Vraag & Antwoord
virus in (Hoofd)opstartsector?
38 antwoorden
- Mijn laptop Acer Aspire One Pro loopt niet zoals het zou moeten (dwz vergeleken met enige tijd geleden). Veei te traag.
Verder wil het ding niet doorstarten, dwz na aanzetten volgt opstarten van Win XP maar dan blijft het programma steken op het Welkom.
Het rare fenomeen doet zich echter voor dat indien ik de computer daarna uit- en weer aanzet, het opstarten wel normaal verloopt.
Ik heb gedacht aan een virus.
Een scan met Avira Free Antivirus meldt:
————————————————–
Hoofdopstartsectorscan wordt gestart:
Hoofdopstartsector HD1
[INFO] Er is geen virus gevonden!
Start met het scannen van opstartsectoren:
Hoofdopstartsector HD0
[DETECTIE] Bevat code van het opstartsectorvirus BOO/Mebroot.A
[OPMERKING] De opstartsector is niet gerepareerd!
Opstartsector 'C:'
[DETECTIE] Bevat code van het opstartsectorvirus BOO/Mebroot.A
[OPMERKING] De opstartsector is niet gerepareerd!
Opstartsector 'E:'
[DETECTIE] Bevat code van het opstartsectorvirus BOO/Mebroot.A
[OPMERKING] De opstartsector is niet gerepareerd!
Opstartsector 'F:'
[DETECTIE] Bevat code van het opstartsectorvirus BOO/Mebroot.A
[OPMERKING] De opstartsector is niet gerepareerd!
—————————————————————————-
Maar, een scan uitgevoerd met AVG rept niet over dit "opstartsectorvirus". Wel geeft 12 vermeldingen van
———————————————————————————
Trojaans paard PSW.Agent.AUET
in o.a. ,als voorbeeld, \WINDOWS\System32\svchost.exe (944):\memory_00e00000.
Tenslotte ook nog Anti-Malware gedraaid. Twee bestanden werden gevonden en verwijderd.
——————————————————————————-
C:\System Volume Information\_restore{C67CB77C-F094-4F50-B6D8-40B98242C730}\RP398\A0071693.exe (PUP.ToolbarDownloader) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\System Volume Information\_restore{C67CB77C-F094-4F50-B6D8-40B98242C730}\RP398\A0071694.exe (PUP.ToolbarDownloader) -> Succesvol in quarantaine geplaatst en verwijderd.
——————————————————————————-
Ik heb ook Hijackthis een onderzoek laten doen. Het log daarvan wil ik ook ter beoordeling aanbieden, maar het is wellicht beter dit in een later stadium te doen.
Graag hulp! - Hoi ldej24, Mebroot/Sinowal is een MBR-rootkit.
Je hebt hopelijk niet meer geïnternetbankierd met jouw notebook?
Lees onderstaande goed, kopieer desnoods de tekst naar kladblok.
[b:76f2b1d61e]Welk programma[/b:76f2b1d61e]: Kaspersky [b:76f2b1d61e]TDSSKiller[/b:76f2b1d61e]
[b:76f2b1d61e]Waarvoor/waarom[/b:76f2b1d61e]: Rootkitscanner
[b:76f2b1d61e]Moeilijkheidsgraad[/b:76f2b1d61e]: geen
[b:76f2b1d61e]Downloadlokatie[/b:76f2b1d61e]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
[b:76f2b1d61e]Download[/b:76f2b1d61e] [b:76f2b1d61e]TDSSKiller[/b:76f2b1d61e] [b:76f2b1d61e]hier[/b:76f2b1d61e].
[b:76f2b1d61e]Installatie[/b:76f2b1d61e]:
[list:76f2b1d61e][*:76f2b1d61e] pak het bestand uit op je bureaublad.[/list:u:76f2b1d61e]
[b:76f2b1d61e]TDSSKiller gebruiken[/b:76f2b1d61e]:
[list:76f2b1d61e][*:76f2b1d61e]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe.
[*:76f2b1d61e]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:76f2b1d61e]Als Administrator uitvoeren[/b:76f2b1d61e].
[*:76f2b1d61e] - Mijn dank voor de aanwijzingen. Ik ga er mee aan de slag, en kom er op terug.
Wat betreft de vraag naar internetbankieren: ja, ik heb er gebruik van gemaakt in de afgelopen dagen. Moet ik mij zorgen maken over een plotselinge onaangename verrassing? - In principe wel, want die rootkit zal niet de enigste malware injouw systeem.
Feitelijk kan je namelijk zeggen dat jouw PC nu onderdeel van een botnet is, dus door derden beheerd wordt.
Bij welk bank internetbankier jij? - Wil het wel lukken?
- Scan met TDSSKiller uitgevoerd. Mebroot/Sinowal gevonden en "Cure".
Zijn er meer acties te ondernemen?
