0281 11676 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    15:15:56.0515 11676 dmboot - ok
    15:15:56.0609 11676 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    15:15:56.0875 11676 dmio - ok
    15:15:56.0921 11676 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    15:15:57.0156 11676 dmload - ok
    15:15:57.0203 11676 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll
    15:15:57.0421 11676 dmserver - ok
    15:15:57.0500 11676 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    15:15:57.0703 11676 DMusic - ok
    15:15:57.0812 11676 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll
    15:15:57.0875 11676 Dnscache - ok
    15:15:57.0921 11676 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll
    15:15:58.0140 11676 Dot3svc - ok
    15:15:58.0218 11676 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    15:15:58.0421 11676 dpti2o - ok
    15:15:58.0578 11676 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
    15:15:58.0625 11676 DritekPortIO - ok
    15:15:58.0687 11676 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    15:15:58.0875 11676 drmkaud - ok
    15:15:58.0890 11676 dum16.sys - ok
    15:15:58.0937 11676 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll
    15:15:59.0203 11676 EapHost - ok
    15:15:59.0250 11676 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
    15:15:59.0265 11676 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
    15:15:59.0265 11676 epmntdrv - detected UnsignedFile.Multi.Generic (1)
    15:15:59.0296 11676 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll
    15:15:59.0531 11676 ERSvc - ok
    15:15:59.0546 11676 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
    15:15:59.0562 11676 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
    15:15:59.0562 11676 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
    15:15:59.0609 11676 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
    15:15:59.0656 11676 Eventlog - ok
    15:15:59.0687 11676 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll
    15:15:59.0750 11676 EventSystem - ok
    15:15:59.0812 11676 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    15:16:00.0015 11676 Fastfat - ok
    15:16:00.0125 11676 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
    15:16:00.0203 11676 FastUserSwitchingCompatibility - ok
    15:16:00.0250 11676 Fax (4914736e61f561dad588af2aaa0df0f0) C:\WINDOWS\system32\fxssvc.exe
    15:16:00.0484 11676 Fax - ok
    15:16:00.0531 11676 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    15:16:00.0812 11676 Fdc - ok
    15:16:00.0859 11676 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    15:16:01.0093 11676 Fips - ok
    15:16:01.0093 11676 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    15:16:01.0296 11676 Flpydisk - ok
    15:16:01.0343 11676 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    15:16:01.0562 11676 FltMgr - ok
    15:16:01.0703 11676 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    15:16:01.0734 11676 FontCache3.0.0.0 - ok
    15:16:01.0781 11676 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    15:16:02.0000 11676 Fs_Rec - ok
    15:16:02.0093 11676 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    15:16:02.0312 11676 Ftdisk - ok
    15:16:02.0468 11676 GoogleDesktopManager-080708-050100 (31194fe0ef64d071ab1b34776e911ea9) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    15:16:02.0500 11676 GoogleDesktopManager-080708-050100 ( UnsignedFile.Multi.Generic ) - warning
    15:16:02.0500 11676 GoogleDesktopManager-080708-050100 - detected UnsignedFile.Multi.Generic (1)
    15:16:02.0531 11676 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    15:16:02.0750 11676 Gpc - ok
    15:16:02.0859 11676 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    15:16:02.0906 11676 gupdate - ok
    15:16:02.0921 11676 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    15:16:02.0968 11676 gupdatem - ok
    15:16:03.0031 11676 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    15:16:03.0093 11676 gusvc - ok
    15:16:03.0140 11676 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    15:16:03.0406 11676 HDAudBus - ok
    15:16:03.0500 11676 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    15:16:03.0718 11676 helpsvc - ok
    15:16:03.0734 11676 HidServ - ok
    15:16:03.0796 11676 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    15:16:04.0031 11676 HidUsb - ok
    15:16:04.0093 11676 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll
    15:16:04.0375 11676 hkmsvc - ok
    15:16:04.0437 11676 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    15:16:04.0671 11676 hpn - ok
    15:16:04.0750 11676 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    15:16:04.0828 11676 HTTP - ok
    15:16:04.0859 11676 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll
    15:16:05.0109 11676 HTTPFilter - ok
    15:16:05.0203 11676 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    15:16:05.0437 11676 i2omgmt - ok
    15:16:05.0468 11676 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    15:16:05.0687 11676 i2omp - ok
