KelsHoe
-
Items
6 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door KelsHoe
-
-
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-03 09:56:25
-----------------------------
09:56:25.656 OS Version: Windows 5.1.2600 Service Pack 3
09:56:25.656 Number of processors: 1 586 0x207
09:56:25.656 ComputerName: COMPUTER UserName: Admin
09:56:27.109 Initialize success
09:56:27.625 AVAST engine defs: 12040201
09:56:45.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:56:45.781 Disk 0 Vendor: IC35L120AVVA07-0 VA6OA51A Size: 114440MB BusType: 3
09:56:45.781 Device owAZEVAoRGRCZ -> DriverStartIo RGRCZ@J@ f75f8864
09:56:45.796 Disk 0 MBR read successfully
09:56:45.796 Disk 0 MBR scan
09:56:45.796 Disk 0 Win32:MBRoot-J [Trj]
09:56:45.796 Disk 0 Windows XP default MBR code found via API
09:56:45.796 Disk 0 MBR hidden
09:56:45.812 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
09:56:45.812 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 30066 MB offset 80325
09:56:45.828 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 84333 MB offset 61657470
09:56:45.828 Disk 0 MBR [Win32:MBRoot] **ROOTKIT**
09:56:45.843 Disk 0 trace - called modules:
09:56:46.343 ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.SYS >>UNKNOWN [0x83bdb000]<<
09:56:46.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83b63ab8]
09:56:46.343 3 CLASSPNP.SYS[f76effd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83bdad98]
09:56:46.421 AVAST engine scan C:\WINDOWS
09:56:48.890 AVAST engine scan C:\WINDOWS\system32
09:58:51.171 AVAST engine scan C:\WINDOWS\system32\drivers
09:59:03.046 AVAST engine scan C:\Documents and Settings\Admin
10:02:29.375 AVAST engine scan C:\Documents and Settings\All Users
10:03:22.046 Scan finished successfully
10:04:40.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Mijn documenten\MBR.dat"
10:04:40.312 The log file has been saved successfully to "C:\Documents and Settings\Admin\Mijn documenten\aswMBR.txt"
-
Mijn Avastscanner geeft nu dit aan:
Bedreiging gedetecteerd!
Bestandsnaam:
MBR: \\.\PHYSICALDRIVE0
Nauwgezetheid:
Hoog
Status:
Bedreiging: Win32:MBROOT-J [Trj]
Die kan ik dus ook niet verwijderen want dan slaat mijn pc vast bij het opstarten
-
Malwarebytes Anti-Malware 1.60.1.1000
Databaseversie: v2012.04.02.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: COMPUTER [administrator]
2-4-2012 10:53:44
mbam-log-2012-04-02 (10-53-44).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 212384
Verstreken tijd: 8 minuut/minuten, 3 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:03:07, on 2-4-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
D:\Anti Virus\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\winmine.exe
C:\WINDOWS\notepad.exe
D:\Anti Virus\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] D:\Anti Virus\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
--
End of file - 8035 bytes
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:28:53, on 1-4-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
D:\Anti Virus\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: AFAS Personal Bijwerk Assistent - {0DFC36E8-EAE8-484F-A89C-F565849A210F} - mscoree.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start Free Uninstall Survey | AVG Nederland
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
--
End of file - 9434 bytes
-
AVG scanner zegt dat ik en Trojaans paard heb, maar nu verwijderd de scan heb zelf niet. Hoe kan ik dit virus verwijderen?