Dit is het verslag:
15:13:58.0562 10756 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
15:13:58.0609 10756 ============================================================
15:13:58.0609 10756 Current date / time: 2012/05/21 15:13:58.0609
15:13:58.0609 10756 SystemInfo:
15:13:58.0609 10756
15:13:58.0609 10756 OS Version: 5.1.2600 ServicePack: 3.0
15:13:58.0609 10756 Product type: Workstation
15:13:58.0609 10756 ComputerName: ACER-1D6E3986B1
15:13:58.0609 10756 UserName: Acer
15:13:58.0609 10756 Windows directory: C:\WINDOWS
15:13:58.0609 10756 System windows directory: C:\WINDOWS
15:13:58.0609 10756 Processor architecture: Intel x86
15:13:58.0609 10756 Number of processors: 2
15:13:58.0609 10756 Page size: 0x1000
15:13:58.0609 10756 Boot type: Normal boot
15:13:58.0609 10756 ============================================================
15:13:59.0656 10756 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:13:59.0656 10756 Drive \Device\Harddisk1\DR5 - Size: 0xF1000000 (3.77 Gb), SectorSize: 0x200, Cylinders: 0x1EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:13:59.0671 10756 ============================================================
15:13:59.0671 10756 \Device\Harddisk0\DR0:
15:13:59.0671 10756 MBR partitions:
15:13:59.0671 10756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xE01000, BlocksNum 0x94FF57F
15:13:59.0687 10756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0xA3035CF, BlocksNum 0x4D4B136
15:13:59.0703 10756 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF04E744, BlocksNum 0x39CA37D
15:13:59.0703 10756 \Device\Harddisk1\DR5:
15:13:59.0703 10756 MBR partitions:
15:13:59.0703 10756 \Device\Harddisk1\DR5\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x785BEC
15:13:59.0703 10756 ============================================================
15:13:59.0781 10756 C: <-> \Device\Harddisk0\DR0\Partition0
15:13:59.0781 10756 E: <-> \Device\Harddisk0\DR0\Partition1
15:13:59.0812 10756 F: <-> \Device\Harddisk0\DR0\Partition2
15:13:59.0812 10756 ============================================================
15:13:59.0812 10756 Initialize success
15:13:59.0812 10756 ============================================================
15:14:59.0921 11684 ============================================================
15:14:59.0921 11684 Scan started
15:14:59.0921 11684 Mode: Manual;
15:14:59.0921 11684 ============================================================
15:15:01.0000 11684 Scan interrupted by user!
15:15:01.0000 11684 Scan interrupted by user!
15:15:01.0000 11684 Scan interrupted by user!
15:15:01.0000 11684 ============================================================
15:15:01.0000 11684 Scan finished
15:15:01.0000 11684 ============================================================
15:15:01.0031 11264 Detected object count: 0
15:15:01.0031 11264 Actual detected object count: 0
15:15:39.0421 11676 ============================================================
15:15:39.0421 11676 Scan started
15:15:39.0421 11676 Mode: Manual; SigCheck; TDLFS;
15:15:39.0421 11676 ============================================================
15:15:39.0765 11676 Aavmker4 - ok
15:15:39.0781 11676 Abiosdsk - ok
15:15:39.0828 11676 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:15:40.0484 11676 abp480n5 - ok
15:15:40.0562 11676 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:15:40.0828 11676 ACPI - ok
15:15:40.0843 11676 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:15:41.0046 11676 ACPIEC - ok
15:15:41.0125 11676 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:15:41.0328 11676 adpu160m - ok
15:15:41.0453 11676 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:15:41.0687 11676 aec - ok
15:15:41.0750 11676 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:15:41.0796 11676 AFD - ok
15:15:41.0812 11676 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:15:42.0031 11676 agp440 - ok
15:15:42.0156 11676 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:15:42.0359 11676 agpCPQ - ok
15:15:42.0375 11676 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:15:42.0468 11676 Aha154x - ok
15:15:42.0484 11676 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:15:42.0718 11676 aic78u2 - ok
15:15:42.0734 11676 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:15:42.0937 11676 aic78xx - ok
15:15:42.0968 11676 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll
15:15:43.0171 11676 Alerter - ok
15:15:43.0218 11676 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe
15:15:43.0312 11676 ALG - ok
15:15:43.0359 11676 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:15:43.0562 11676 AliIde - ok
15:15:43.0625 11676 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:15:43.0843 11676 alim1541 - ok
15:15:44.0078 11676 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
15:15:44.0265 11676 Ambfilt - ok
15:15:44.0437 11676 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:15:44.0750 11676 amdagp - ok
15:15:44.0796 11676 ampa (fe62e9711285dc2002def9b2bc2fb220) C:\WINDOWS\system32\ampa.sys
15:15:44.0828 11676 ampa - ok
15:15:44.0875 11676 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:15:44.0984 11676 amsint - ok
15:15:45.0015 11676 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
15:15:45.0156 11676 androidusb - ok
15:15:45.0156 11676 AppMgmt - ok
15:15:45.0343 11676 AR5416 (41074707ba49d02e240c7b960217aabe) C:\WINDOWS\system32\DRIVERS\athw.sys
15:15:45.0531 11676 AR5416 - ok
15:15:45.0703 11676 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:15:46.0015 11676 asc - ok
15:15:46.0109 11676 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:15:46.0281 11676 asc3350p - ok
15:15:46.0296 11676 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:15:46.0515 11676 asc3550 - ok
15:15:46.0625 11676 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:15:46.0687 11676 aspnet_state - ok
15:15:46.0703 11676 aswFsBlk - ok
15:15:46.0703 11676 aswMon2 - ok
15:15:46.0718 11676 aswRdr - ok
15:15:46.0734 11676 aswSP - ok
15:15:46.0750 11676 aswTdi - ok
15:15:46.0781 11676 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:15:47.0000 11676 AsyncMac - ok
15:15:47.0046 11676 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:15:47.0265 11676 atapi - ok
15:15:47.0281 11676 Atdisk - ok
15:15:47.0328 11676 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:15:47.0546 11676 Atmarpc - ok
15:15:47.0625 11676 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll
15:15:47.0859 11676 AudioSrv - ok
15:15:47.0937 11676 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:15:48.0156 11676 audstub - ok
15:15:48.0703 11676 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
15:15:49.0218 11676 AVGIDSAgent - ok
15:15:49.0390 11676 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