    15:16:05.0796 11676 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    15:16:06.0000 11676 i8042prt - ok
    15:16:06.0171 11676 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    15:16:06.0218 11676 IAANTMON - ok
    15:16:06.0781 11676 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    15:16:07.0328 11676 ialm - ok
    15:16:07.0500 11676 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
    15:16:07.0546 11676 iaStor - ok
    15:16:07.0671 11676 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    15:16:07.0765 11676 idsvc - ok
    15:16:07.0812 11676 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    15:16:08.0062 11676 Imapi - ok
    15:16:08.0125 11676 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe
    15:16:08.0328 11676 ImapiService - ok
    15:16:08.0390 11676 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    15:16:08.0625 11676 ini910u - ok
    15:16:09.0093 11676 IntcAzAudAddService (2b1cddfe53715372b2677ace12fc9fe5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    15:16:09.0593 11676 IntcAzAudAddService - ok
    15:16:09.0750 11676 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
    15:16:09.0953 11676 IntelIde - ok
    15:16:10.0000 11676 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    15:16:10.0218 11676 intelppm - ok
    15:16:10.0281 11676 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    15:16:10.0515 11676 Ip6Fw - ok
    15:16:10.0578 11676 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    15:16:10.0781 11676 IpFilterDriver - ok
    15:16:10.0875 11676 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    15:16:11.0062 11676 IpInIp - ok
    15:16:11.0093 11676 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    15:16:11.0312 11676 IpNat - ok
    15:16:11.0375 11676 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    15:16:11.0609 11676 IPSec - ok
    15:16:11.0687 11676 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    15:16:11.0796 11676 IRENUM - ok
    15:16:11.0906 11676 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    15:16:12.0125 11676 isapnp - ok
    15:16:12.0250 11676 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
    15:16:12.0281 11676 JavaQuickStarterService - ok
    15:16:12.0328 11676 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    15:16:12.0562 11676 Kbdclass - ok
    15:16:12.0593 11676 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    15:16:12.0828 11676 kmixer - ok
    15:16:12.0906 11676 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    15:16:13.0031 11676 KSecDD - ok
    15:16:13.0093 11676 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
    15:16:13.0156 11676 L1c - ok
    15:16:13.0203 11676 LanmanServer (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll
    15:16:13.0281 11676 LanmanServer - ok
    15:16:13.0328 11676 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll
    15:16:13.0390 11676 lanmanworkstation - ok
    15:16:13.0406 11676 lbrtfdc - ok
    15:16:13.0468 11676 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll
    15:16:13.0765 11676 LmHosts - ok
    15:16:13.0781 11676 ltjvkrhx - ok
    15:16:13.0843 11676 M3000Srv (73fd60fda3ff60f0666e4614e93f0aaa) C:\WINDOWS\system32\Drivers\M3000KNT.sys
    15:16:13.0921 11676 M3000Srv - ok
    15:16:13.0953 11676 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll
    15:16:14.0171 11676 Messenger - ok
    15:16:14.0281 11676 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    15:16:14.0562 11676 mnmdd - ok
    15:16:14.0593 11676 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe
    15:16:14.0796 11676 mnmsrvc - ok
    15:16:14.0890 11676 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    15:16:15.0109 11676 Modem - ok
    15:16:15.0281 11676 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
    15:16:15.0437 11676 Monfilt - ok
    15:16:15.0609 11676 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    15:16:15.0859 11676 Mouclass - ok
    15:16:15.0906 11676 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    15:16:16.0140 11676 mouhid - ok
    15:16:16.0203 11676 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    15:16:16.0390 11676 MountMgr - ok
    15:16:16.0515 11676 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    15:16:16.0562 11676 MozillaMaintenance - ok
    15:16:16.0578 11676 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    15:16:16.0812 11676 mraid35x - ok
    15:16:16.0843 11676 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    15:16:17.0125 11676 MRxDAV - ok
    15:16:17.0234 11676 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    15:16:17.0312 11676 MRxSmb - ok
    15:16:17.0343 11676 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe
    15:16:17.0562 11676 MSDTC - ok
    15:16:17.0656 11676 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    15:16:17.0890 11676 Msfs - ok
    15:16:17.0890 11676 MSIServer - ok
    15:16:17.0921 11676 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    15:16:18.0109 11676 MSKSSRV - ok
    15:16:18.0156 11676 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    15:16:18.0359 11676 MSPCLOCK - ok