Trojaans Paard
in Archief Bestrijding malware & virussen
Geplaatst:
10:00:40.0140 3812 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
10:00:40.0265 3812 ============================================================
10:00:40.0265 3812 Current date / time: 2012/04/04 10:00:40.0265
10:00:40.0265 3812 SystemInfo:
10:00:40.0265 3812
10:00:40.0265 3812 OS Version: 5.1.2600 ServicePack: 3.0
10:00:40.0265 3812 Product type: Workstation
10:00:40.0265 3812 ComputerName: COMPUTER
10:00:40.0265 3812 UserName: Admin
10:00:40.0265 3812 Windows directory: C:\WINDOWS
10:00:40.0265 3812 System windows directory: C:\WINDOWS
10:00:40.0265 3812 Processor architecture: Intel x86
10:00:40.0265 3812 Number of processors: 1
10:00:40.0265 3812 Page size: 0x1000
10:00:40.0265 3812 Boot type: Normal boot
10:00:40.0265 3812 ============================================================
10:00:42.0453 3812 Drive \Device\Harddisk0\DR0 - Size: 0x1BF08EB000 (111.76 Gb), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:00:42.0453 3812 Drive \Device\Harddisk1\DR4 - Size: 0xEE200000 (3.72 Gb), SectorSize: 0x200, Cylinders: 0x1E5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:00:42.0453 3812 \Device\Harddisk0\DR0:
10:00:42.0453 3812 MBR used
10:00:42.0453 3812 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x3AB97B9
10:00:42.0453 3812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3ACD17E, BlocksNum 0xA4B6B3F
10:00:42.0453 3812 \Device\Harddisk1\DR4:
10:00:42.0453 3812 MBR used
10:00:42.0453 3812 \Device\Harddisk1\DR4\Partition0: MBR, Type 0xB, StartLBA 0x14B8, BlocksNum 0x76FB48
10:00:42.0531 3812 Initialize success
10:00:42.0531 3812 ============================================================
10:00:51.0421 3348 ============================================================
10:00:51.0421 3348 Scan started
10:00:51.0421 3348 Mode: Manual;
10:00:51.0421 3348 ============================================================
10:00:51.0796 3348 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
10:00:51.0812 3348 Aavmker4 - ok
10:00:51.0875 3348 Abiosdsk - ok
10:00:51.0906 3348 abp480n5 - ok
10:00:51.0968 3348 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:00:51.0968 3348 ACPI - ok
10:00:52.0062 3348 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:00:52.0062 3348 ACPIEC - ok
10:00:52.0140 3348 adpu160m - ok
10:00:52.0187 3348 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
10:00:52.0187 3348 aeaudio - ok
10:00:52.0296 3348 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:00:52.0296 3348 aec - ok
10:00:52.0390 3348 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:00:52.0406 3348 AFD - ok
10:00:52.0484 3348 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:00:52.0500 3348 agp440 - ok
10:00:52.0640 3348 Aha154x - ok
10:00:52.0703 3348 aic78u2 - ok
10:00:52.0718 3348 aic78xx - ok
10:00:52.0765 3348 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll
10:00:52.0765 3348 Alerter - ok
10:00:52.0890 3348 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe
10:00:52.0921 3348 ALG - ok
10:00:52.0984 3348 AliIde - ok
10:00:53.0000 3348 amsint - ok
10:00:53.0062 3348 AppMgmt (434a70fa278eb3c42140e3755c2fa4f8) C:\WINDOWS\System32\appmgmts.dll
10:00:53.0062 3348 AppMgmt - ok
10:00:53.0140 3348 asc - ok
10:00:53.0171 3348 asc3350p - ok
10:00:53.0187 3348 asc3550 - ok
10:00:53.0281 3348 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:00:53.0296 3348 aspnet_state - ok
10:00:53.0375 3348 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
10:00:53.0390 3348 aswFsBlk - ok
10:00:53.0484 3348 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
10:00:53.0484 3348 aswMon2 - ok
10:00:53.0625 3348 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
10:00:53.0625 3348 aswRdr - ok
10:00:53.0734 3348 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
10:00:53.0750 3348 aswSnx - ok
10:00:53.0906 3348 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
10:00:53.0921 3348 aswSP - ok
10:00:54.0015 3348 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
10:00:54.0015 3348 aswTdi - ok
10:00:54.0125 3348 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:00:54.0125 3348 AsyncMac - ok
10:00:54.0234 3348 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:00:54.0234 3348 atapi - ok
10:00:54.0296 3348 Atdisk - ok
10:00:54.0343 3348 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:00:54.0359 3348 Atmarpc - ok
10:00:54.0453 3348 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll
10:00:54.0453 3348 AudioSrv - ok
10:00:54.0546 3348 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:00:54.0546 3348 audstub - ok
10:00:54.0656 3348 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:00:54.0656 3348 avast! Antivirus - ok
10:00:54.0750 3348 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:00:54.0750 3348 Beep - ok
10:00:54.0843 3348 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll
10:00:54.0906 3348 BITS - ok
10:00:54.0984 3348 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll
10:00:55.0031 3348 Browser - ok
10:00:55.0093 3348 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:00:55.0093 3348 cbidf2k - ok
10:00:55.0156 3348 cd20xrnt - ok
10:00:55.0203 3348 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:00:55.0218 3348 Cdaudio - ok
10:00:55.0312 3348 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:00:55.0312 3348 Cdfs - ok
10:00:55.0406 3348 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:00:55.0421 3348 Cdrom - ok
10:00:55.0484 3348 Changer - ok
10:00:55.0546 3348 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe
10:00:55.0546 3348 CiSvc - ok
10:00:55.0625 3348 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe
10:00:55.0625 3348 ClipSrv - ok
10:00:55.0750 3348 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:00:55.0828 3348 clr_optimization_v2.0.50727_32 - ok
10:00:55.0890 3348 CmdIde - ok
10:00:55.0921 3348 COMSysApp - ok
10:00:55.0953 3348 Cpqarray - ok