15:15:49.0421 11676 AVGIDSDriver - ok
15:15:49.0437 11676 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
15:15:49.0468 11676 AVGIDSFilter - ok
15:15:49.0500 11676 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
15:15:49.0531 11676 AVGIDSHX - ok
15:15:49.0562 11676 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
15:15:49.0593 11676 AVGIDSShim - ok
15:15:49.0640 11676 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:15:49.0687 11676 Avgldx86 - ok
15:15:49.0718 11676 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:15:49.0765 11676 Avgmfx86 - ok
15:15:49.0781 11676 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:15:49.0828 11676 Avgrkx86 - ok
15:15:49.0875 11676 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
15:15:49.0921 11676 Avgtdix - ok
15:15:50.0031 11676 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
15:15:50.0062 11676 avgwd - ok
15:15:50.0109 11676 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:15:50.0343 11676 Beep - ok
15:15:50.0453 11676 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll
15:15:50.0765 11676 BITS - ok
15:15:50.0812 11676 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll
15:15:51.0031 11676 Browser - ok
15:15:51.0109 11676 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:15:51.0328 11676 cbidf - ok
15:15:51.0343 11676 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:15:51.0546 11676 cbidf2k - ok
15:15:51.0593 11676 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:15:51.0828 11676 CCDECODE - ok
15:15:51.0843 11676 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:15:51.0937 11676 cd20xrnt - ok
15:15:51.0953 11676 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:15:52.0171 11676 Cdaudio - ok
15:15:52.0218 11676 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:15:52.0421 11676 Cdfs - ok
15:15:52.0500 11676 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:15:52.0578 11676 Cdrom - ok
15:15:52.0578 11676 Changer - ok
15:15:52.0609 11676 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe
15:15:52.0843 11676 CiSvc - ok
15:15:52.0906 11676 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe
15:15:53.0125 11676 ClipSrv - ok
15:15:53.0281 11676 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:15:53.0328 11676 clr_optimization_v2.0.50727_32 - ok
15:15:53.0390 11676 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:15:53.0421 11676 clr_optimization_v4.0.30319_32 - ok
15:15:53.0437 11676 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:15:53.0656 11676 CmBatt - ok
15:15:53.0718 11676 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:15:53.0953 11676 CmdIde - ok
15:15:53.0953 11676 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:15:54.0187 11676 Compbatt - ok
15:15:54.0203 11676 COMSysApp - ok
15:15:54.0218 11676 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:15:54.0437 11676 Cpqarray - ok
15:15:54.0484 11676 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
15:15:54.0500 11676 cpuz135 - ok
15:15:54.0546 11676 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll
15:15:54.0765 11676 CryptSvc - ok
15:15:54.0781 11676 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:15:55.0000 11676 dac2w2k - ok
15:15:55.0000 11676 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:15:55.0234 11676 dac960nt - ok
15:15:55.0343 11676 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
15:15:55.0421 11676 DcomLaunch - ok
15:15:55.0453 11676 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
15:15:55.0484 11676 dgderdrv - ok
15:15:55.0546 11676 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll
15:15:55.0781 11676 Dhcp - ok
15:15:55.0828 11676 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:15:56.0046 11676 Disk - ok
15:15:56.0125 11676 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
15:15:56.0171 11676 DKbFltr - ok
15:15:56.0187 11676 dmadmin - ok
15:15:56.0281 11676 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
15:15:56.0515 11676 dmboot - ok
15:15:56.0609 11676 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
15:15:56.0875 11676 dmio - ok
15:15:56.0921 11676 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:15:57.0156 11676 dmload - ok
15:15:57.0203 11676 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll
15:15:57.0421 11676 dmserver - ok
15:15:57.0500 11676 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:15:57.0703 11676 DMusic - ok
15:15:57.0812 11676 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll
15:15:57.0875 11676 Dnscache - ok
15:15:57.0921 11676 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll
15:15:58.0140 11676 Dot3svc - ok
15:15:58.0218 11676 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:15:58.0421 11676 dpti2o - ok
15:15:58.0578 11676 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
15:15:58.0625 11676 DritekPortIO - ok
15:15:58.0687 11676 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:15:58.0875 11676 drmkaud - ok
15:15:58.0890 11676 dum16.sys - ok
15:15:58.0937 11676 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll
15:15:59.0203 11676 EapHost - ok
15:15:59.0250 11676 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
15:15:59.0265 11676 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
15:15:59.0265 11676 epmntdrv - detected UnsignedFile.Multi.Generic (1)
15:15:59.0296 11676 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll
15:15:59.0531 11676 ERSvc - ok
15:15:59.0546 11676 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
15:15:59.0562 11676 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
15:15:59.0562 11676 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
15:15:59.0609 11676 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
15:15:59.0656 11676 Eventlog - ok
15:15:59.0687 11676 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll
15:15:59.0750 11676 EventSystem - ok
15:15:59.0812 11676 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:16:00.0015 11676 Fastfat - ok
15:16:00.0125 11676 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
15:16:00.0203 11676 FastUserSwitchingCompatibility - ok
15:16:00.0250 11676 Fax (4914736e61f561dad588af2aaa0df0f0) C:\WINDOWS\system32\fxssvc.exe
15:16:00.0484 11676 Fax - ok
15:16:00.0531 11676 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:16:00.0812 11676 Fdc - ok
15:16:00.0859 11676 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
15:16:01.0093 11676 Fips - ok
15:16:01.0093 11676 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:16:01.0296 11676 Flpydisk - ok
15:16:01.0343 11676 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:16:01.0562 11676 FltMgr - ok
15:16:01.0703 11676 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:16:01.0734 11676 FontCache3.0.0.0 - ok