    15:16:18.0375 11676 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    15:16:18.0578 11676 MSPQM - ok
    15:16:18.0625 11676 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    15:16:18.0812 11676 mssmbios - ok
    15:16:18.0859 11676 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    15:16:19.0078 11676 MSTEE - ok
    15:16:19.0187 11676 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    15:16:19.0234 11676 Mup - ok
    15:16:19.0265 11676 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    15:16:19.0515 11676 NABTSFEC - ok
    15:16:19.0593 11676 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll
    15:16:19.0828 11676 napagent - ok
    15:16:19.0890 11676 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    15:16:20.0093 11676 NDIS - ok
    15:16:20.0171 11676 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    15:16:20.0375 11676 NdisIP - ok
    15:16:20.0484 11676 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS
    distapi.sys
    15:16:20.0546 11676 NdisTapi - ok
    15:16:20.0562 11676 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS
    disuio.sys
    15:16:20.0796 11676 Ndisuio - ok
    15:16:20.0859 11676 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS
    diswan.sys
    15:16:21.0078 11676 NdisWan - ok
    15:16:21.0171 11676 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    15:16:21.0250 11676 NDProxy - ok
    15:16:21.0265 11676 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS
    etbios.sys
    15:16:21.0468 11676 NetBIOS - ok
    15:16:21.0562 11676 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS
    etbt.sys
    15:16:21.0812 11676 NetBT - ok
    15:16:21.0875 11676 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32
    etdde.exe
    15:16:22.0109 11676 NetDDE - ok
    15:16:22.0109 11676 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32
    etdde.exe
    15:16:22.0328 11676 NetDDEdsdm - ok
    15:16:22.0375 11676 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    15:16:22.0578 11676 Netlogon - ok
    15:16:22.0671 11676 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32
    etman.dll
    15:16:22.0890 11676 Netman - ok
    15:16:23.0000 11676 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    15:16:23.0031 11676 NetTcpPortSharing - ok
    15:16:23.0109 11676 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll
    15:16:23.0156 11676 Nla - ok
    15:16:23.0234 11676 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files\CDBurnerXP\NMSAccessU.exe
    15:16:23.0265 11676 NMSAccess - ok
    15:16:23.0328 11676 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    15:16:23.0609 11676 Npfs - ok
    15:16:23.0703 11676 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    15:16:23.0968 11676 Ntfs - ok
    15:16:24.0078 11676 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    15:16:24.0296 11676 NtLmSsp - ok
    15:16:24.0390 11676 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32
    tmssvc.dll
    15:16:24.0625 11676 NtmsSvc - ok
    15:16:24.0671 11676 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    15:16:24.0859 11676 Null - ok
    15:16:24.0890 11676 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS
    wlnkflt.sys
    15:16:25.0109 11676 NwlnkFlt - ok
    15:16:25.0109 11676 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS
    wlnkfwd.sys
    15:16:25.0328 11676 NwlnkFwd - ok
    15:16:25.0375 11676 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
    15:16:25.0578 11676 Parport - ok
    15:16:25.0656 11676 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    15:16:25.0859 11676 PartMgr - ok
    15:16:25.0890 11676 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    15:16:26.0093 11676 ParVdm - ok
    15:16:26.0156 11676 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    15:16:26.0390 11676 PCI - ok
    15:16:26.0406 11676 PCIDump - ok
    15:16:26.0437 11676 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
    15:16:26.0656 11676 PCIIde - ok
    15:16:26.0687 11676 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
    15:16:26.0906 11676 Pcmcia - ok
    15:16:26.0921 11676 PDCOMP - ok
    15:16:26.0937 11676 PDFRAME - ok
    15:16:26.0937 11676 PDRELI - ok
    15:16:26.0953 11676 PDRFRAME - ok
    15:16:26.0984 11676 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    15:16:27.0171 11676 perc2 - ok
    15:16:27.0187 11676 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    15:16:27.0437 11676 perc2hib - ok
    15:16:27.0515 11676 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
    15:16:27.0562 11676 PlugPlay - ok
    15:16:27.0562 11676 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    15:16:27.0781 11676 PolicyAgent - ok
    15:16:27.0875 11676 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    15:16:28.0093 11676 PptpMiniport - ok
    15:16:28.0093 11676 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    15:16:28.0312 11676 ProtectedStorage - ok
    15:16:28.0328 11676 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    15:16:28.0546 11676 PSched - ok
    15:16:28.0546 11676 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    15:16:28.0765 11676 Ptilink - ok