15:16:01.0781 11676 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:16:02.0000 11676 Fs_Rec - ok
15:16:02.0093 11676 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:16:02.0312 11676 Ftdisk - ok
15:16:02.0468 11676 GoogleDesktopManager-080708-050100 (31194fe0ef64d071ab1b34776e911ea9) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:16:02.0500 11676 GoogleDesktopManager-080708-050100 ( UnsignedFile.Multi.Generic ) - warning
15:16:02.0500 11676 GoogleDesktopManager-080708-050100 - detected UnsignedFile.Multi.Generic (1)
15:16:02.0531 11676 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:16:02.0750 11676 Gpc - ok
15:16:02.0859 11676 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:16:02.0906 11676 gupdate - ok
15:16:02.0921 11676 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:16:02.0968 11676 gupdatem - ok
15:16:03.0031 11676 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:16:03.0093 11676 gusvc - ok
15:16:03.0140 11676 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:16:03.0406 11676 HDAudBus - ok
15:16:03.0500 11676 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:16:03.0718 11676 helpsvc - ok
15:16:03.0734 11676 HidServ - ok
15:16:03.0796 11676 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:16:04.0031 11676 HidUsb - ok
15:16:04.0093 11676 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll
15:16:04.0375 11676 hkmsvc - ok
15:16:04.0437 11676 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:16:04.0671 11676 hpn - ok
15:16:04.0750 11676 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:16:04.0828 11676 HTTP - ok
15:16:04.0859 11676 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll
15:16:05.0109 11676 HTTPFilter - ok
15:16:05.0203 11676 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:16:05.0437 11676 i2omgmt - ok
15:16:05.0468 11676 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:16:05.0687 11676 i2omp - ok
15:16:05.0796 11676 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:16:06.0000 11676 i8042prt - ok
15:16:06.0171 11676 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:16:06.0218 11676 IAANTMON - ok
15:16:06.0781 11676 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:16:07.0328 11676 ialm - ok
15:16:07.0500 11676 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
15:16:07.0546 11676 iaStor - ok
15:16:07.0671 11676 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:16:07.0765 11676 idsvc - ok
15:16:07.0812 11676 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:16:08.0062 11676 Imapi - ok
15:16:08.0125 11676 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe
15:16:08.0328 11676 ImapiService - ok
15:16:08.0390 11676 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:16:08.0625 11676 ini910u - ok
15:16:09.0093 11676 IntcAzAudAddService (2b1cddfe53715372b2677ace12fc9fe5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:16:09.0593 11676 IntcAzAudAddService - ok
15:16:09.0750 11676 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:16:09.0953 11676 IntelIde - ok
15:16:10.0000 11676 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:16:10.0218 11676 intelppm - ok
15:16:10.0281 11676 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:16:10.0515 11676 Ip6Fw - ok
15:16:10.0578 11676 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:16:10.0781 11676 IpFilterDriver - ok
15:16:10.0875 11676 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:16:11.0062 11676 IpInIp - ok
15:16:11.0093 11676 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:16:11.0312 11676 IpNat - ok
15:16:11.0375 11676 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:16:11.0609 11676 IPSec - ok
15:16:11.0687 11676 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:16:11.0796 11676 IRENUM - ok
15:16:11.0906 11676 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:16:12.0125 11676 isapnp - ok
15:16:12.0250 11676 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
15:16:12.0281 11676 JavaQuickStarterService - ok
15:16:12.0328 11676 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:16:12.0562 11676 Kbdclass - ok
15:16:12.0593 11676 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:16:12.0828 11676 kmixer - ok
15:16:12.0906 11676 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:16:13.0031 11676 KSecDD - ok
15:16:13.0093 11676 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
15:16:13.0156 11676 L1c - ok
15:16:13.0203 11676 LanmanServer (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll
15:16:13.0281 11676 LanmanServer - ok
15:16:13.0328 11676 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll
15:16:13.0390 11676 lanmanworkstation - ok
15:16:13.0406 11676 lbrtfdc - ok
15:16:13.0468 11676 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll
15:16:13.0765 11676 LmHosts - ok
15:16:13.0781 11676 ltjvkrhx - ok
15:16:13.0843 11676 M3000Srv (73fd60fda3ff60f0666e4614e93f0aaa) C:\WINDOWS\system32\Drivers\M3000KNT.sys
15:16:13.0921 11676 M3000Srv - ok
15:16:13.0953 11676 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll
15:16:14.0171 11676 Messenger - ok
15:16:14.0281 11676 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:16:14.0562 11676 mnmdd - ok
15:16:14.0593 11676 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe
15:16:14.0796 11676 mnmsrvc - ok
15:16:14.0890 11676 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
15:16:15.0109 11676 Modem - ok
15:16:15.0281 11676 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
15:16:15.0437 11676 Monfilt - ok
15:16:15.0609 11676 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:16:15.0859 11676 Mouclass - ok
15:16:15.0906 11676 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:16:16.0140 11676 mouhid - ok
15:16:16.0203 11676 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:16:16.0390 11676 MountMgr - ok
15:16:16.0515 11676 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:16:16.0562 11676 MozillaMaintenance - ok
15:16:16.0578 11676 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:16:16.0812 11676 mraid35x - ok
15:16:16.0843 11676 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:16:17.0125 11676 MRxDAV - ok
15:16:17.0234 11676 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:16:17.0312 11676 MRxSmb - ok
15:16:17.0343 11676 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe
15:16:17.0562 11676 MSDTC - ok
15:16:17.0656 11676 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:16:17.0890 11676 Msfs - ok
15:16:17.0890 11676 MSIServer - ok
15:16:17.0921 11676 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:16:18.0109 11676 MSKSSRV - ok
15:16:18.0156 11676 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:16:18.0359 11676 MSPCLOCK - ok
15:16:18.0375 11676 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:16:18.0578 11676 MSPQM - ok
15:16:18.0625 11676 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:16:18.0812 11676 mssmbios - ok
15:16:18.0859 11676 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:16:19.0078 11676 MSTEE - ok
15:16:19.0187 11676 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:16:19.0234 11676 Mup - ok
15:16:19.0265 11676 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:16:19.0515 11676 NABTSFEC - ok
15:16:19.0593 11676 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll
15:16:19.0828 11676 napagent - ok
15:16:19.0890 11676 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:16:20.0093 11676 NDIS - ok
15:16:20.0171 11676 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:16:20.0375 11676 NdisIP - ok
15:16:20.0484 11676 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:16:20.0546 11676 NdisTapi - ok
15:16:20.0562 11676 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:16:20.0796 11676 Ndisuio - ok
15:16:20.0859 11676 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:16:21.0078 11676 NdisWan - ok
15:16:21.0171 11676 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:16:21.0250 11676 NDProxy - ok
15:16:21.0265 11676 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:16:21.0468 11676 NetBIOS - ok
15:16:21.0562 11676 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:16:21.0812 11676 NetBT - ok
15:16:21.0875 11676 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
15:16:22.0109 11676 NetDDE - ok
15:16:22.0109 11676 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
15:16:22.0328 11676 NetDDEdsdm - ok
15:16:22.0375 11676 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:16:22.0578 11676 Netlogon - ok
15:16:22.0671 11676 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll
15:16:22.0890 11676 Netman - ok
15:16:23.0000 11676 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:16:23.0031 11676 NetTcpPortSharing - ok
15:16:23.0109 11676 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll
15:16:23.0156 11676 Nla - ok
15:16:23.0234 11676 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files\CDBurnerXP\NMSAccessU.exe
15:16:23.0265 11676 NMSAccess - ok
15:16:23.0328 11676 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:16:23.0609 11676 Npfs - ok
15:16:23.0703 11676 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:16:23.0968 11676 Ntfs - ok
15:16:24.0078 11676 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:16:24.0296 11676 NtLmSsp - ok
15:16:24.0390 11676 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll
15:16:24.0625 11676 NtmsSvc - ok
15:16:24.0671 11676 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:16:24.0859 11676 Null - ok
15:16:24.0890 11676 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:16:25.0109 11676 NwlnkFlt - ok
15:16:25.0109 11676 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:16:25.0328 11676 NwlnkFwd - ok
15:16:25.0375 11676 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
15:16:25.0578 11676 Parport - ok
15:16:25.0656 11676 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:16:25.0859 11676 PartMgr - ok
15:16:25.0890 11676 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
15:16:26.0093 11676 ParVdm - ok
15:16:26.0156 11676 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
15:16:26.0390 11676 PCI - ok
15:16:26.0406 11676 PCIDump - ok
15:16:26.0437 11676 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:16:26.0656 11676 PCIIde - ok
15:16:26.0687 11676 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:16:26.0906 11676 Pcmcia - ok
15:16:26.0921 11676 PDCOMP - ok
15:16:26.0937 11676 PDFRAME - ok
15:16:26.0937 11676 PDRELI - ok
15:16:26.0953 11676 PDRFRAME - ok
15:16:26.0984 11676 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:16:27.0171 11676 perc2 - ok
15:16:27.0187 11676 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:16:27.0437 11676 perc2hib - ok
15:16:27.0515 11676 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
15:16:27.0562 11676 PlugPlay - ok
15:16:27.0562 11676 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:16:27.0781 11676 PolicyAgent - ok
15:16:27.0875 11676 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:16:28.0093 11676 PptpMiniport - ok
15:16:28.0093 11676 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:16:28.0312 11676 ProtectedStorage - ok
15:16:28.0328 11676 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:16:28.0546 11676 PSched - ok
15:16:28.0546 11676 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:16:28.0765 11676 Ptilink - ok
15:16:28.0843 11676 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:16:29.0078 11676 ql1080 - ok
15:16:29.0078 11676 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:16:29.0281 11676 Ql10wnt - ok
15:16:29.0296 11676 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:16:29.0500 11676 ql12160 - ok
15:16:29.0515 11676 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:16:29.0734 11676 ql1240 - ok
15:16:29.0765 11676 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:16:29.0968 11676 ql1280 - ok
15:16:30.0015 11676 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:16:30.0203 11676 RasAcd - ok
15:16:30.0250 11676 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll
15:16:30.0453 11676 RasAuto - ok
15:16:30.0531 11676 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:16:30.0750 11676 Rasl2tp - ok
15:16:30.0843 11676 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll
15:16:31.0062 11676 RasMan - ok
15:16:31.0078 11676 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:16:31.0328 11676 RasPppoe - ok
15:16:31.0343 11676 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:16:31.0593 11676 Raspti - ok
15:16:31.0671 11676 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:16:31.0875 11676 Rdbss - ok
15:16:31.0953 11676 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:16:32.0187 11676 RDPCDD - ok
15:16:32.0265 11676 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:16:32.0500 11676 rdpdr - ok
15:16:32.0562 11676 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:16:32.0640 11676 RDPWD - ok
15:16:32.0687 11676 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe
15:16:32.0906 11676 RDSessMgr - ok
15:16:32.0968 11676 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:16:33.0187 11676 redbook - ok
15:16:33.0265 11676 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll
15:16:33.0500 11676 RemoteAccess - ok
15:16:33.0562 11676 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe
15:16:33.0828 11676 RpcLocator - ok
15:16:33.0906 11676 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
15:16:33.0953 11676 RpcSs - ok