    15:16:28.0843 11676 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    15:16:29.0078 11676 ql1080 - ok
    15:16:29.0078 11676 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    15:16:29.0281 11676 Ql10wnt - ok
    15:16:29.0296 11676 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    15:16:29.0500 11676 ql12160 - ok
    15:16:29.0515 11676 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    15:16:29.0734 11676 ql1240 - ok
    15:16:29.0765 11676 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    15:16:29.0968 11676 ql1280 - ok
    15:16:30.0015 11676 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    15:16:30.0203 11676 RasAcd - ok
    15:16:30.0250 11676 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll
    15:16:30.0453 11676 RasAuto - ok
    15:16:30.0531 11676 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    15:16:30.0750 11676 Rasl2tp - ok
    15:16:30.0843 11676 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll
    15:16:31.0062 11676 RasMan - ok
    15:16:31.0078 11676 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    15:16:31.0328 11676 RasPppoe - ok
    15:16:31.0343 11676 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    15:16:31.0593 11676 Raspti - ok
    15:16:31.0671 11676 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    15:16:31.0875 11676 Rdbss - ok
    15:16:31.0953 11676 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    15:16:32.0187 11676 RDPCDD - ok
    15:16:32.0265 11676 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    15:16:32.0500 11676 rdpdr - ok
    15:16:32.0562 11676 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    15:16:32.0640 11676 RDPWD - ok
    15:16:32.0687 11676 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe
    15:16:32.0906 11676 RDSessMgr - ok
    15:16:32.0968 11676 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    15:16:33.0187 11676 redbook - ok
    15:16:33.0265 11676 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll
    15:16:33.0500 11676 RemoteAccess - ok
    15:16:33.0562 11676 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe
    15:16:33.0828 11676 RpcLocator - ok
    15:16:33.0906 11676 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
    15:16:33.0953 11676 RpcSs - ok
    15:16:33.0953 11676 RSUSBSTOR - ok
    15:16:34.0000 11676 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe
    15:16:34.0234 11676 RSVP - ok
    15:16:34.0328 11676 RS_Service (38494041f19f6cd005b711f5e08fae08) C:\Program Files\Acer\Acer VCM\RS_Service.exe
    15:16:34.0359 11676 RS_Service ( UnsignedFile.Multi.Generic ) - warning
    15:16:34.0359 11676 RS_Service - detected UnsignedFile.Multi.Generic (1)
    15:16:34.0359 11676 RtsUIR - ok
    15:16:34.0421 11676 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    15:16:34.0687 11676 SamSs - ok
    15:16:34.0765 11676 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe
    15:16:34.0968 11676 SCardSvr - ok
    15:16:35.0015 11676 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll
    15:16:35.0234 11676 Schedule - ok
    15:16:35.0265 11676 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    15:16:35.0375 11676 Secdrv - ok
    15:16:35.0390 11676 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll
    15:16:35.0609 11676 seclogon - ok
    15:16:35.0640 11676 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll
    15:16:35.0859 11676 SENS - ok
    15:16:35.0921 11676 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
    15:16:36.0125 11676 Serial - ok
    15:16:36.0187 11676 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    15:16:36.0390 11676 Sfloppy - ok
    15:16:36.0468 11676 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll
    15:16:36.0703 11676 SharedAccess - ok
    15:16:36.0765 11676 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
    15:16:36.0796 11676 ShellHWDetection - ok
    15:16:36.0812 11676 Simbad - ok
    15:16:36.0859 11676 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    15:16:37.0062 11676 sisagp - ok
    15:16:37.0156 11676 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
    15:16:37.0203 11676 SkypeUpdate - ok
    15:16:37.0218 11676 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    15:16:37.0421 11676 SLIP - ok
    15:16:37.0531 11676 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    15:16:37.0656 11676 Sparrow - ok
    15:16:37.0687 11676 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    15:16:37.0921 11676 splitter - ok
    15:16:37.0968 11676 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    15:16:38.0046 11676 Spooler - ok
    15:16:38.0093 11676 SQLWriter (9263c8898732e2b890f7e954e7729ab7) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    15:16:38.0125 11676 SQLWriter - ok
    15:16:38.0171 11676 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    15:16:38.0281 11676 sr - ok
    15:16:38.0328 11676 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll
    15:16:38.0437 11676 srservice - ok
    15:16:38.0500 11676 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    15:16:38.0593 11676 Srv - ok