15:16:33.0953 11676 RSUSBSTOR - ok
15:16:34.0000 11676 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe
15:16:34.0234 11676 RSVP - ok
15:16:34.0328 11676 RS_Service (38494041f19f6cd005b711f5e08fae08) C:\Program Files\Acer\Acer VCM\RS_Service.exe
15:16:34.0359 11676 RS_Service ( UnsignedFile.Multi.Generic ) - warning
15:16:34.0359 11676 RS_Service - detected UnsignedFile.Multi.Generic (1)
15:16:34.0359 11676 RtsUIR - ok
15:16:34.0421 11676 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:16:34.0687 11676 SamSs - ok
15:16:34.0765 11676 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe
15:16:34.0968 11676 SCardSvr - ok
15:16:35.0015 11676 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll
15:16:35.0234 11676 Schedule - ok
15:16:35.0265 11676 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:16:35.0375 11676 Secdrv - ok
15:16:35.0390 11676 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll
15:16:35.0609 11676 seclogon - ok
15:16:35.0640 11676 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll
15:16:35.0859 11676 SENS - ok
15:16:35.0921 11676 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
15:16:36.0125 11676 Serial - ok
15:16:36.0187 11676 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:16:36.0390 11676 Sfloppy - ok
15:16:36.0468 11676 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll
15:16:36.0703 11676 SharedAccess - ok
15:16:36.0765 11676 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
15:16:36.0796 11676 ShellHWDetection - ok
15:16:36.0812 11676 Simbad - ok
15:16:36.0859 11676 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:16:37.0062 11676 sisagp - ok
15:16:37.0156 11676 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
15:16:37.0203 11676 SkypeUpdate - ok
15:16:37.0218 11676 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:16:37.0421 11676 SLIP - ok
15:16:37.0531 11676 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:16:37.0656 11676 Sparrow - ok
15:16:37.0687 11676 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:16:37.0921 11676 splitter - ok
15:16:37.0968 11676 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:16:38.0046 11676 Spooler - ok
15:16:38.0093 11676 SQLWriter (9263c8898732e2b890f7e954e7729ab7) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:16:38.0125 11676 SQLWriter - ok
15:16:38.0171 11676 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
15:16:38.0281 11676 sr - ok
15:16:38.0328 11676 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll
15:16:38.0437 11676 srservice - ok
15:16:38.0500 11676 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:16:38.0593 11676 Srv - ok
15:16:38.0656 11676 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
15:16:38.0718 11676 ssadbus - ok
15:16:38.0750 11676 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
15:16:38.0859 11676 ssadmdfl - ok
15:16:38.0890 11676 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
15:16:38.0984 11676 ssadmdm - ok
15:16:39.0000 11676 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys
15:16:39.0062 11676 ssadserd - ok
15:16:39.0125 11676 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll
15:16:39.0234 11676 SSDPSRV - ok
15:16:39.0281 11676 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
15:16:39.0281 11676 StarOpen ( UnsignedFile.Multi.Generic ) - warning
15:16:39.0281 11676 StarOpen - detected UnsignedFile.Multi.Generic (1)
15:16:39.0359 11676 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll
15:16:39.0593 11676 stisvc - ok
15:16:39.0640 11676 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:16:39.0859 11676 streamip - ok
15:16:39.0937 11676 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:16:40.0156 11676 swenum - ok
15:16:40.0250 11676 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:16:40.0437 11676 swmidi - ok
15:16:40.0453 11676 SwPrv - ok
15:16:40.0515 11676 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:16:40.0734 11676 symc810 - ok
15:16:40.0734 11676 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:16:40.0937 11676 symc8xx - ok
15:16:40.0953 11676 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:16:41.0156 11676 sym_hi - ok
15:16:41.0171 11676 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:16:41.0359 11676 sym_u3 - ok
15:16:41.0406 11676 SynTP (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:16:41.0453 11676 SynTP - ok
15:16:41.0484 11676 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:16:41.0687 11676 sysaudio - ok
15:16:41.0750 11676 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe
15:16:41.0953 11676 SysmonLog - ok
15:16:42.0000 11676 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll
15:16:42.0203 11676 TapiSrv - ok
15:16:42.0281 11676 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:16:42.0359 11676 Tcpip - ok
15:16:42.0406 11676 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:16:42.0640 11676 TDPIPE - ok
15:16:42.0718 11676 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:16:42.0937 11676 TDTCP - ok
15:16:42.0968 11676 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:16:43.0171 11676 TermDD - ok
15:16:43.0265 11676 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll
15:16:43.0468 11676 TermService - ok
15:16:43.0546 11676 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
15:16:43.0578 11676 Themes - ok
15:16:43.0625 11676 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\system32\DRIVERS\toside.sys
15:16:43.0828 11676 TosIde - ok
15:16:43.0937 11676 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll
15:16:44.0156 11676 TrkWks - ok
15:16:44.0218 11676 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:16:44.0437 11676 Udfs - ok
15:16:44.0515 11676 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:16:44.0656 11676 ultra - ok
15:16:44.0718 11676 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:16:44.0968 11676 Update - ok
15:16:45.0031 11676 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll
15:16:45.0140 11676 upnphost - ok
15:16:45.0156 11676 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe
15:16:45.0359 11676 UPS - ok
15:16:45.0421 11676 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:16:45.0640 11676 usbccgp - ok
15:16:45.0656 11676 USBCCID - ok
15:16:45.0734 11676 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:16:45.0953 11676 usbehci - ok
15:16:45.0984 11676 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:16:46.0171 11676 usbhub - ok
15:16:46.0218 11676 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:16:46.0421 11676 usbprint - ok
15:16:46.0515 11676 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:16:46.0718 11676 usbstor - ok
15:16:46.0750 11676 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:16:46.0953 11676 usbuhci - ok
15:16:46.0968 11676 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:16:47.0187 11676 usbvideo - ok
15:16:47.0218 11676 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
15:16:47.0406 11676 usb_rndisx - ok
15:16:47.0453 11676 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:16:47.0656 11676 VgaSave - ok
15:16:47.0734 11676 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:16:47.0937 11676 viaagp - ok
15:16:47.0953 11676 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:16:48.0140 11676 ViaIde - ok
15:16:48.0156 11676 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
15:16:48.0359 11676 VolSnap - ok
15:16:48.0421 11676 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe
15:16:48.0546 11676 VSS - ok
15:16:48.0703 11676 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
15:16:48.0781 11676 vToolbarUpdater11.0.2 - ok
15:16:48.0843 11676 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll
15:16:49.0125 11676 W32Time - ok
15:16:49.0218 11676 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:16:49.0421 11676 Wanarp - ok
15:16:49.0562 11676 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:16:49.0640 11676 Wdf01000 - ok
15:16:49.0656 11676 WDICA - ok
15:16:49.0703 11676 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:16:49.0937 11676 wdmaud - ok
15:16:49.0984 11676 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll
15:16:50.0187 11676 WebClient - ok
15:16:50.0281 11676 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:16:50.0484 11676 winmgmt - ok
15:16:50.0546 11676 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:16:50.0593 11676 WmdmPmSN - ok
15:16:50.0609 11676 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:16:50.0796 11676 WmiAcpi - ok
15:16:50.0828 11676 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:16:51.0078 11676 WmiApSrv - ok
15:16:51.0093 11676 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:16:51.0140 11676 WpdUsb - ok
15:16:51.0296 11676 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:16:51.0375 11676 WPFFontCache_v0400 - ok
15:16:51.0421 11676 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:16:51.0640 11676 WS2IFSL - ok
15:16:51.0734 11676 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll
15:16:51.0968 11676 wscsvc - ok
15:16:52.0046 11676 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:16:52.0296 11676 WSTCODEC - ok
15:16:52.0328 11676 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll
15:16:52.0546 11676 wuauserv - ok
15:16:52.0625 11676 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:16:52.0703 11676 WudfPf - ok
15:16:52.0718 11676 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:16:52.0765 11676 WudfRd - ok
15:16:52.0796 11676 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:16:52.0843 11676 WudfSvc - ok
15:16:52.0921 11676 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll
15:16:53.0140 11676 WZCSVC - ok
15:16:53.0156 11676 xcpip - ok
15:16:53.0171 11676 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll
15:16:53.0375 11676 xmlprov - ok
15:16:53.0390 11676 xpsec - ok
15:16:53.0453 11676 MBR (0x1B8) (199d66d15be31321331253788f490d3d) \Device\Harddisk0\DR0
15:16:53.0453 11676 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
15:16:53.0453 11676 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
15:16:53.0578 11676 MBR (0x1B8) (2525c724d1ddacb6f3e4171a75f7e9c5) \Device\Harddisk1\DR5
15:16:54.0859 11676 \Device\Harddisk1\DR5 - ok
15:16:54.0890 11676 Boot (0x1200) (d1029a78775d45331df933cd8081090a) \Device\Harddisk0\DR0\Partition0
15:16:54.0890 11676 \Device\Harddisk0\DR0\Partition0 - ok
15:16:54.0906 11676 Boot (0x1200) (91f405814c24700f16abb36022f1b6bb) \Device\Harddisk0\DR0\Partition1
15:16:54.0906 11676 \Device\Harddisk0\DR0\Partition1 - ok
15:16:54.0937 11676 Boot (0x1200) (7b882774d588d30005dd99a9bd9c59b6) \Device\Harddisk0\DR0\Partition2
15:16:54.0937 11676 \Device\Harddisk0\DR0\Partition2 - ok
15:16:54.0937 11676 Boot (0x1200) (6da7facc15da116ea704133bbc0e7e76) \Device\Harddisk1\DR5\Partition0
15:16:54.0953 11676 \Device\Harddisk1\DR5\Partition0 - ok
15:16:54.0953 11676 ============================================================
15:16:54.0953 11676 Scan finished
15:16:54.0953 11676 ============================================================
15:16:55.0062 11744 Detected object count: 6
15:16:55.0062 11744 Actual detected object count: 6
15:19:18.0000 11744 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:18.0000 11744 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:18.0000 11744 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:18.0000 11744 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:18.0000 11744 GoogleDesktopManager-080708-050100 ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:18.0000 11744 GoogleDesktopManager-080708-050100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:18.0015 11744 RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:18.0015 11744 RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:18.0015 11744 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:18.0015 11744 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:19.0250 11744 \Device\Harddisk0\DR0\# - copied to quarantine
15:19:19.0250 11744 \Device\Harddisk0\DR0 - copied to quarantine
15:19:19.0265 11744 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
15:19:19.0343 11744 \Device\Harddisk0\DR0 - ok
15:19:19.0343 11744 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
15:22:19.0531 11576 Deinitialize success - Hoi, zo te zien is het goed gegaan, maar dat gaan we controleren en ook een nieuwe opdracht.
- Het TDSS starter report - Stap 1
==============================================
System Restore Point Check:
.
TDSSKiller Starter Restore Point Created Succesfully
==============================================
.
==============================================
C:\TDSSKiller.2.7.35.0_21.05.2012_15.13.58_log.txt
C:\TDSSKiller.2.7.35.0_21.05.2012_15.25.01_log.txt
C:\TDSSKiller.2.7.35.0_21.05.2012_15.36.08_log.txt
==============================================
Registry Export
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
"65533:TCP"="65533:TCP:*:Enabled:Services"
"52344:TCP"="52344:TCP:*:Enabled:Services"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet
isabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
"65533:TCP"="65533:TCP:*:Enabled:Services"
"52344:TCP"="52344:TCP:*:Enabled:Services"
==============================================
EOF
Stap 2 Combifix heeft wat meer tijd nodig.
Middelerwijl wat vragen:
1. is het zinvol om met een zekere regelmaat een TDSSKillerscan uit te voeren?
2. ik las dat in een eerder bericht u Avast 7 aanraadde. Ik gebruik nu AVG. Is het zinvol om over te stappen.