    15:16:38.0656 11676 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
    15:16:38.0718 11676 ssadbus - ok
    15:16:38.0750 11676 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
    15:16:38.0859 11676 ssadmdfl - ok
    15:16:38.0890 11676 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
    15:16:38.0984 11676 ssadmdm - ok
    15:16:39.0000 11676 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys
    15:16:39.0062 11676 ssadserd - ok
    15:16:39.0125 11676 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll
    15:16:39.0234 11676 SSDPSRV - ok
    15:16:39.0281 11676 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
    15:16:39.0281 11676 StarOpen ( UnsignedFile.Multi.Generic ) - warning
    15:16:39.0281 11676 StarOpen - detected UnsignedFile.Multi.Generic (1)
    15:16:39.0359 11676 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll
    15:16:39.0593 11676 stisvc - ok
    15:16:39.0640 11676 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    15:16:39.0859 11676 streamip - ok
    15:16:39.0937 11676 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    15:16:40.0156 11676 swenum - ok
    15:16:40.0250 11676 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    15:16:40.0437 11676 swmidi - ok
    15:16:40.0453 11676 SwPrv - ok
    15:16:40.0515 11676 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    15:16:40.0734 11676 symc810 - ok
    15:16:40.0734 11676 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    15:16:40.0937 11676 symc8xx - ok
    15:16:40.0953 11676 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    15:16:41.0156 11676 sym_hi - ok
    15:16:41.0171 11676 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    15:16:41.0359 11676 sym_u3 - ok
    15:16:41.0406 11676 SynTP (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    15:16:41.0453 11676 SynTP - ok
    15:16:41.0484 11676 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    15:16:41.0687 11676 sysaudio - ok
    15:16:41.0750 11676 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe
    15:16:41.0953 11676 SysmonLog - ok
    15:16:42.0000 11676 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll
    15:16:42.0203 11676 TapiSrv - ok
    15:16:42.0281 11676 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    15:16:42.0359 11676 Tcpip - ok
    15:16:42.0406 11676 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    15:16:42.0640 11676 TDPIPE - ok
    15:16:42.0718 11676 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    15:16:42.0937 11676 TDTCP - ok
    15:16:42.0968 11676 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    15:16:43.0171 11676 TermDD - ok
    15:16:43.0265 11676 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll
    15:16:43.0468 11676 TermService - ok
    15:16:43.0546 11676 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
    15:16:43.0578 11676 Themes - ok
    15:16:43.0625 11676 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\system32\DRIVERS\toside.sys
    15:16:43.0828 11676 TosIde - ok
    15:16:43.0937 11676 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll
    15:16:44.0156 11676 TrkWks - ok
    15:16:44.0218 11676 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    15:16:44.0437 11676 Udfs - ok
    15:16:44.0515 11676 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    15:16:44.0656 11676 ultra - ok
    15:16:44.0718 11676 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    15:16:44.0968 11676 Update - ok
    15:16:45.0031 11676 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll
    15:16:45.0140 11676 upnphost - ok
    15:16:45.0156 11676 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe
    15:16:45.0359 11676 UPS - ok
    15:16:45.0421 11676 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    15:16:45.0640 11676 usbccgp - ok
    15:16:45.0656 11676 USBCCID - ok
    15:16:45.0734 11676 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    15:16:45.0953 11676 usbehci - ok
    15:16:45.0984 11676 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    15:16:46.0171 11676 usbhub - ok
    15:16:46.0218 11676 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    15:16:46.0421 11676 usbprint - ok
    15:16:46.0515 11676 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    15:16:46.0718 11676 usbstor - ok
    15:16:46.0750 11676 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    15:16:46.0953 11676 usbuhci - ok
    15:16:46.0968 11676 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    15:16:47.0187 11676 usbvideo - ok
    15:16:47.0218 11676 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    15:16:47.0406 11676 usb_rndisx - ok
    15:16:47.0453 11676 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    15:16:47.0656 11676 VgaSave - ok
    15:16:47.0734 11676 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    15:16:47.0937 11676 viaagp - ok
    15:16:47.0953 11676 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    15:16:48.0140 11676 ViaIde - ok
    15:16:48.0156 11676 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    15:16:48.0359 11676 VolSnap - ok
    15:16:48.0421 11676 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe
    15:16:48.0546 11676 VSS - ok
    15:16:48.0703 11676 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
    15:16:48.0781 11676 vToolbarUpdater11.0.2 - ok
    15:16:48.0843 11676 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll
    15:16:49.0125 11676 W32Time - ok
    15:16:49.0218 11676 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    15:16:49.0421 11676 Wanarp - ok
    15:16:49.0562 11676 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    15:16:49.0640 11676 Wdf01000 - ok
    15:16:49.0656 11676 WDICA - ok
    15:16:49.0703 11676 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    15:16:49.0937 11676 wdmaud - ok
    15:16:49.0984 11676 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll
    15:16:50.0187 11676 WebClient - ok
    15:16:50.0281 11676 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll
    15:16:50.0484 11676 winmgmt - ok
    15:16:50.0546 11676 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    15:16:50.0593 11676 WmdmPmSN - ok
    15:16:50.0609 11676 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    15:16:50.0796 11676 WmiAcpi - ok
    15:16:50.0828 11676 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    15:16:51.0078 11676 WmiApSrv - ok
    15:16:51.0093 11676 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    15:16:51.0140 11676 WpdUsb - ok
    15:16:51.0296 11676 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    15:16:51.0375 11676 WPFFontCache_v0400 - ok
    15:16:51.0421 11676 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    15:16:51.0640 11676 WS2IFSL - ok
    15:16:51.0734 11676 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll
    15:16:51.0968 11676 wscsvc - ok
    15:16:52.0046 11676 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    15:16:52.0296 11676 WSTCODEC - ok
    15:16:52.0328 11676 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll
    15:16:52.0546 11676 wuauserv - ok
    15:16:52.0625 11676 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    15:16:52.0703 11676 WudfPf - ok
    15:16:52.0718 11676 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    15:16:52.0765 11676 WudfRd - ok
    15:16:52.0796 11676 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    15:16:52.0843 11676 WudfSvc - ok
    15:16:52.0921 11676 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll
    15:16:53.0140 11676 WZCSVC - ok
    15:16:53.0156 11676 xcpip - ok
    15:16:53.0171 11676 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll
    15:16:53.0375 11676 xmlprov - ok
    15:16:53.0390 11676 xpsec - ok
    15:16:53.0453 11676 MBR (0x1B8) (199d66d15be31321331253788f490d3d) \Device\Harddisk0\DR0
    15:16:53.0453 11676 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
    15:16:53.0453 11676 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
    15:16:53.0578 11676 MBR (0x1B8) (2525c724d1ddacb6f3e4171a75f7e9c5) \Device\Harddisk1\DR5
    15:16:54.0859 11676 \Device\Harddisk1\DR5 - ok
    15:16:54.0890 11676 Boot (0x1200) (d1029a78775d45331df933cd8081090a) \Device\Harddisk0\DR0\Partition0
    15:16:54.0890 11676 \Device\Harddisk0\DR0\Partition0 - ok
    15:16:54.0906 11676 Boot (0x1200) (91f405814c24700f16abb36022f1b6bb) \Device\Harddisk0\DR0\Partition1
    15:16:54.0906 11676 \Device\Harddisk0\DR0\Partition1 - ok
    15:16:54.0937 11676 Boot (0x1200) (7b882774d588d30005dd99a9bd9c59b6) \Device\Harddisk0\DR0\Partition2
    15:16:54.0937 11676 \Device\Harddisk0\DR0\Partition2 - ok
    15:16:54.0937 11676 Boot (0x1200) (6da7facc15da116ea704133bbc0e7e76) \Device\Harddisk1\DR5\Partition0
    15:16:54.0953 11676 \Device\Harddisk1\DR5\Partition0 - ok
    15:16:54.0953 11676 ============================================================
    15:16:54.0953 11676 Scan finished
    15:16:54.0953 11676 ============================================================
    15:16:55.0062 11744 Detected object count: 6
    15:16:55.0062 11744 Actual detected object count: 6
    15:19:18.0000 11744 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
    15:19:18.0000 11744 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:19:18.0000 11744 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
    15:19:18.0000 11744 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:19:18.0000 11744 GoogleDesktopManager-080708-050100 ( UnsignedFile.Multi.Generic ) - skipped by user
    15:19:18.0000 11744 GoogleDesktopManager-080708-050100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:19:18.0015 11744 RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
    15:19:18.0015 11744 RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:19:18.0015 11744 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
    15:19:18.0015 11744 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:19:19.0250 11744 \Device\Harddisk0\DR0\# - copied to quarantine
    15:19:19.0250 11744 \Device\Harddisk0\DR0 - copied to quarantine
    15:19:19.0265 11744 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
    15:19:19.0343 11744 \Device\Harddisk0\DR0 - ok
    15:19:19.0343 11744 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
    15:22:19.0531 11576 Deinitialize success










  • Hoi, zo te zien is het goed gegaan, maar dat gaan we controleren en ook een nieuwe opdracht.

  • Het TDSS starter report - Stap 1

    ==============================================
    System Restore Point Check:
    .
    TDSSKiller Starter Restore Point Created Succesfully
    ==============================================
    .
    ==============================================
    C:\TDSSKiller.2.7.35.0_21.05.2012_15.13.58_log.txt
    C:\TDSSKiller.2.7.35.0_21.05.2012_15.25.01_log.txt
    C:\TDSSKiller.2.7.35.0_21.05.2012_15.36.08_log.txt
    ==============================================
    Registry Export
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
    "445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
    "137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
    "138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
    "3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
    "65533:TCP"="65533:TCP:*:Enabled:Services"
    "52344:TCP"="52344:TCP:*:Enabled:Services"
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
    "2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
    "139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
    "445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
    "137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
    "138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"
    "3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
    "65533:TCP"="65533:TCP:*:Enabled:Services"
    "52344:TCP"="52344:TCP:*:Enabled:Services"
    ==============================================
    EOF


    Stap 2 Combifix heeft wat meer tijd nodig.


    Middelerwijl wat vragen:
    1. is het zinvol om met een zekere regelmaat een TDSSKillerscan uit te voeren?
    2. ik las dat in een eerder bericht u Avast 7 aanraadde. Ik gebruik nu AVG. Is het zinvol om over te stappen.
    3. Klaarblijkelijk is het Mebroot/virus door de mazen van het antivirus-programma geglipt. Zou dat ook hebben kunnen gebeuren onder bescherming van Avast7?
  • Je gebruikt momenteel Avira als ik het goed heb.

    Het op eigen houtje gebruik maken van TDSSKiller is af te raden.
    Dit tool is zo sterk - een verkeerde beslissing en dan is jouw Windows mogelijk niet meer opstartbaar!
    En je hebt de vraag nog niet beantwoord bij welke bank jij nu zit!
  • Geprobeerd ComboFix te laten draaien na alle aanwijzingen zorgvuldig te hebben nagevolgd. Helaas, tijdens de Autoscan bevroor het programma.
    Wat kan er zijn misgegaan?
  • Probeer de scan opnieuw - maar dan in Veilige modus.
  • [quote:f88fdbfeda="Abraham54"]Probeer de scan opnieuw - maar dan in Veilige modus.[/quote:f88fdbfeda]
    Ook in Veilige Modus verdwijnt na circa 10 minuten de prompt en bevriest de machine. Nogal teleurstellend.
    Wat nu?
  • Dan gaan we eerst wat anders proberen:

    [b:25105c7051]Welk programma[/b:25105c7051]:
  • Emsisoft Emergency Kit scant mijn computer. Zit nu op 28% van de gescande files. Ziet er naar uit dat dit zo'n 12-14 uur in beslag gaat nemen. Is het normaal dat dit zo lang duurt?
  • De scan is zeer grondig inderdaad en kan even duren.
  • [quote:2066963419="Abraham54"]De scan is zeer grondig inderdaad en kan even duren.[/quote:2066963419]

    [Wanneer ik aan 'even' denk heb ik de tijd voor een kop koffie voor ogen, eventueel met het knabbelen van een sprits.]

    Het Emisoft verslag:
    ——————————————————————————-
    Emsisoft Emergency Kit - Versie 1.0
    Laatste Update: 25-5-2012 17:33:11

    Scaninstellingen:

    Scantype: Diepe Scan
    Objecten: Geheugen, Sporen, Cookies, C:\, E:\, F:\
    Scan archieven: Aan
    Heuristieken: Uit
    ADS Scan: Aan