3. Klaarblijkelijk is het Mebroot/virus door de mazen van het antivirus-programma geglipt. Zou dat ook hebben kunnen gebeuren onder bescherming van Avast7? - Je gebruikt momenteel Avira als ik het goed heb.
Het op eigen houtje gebruik maken van TDSSKiller is af te raden.
Dit tool is zo sterk - een verkeerde beslissing en dan is jouw Windows mogelijk niet meer opstartbaar!
En je hebt de vraag nog niet beantwoord bij welke bank jij nu zit! - Geprobeerd ComboFix te laten draaien na alle aanwijzingen zorgvuldig te hebben nagevolgd. Helaas, tijdens de Autoscan bevroor het programma.
Wat kan er zijn misgegaan? - Probeer de scan opnieuw - maar dan in Veilige modus.
- [quote:f88fdbfeda="Abraham54"]Probeer de scan opnieuw - maar dan in Veilige modus.[/quote:f88fdbfeda]
Ook in Veilige Modus verdwijnt na circa 10 minuten de prompt en bevriest de machine. Nogal teleurstellend.
Wat nu? - Dan gaan we eerst wat anders proberen:
[b:25105c7051]Welk programma[/b:25105c7051]: - Emsisoft Emergency Kit scant mijn computer. Zit nu op 28% van de gescande files. Ziet er naar uit dat dit zo'n 12-14 uur in beslag gaat nemen. Is het normaal dat dit zo lang duurt?
- De scan is zeer grondig inderdaad en kan even duren.
- [quote:2066963419="Abraham54"]De scan is zeer grondig inderdaad en kan even duren.[/quote:2066963419]
[Wanneer ik aan 'even' denk heb ik de tijd voor een kop koffie voor ogen, eventueel met het knabbelen van een sprits.]
Het Emisoft verslag:
——————————————————————————-
Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 25-5-2012 17:33:11
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\, E:\, F:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan
Scan gestart: 25-5-2012 17:33:39
C:\Documents and Settings\Acer\Cookies\acer@com[1].txt Ontdekt: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Acer\Cookies\acer@google.com[1].txt Ontdekt: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\Acer\Cookies\acer@google.com[2].txt Ontdekt: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2344 Ontdekt: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2348 Ontdekt: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2351 Ontdekt: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2372 Ontdekt: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2374 Ontdekt: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2375 Ontdekt: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2376 Ontdekt: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2718 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:9253 Ontdekt: Trace.TrackingCookie.track.adform.net!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:13378 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:15100 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:15140 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19281 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19348 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19456 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19457 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19458 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19459 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19460 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19461 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:20422 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2
C:\TDSSKiller_Quarantine\21.05.2012_15.13.58\mbr0000\mbr0000\tsk0000.dta Ontdekt: Trojan.DOS.Sinowal!IK
C:\TDSSKiller_Quarantine\21.05.2012_15.13.58\mbr0000\mbr0000\tsk0001.dta Ontdekt: Rootkit.Boot.Cidox!IK
Gescand
Bestanden: 677929
Sporen: 409214
Cookies: 1547
Processen: 40
Gevonden
Bestanden: 2
Sporen: 0
Cookies: 24
Processen: 0
Registersleutels: 0
Scan Geëindigd: 25-5-2012 22:49:31
Scantijd: 5:15:52
C:\TDSSKiller_Quarantine\21.05.2012_15.13.58\mbr0000\mbr0000\tsk0001.dta Verwijderd Rootkit.Boot.Cidox!IK
C:\TDSSKiller_Quarantine\21.05.2012_15.13.58\mbr0000\mbr0000\tsk0000.dta Verwijderd Trojan.DOS.Sinowal!IK
Verwijderd
Bestanden: 2
Sporen: 0
Cookies: 0
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19281 In Quarantaine Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19456 In Quarantaine Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19457 In Quarantaine Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19458 In Quarantaine Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19459 In Quarantaine Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19460 In Quarantaine Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19461 In Quarantaine Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:15100 In Quarantaine Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:15140 In Quarantaine Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:19348 In Quarantaine Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:20422 In Quarantaine Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:9253 In Quarantaine Trace.TrackingCookie.track.adform.net!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2718 In Quarantaine Trace.TrackingCookie.doubleclick.net!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:13378 In Quarantaine Trace.TrackingCookie.doubleclick.net!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2344 In Quarantaine Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2348 In Quarantaine Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2351 In Quarantaine Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2372 In Quarantaine Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2374 In Quarantaine Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2375 In Quarantaine Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\cookies.sqlite:2376 In Quarantaine Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Acer\Cookies\acer@google.com[1].txt In Quarantaine Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\Acer\Cookies\acer@google.com[2].txt In Quarantaine Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\Acer\Cookies\acer@com[1].txt In Quarantaine Trace.TrackingCookie.com!A2
In Quarantaine
Bestanden: 0
Sporen: 0
Cookies: 24
———————————————————————————-
Ik heb ook Combifix nog eens geprobeerd. Dit keer bevroor de machine niet. Maar na meer dan een nacht draaien was er nog geen resultaat. Ik heb de operatie toen maar gestopt. - We proberen weer ComboFix.
[b:c7a190769f]Welk programma[/b:c7a190769f]: - ComboFix gedraaid. Autoscan doorlopen. Maar toen er gevraagd werd om te wachten ging er klaarblijkelijk iets mis. Na bijna een dag wachten het programma gestopt.
Zou het zinvol zijn een Hijackthis verslag ter beoordeling voor te leggen? - Kijk eerst of je in C:\Combofix.txt kan vinden.
Indien ja - dan de inhoud van dat dokument posten. - ComboFix.txt gevonden in map C:\ComboFix.
—————————————————————————–
ComboFix 12-05-24.03 - Acer 27-05-2012 14:44:48.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2038.1497 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Acer\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
——————————————————————————
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