    Scan gestart: 25-5-2012 17:33:39

    C:\Documents and Settings\Acer\Cookies\acer@com[1].txt Ontdekt: Trace.TrackingCookie.com!A2
    C:\Documents and Settings\Acer\Cookies\acer@google.com[1].txt Ontdekt: Trace.TrackingCookie.google.com!A2
    C:\Documents and Settings\Acer\Cookies\acer@google.com[2].txt Ontdekt: Trace.TrackingCookie.google.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2344 Ontdekt: Trace.TrackingCookie.about.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2348 Ontdekt: Trace.TrackingCookie.about.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2351 Ontdekt: Trace.TrackingCookie.about.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2372 Ontdekt: Trace.TrackingCookie.about.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2374 Ontdekt: Trace.TrackingCookie.about.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2375 Ontdekt: Trace.TrackingCookie.about.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2376 Ontdekt: Trace.TrackingCookie.about.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2718 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:9253 Ontdekt: Trace.TrackingCookie.track.adform.net!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:13378 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:15100 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:15140 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19281 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19348 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19456 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19457 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19458 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19459 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19460 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19461 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:20422 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2
    C:\TDSSKiller_Quarantine\21.05.2012_15.13.58\mbr0000\mbr0000\tsk0000.dta Ontdekt: Trojan.DOS.Sinowal!IK
    C:\TDSSKiller_Quarantine\21.05.2012_15.13.58\mbr0000\mbr0000\tsk0001.dta Ontdekt: Rootkit.Boot.Cidox!IK

    Gescand

    Bestanden: 677929
    Sporen: 409214
    Cookies: 1547
    Processen: 40

    Gevonden

    Bestanden: 2
    Sporen: 0
    Cookies: 24
    Processen: 0
    Registersleutels: 0

    Scan Geëindigd: 25-5-2012 22:49:31
    Scantijd: 5:15:52

    C:\TDSSKiller_Quarantine\21.05.2012_15.13.58\mbr0000\mbr0000\tsk0001.dta Verwijderd Rootkit.Boot.Cidox!IK
    C:\TDSSKiller_Quarantine\21.05.2012_15.13.58\mbr0000\mbr0000\tsk0000.dta Verwijderd Trojan.DOS.Sinowal!IK

    Verwijderd

    Bestanden: 2
    Sporen: 0
    Cookies: 0

    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19281 In Quarantaine Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19456 In Quarantaine Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19457 In Quarantaine Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19458 In Quarantaine Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19459 In Quarantaine Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19460 In Quarantaine Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19461 In Quarantaine Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:15100 In Quarantaine Trace.TrackingCookie.www.googleadservices.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:15140 In Quarantaine Trace.TrackingCookie.www.googleadservices.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19348 In Quarantaine Trace.TrackingCookie.www.googleadservices.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:20422 In Quarantaine Trace.TrackingCookie.www.googleadservices.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:9253 In Quarantaine Trace.TrackingCookie.track.adform.net!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2718 In Quarantaine Trace.TrackingCookie.doubleclick.net!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:13378 In Quarantaine Trace.TrackingCookie.doubleclick.net!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2344 In Quarantaine Trace.TrackingCookie.about.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2348 In Quarantaine Trace.TrackingCookie.about.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2351 In Quarantaine Trace.TrackingCookie.about.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2372 In Quarantaine Trace.TrackingCookie.about.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2374 In Quarantaine Trace.TrackingCookie.about.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2375 In Quarantaine Trace.TrackingCookie.about.com!A2
    C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2376 In Quarantaine Trace.TrackingCookie.about.com!A2
    C:\Documents and Settings\Acer\Cookies\acer@google.com[1].txt In Quarantaine Trace.TrackingCookie.google.com!A2
    C:\Documents and Settings\Acer\Cookies\acer@google.com[2].txt In Quarantaine Trace.TrackingCookie.google.com!A2
    C:\Documents and Settings\Acer\Cookies\acer@com[1].txt In Quarantaine Trace.TrackingCookie.com!A2

    In Quarantaine

    Bestanden: 0
    Sporen: 0
    Cookies: 24
    ———————————————————————————-

    Ik heb ook Combifix nog eens geprobeerd. Dit keer bevroor de machine niet. Maar na meer dan een nacht draaien was er nog geen resultaat. Ik heb de operatie toen maar gestopt.
  • We proberen weer ComboFix.

    [b:c7a190769f]Welk programma[/b:c7a190769f]:
  • ComboFix gedraaid. Autoscan doorlopen. Maar toen er gevraagd werd om te wachten ging er klaarblijkelijk iets mis. Na bijna een dag wachten het programma gestopt.

    Zou het zinvol zijn een Hijackthis verslag ter beoordeling voor te leggen?
  • Kijk eerst of je in C:\Combofix.txt kan vinden.
    Indien ja - dan de inhoud van dat dokument posten.
  • ComboFix.txt gevonden in map C:\ComboFix.

    —————————————————————————–
    ComboFix 12-05-24.03 - Acer 27-05-2012 14:44:48.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2038.1497 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Acer\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    ——————————————————————————

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.