10:00:56.0015 3348 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll
10:00:56.0015 3348 CryptSvc - ok
10:00:56.0109 3348 dac2w2k - ok
10:00:56.0140 3348 dac960nt - ok
10:00:56.0203 3348 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
10:00:56.0218 3348 DcomLaunch - ok
10:00:56.0312 3348 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll
10:00:56.0328 3348 Dhcp - ok
10:00:56.0421 3348 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:00:56.0421 3348 Disk - ok
10:00:56.0468 3348 dmadmin - ok
10:00:56.0531 3348 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
10:00:56.0562 3348 dmboot - ok
10:00:56.0656 3348 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
10:00:56.0656 3348 dmio - ok
10:00:56.0750 3348 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:00:56.0765 3348 dmload - ok
10:00:56.0843 3348 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll
10:00:56.0843 3348 dmserver - ok
10:00:56.0921 3348 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:00:56.0937 3348 DMusic - ok
10:00:57.0031 3348 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll
10:00:57.0031 3348 Dnscache - ok
10:00:57.0156 3348 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll
10:00:57.0171 3348 Dot3svc - ok
10:00:57.0234 3348 dpti2o - ok
10:00:57.0281 3348 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:00:57.0281 3348 drmkaud - ok
10:00:57.0390 3348 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:00:57.0390 3348 E100B - ok
10:00:57.0484 3348 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll
10:00:57.0484 3348 EapHost - ok
10:00:57.0531 3348 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll
10:00:57.0531 3348 ERSvc - ok
10:00:57.0625 3348 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
10:00:57.0640 3348 Eventlog - ok
10:00:57.0750 3348 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll
10:00:57.0750 3348 EventSystem - ok
10:00:57.0875 3348 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:00:57.0875 3348 Fastfat - ok
10:00:57.0953 3348 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
10:00:57.0968 3348 FastUserSwitchingCompatibility - ok
10:00:58.0031 3348 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:00:58.0031 3348 Fdc - ok
10:00:58.0218 3348 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
10:00:58.0250 3348 Fips - ok
10:00:58.0359 3348 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:00:58.0359 3348 Flpydisk - ok
10:00:58.0453 3348 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:00:58.0453 3348 FltMgr - ok
10:00:58.0625 3348 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:00:58.0625 3348 FontCache3.0.0.0 - ok
10:00:58.0703 3348 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:00:58.0718 3348 Fs_Rec - ok
10:00:58.0734 3348 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:00:58.0750 3348 Ftdisk - ok
10:00:58.0843 3348 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:00:58.0843 3348 Gpc - ok
10:00:58.0984 3348 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:00:58.0984 3348 gupdate - ok
10:00:59.0000 3348 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:00:59.0000 3348 gupdatem - ok
10:00:59.0140 3348 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:00:59.0156 3348 gusvc - ok
10:00:59.0265 3348 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:00:59.0312 3348 helpsvc - ok
10:00:59.0359 3348 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll
10:00:59.0359 3348 HidServ - ok
10:00:59.0453 3348 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:00:59.0453 3348 hidusb - ok
10:00:59.0546 3348 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll
10:00:59.0562 3348 hkmsvc - ok
10:00:59.0609 3348 hpn - ok
10:00:59.0765 3348 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:00:59.0765 3348 hpqcxs08 - ok
10:00:59.0906 3348 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:00:59.0921 3348 hpqddsvc - ok
10:01:00.0015 3348 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:01:00.0031 3348 HPZid412 - ok
10:01:00.0250 3348 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:01:00.0250 3348 HPZipr12 - ok
10:01:00.0359 3348 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:01:00.0375 3348 HPZius12 - ok
10:01:00.0484 3348 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:01:00.0484 3348 HTTP - ok
10:01:00.0578 3348 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll
10:01:00.0593 3348 HTTPFilter - ok
10:01:00.0625 3348 i2omgmt - ok
10:01:00.0687 3348 i2omp - ok
10:01:00.0750 3348 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:01:00.0750 3348 i8042prt - ok
10:01:00.0937 3348 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:01:00.0953 3348 idsvc - ok
10:01:01.0046 3348 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:01:01.0062 3348 Imapi - ok
10:01:01.0187 3348 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe
10:01:01.0187 3348 ImapiService - ok
10:01:01.0250 3348 ini910u - ok
10:01:01.0312 3348 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:01:01.0328 3348 IntelIde - ok
10:01:01.0421 3348 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:01:01.0437 3348 intelppm - ok
10:01:01.0515 3348 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:01:01.0515 3348 Ip6Fw - ok
10:01:01.0578 3348 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:01:01.0578 3348 IpFilterDriver - ok
10:01:01.0687 3348 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:01:01.0687 3348 IpInIp - ok
10:01:01.0781 3348 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:01:01.0796 3348 IpNat - ok
10:01:01.0906 3348 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:01:01.0906 3348 IPSec - ok
10:01:02.0000 3348 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:01:02.0015 3348 IRENUM - ok
10:01:02.0140 3348 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:01:02.0140 3348 isapnp - ok
10:01:02.0265 3348 JavaQuickStarterService (11c3efb4bac41175d03b1595db1a4a4f) C:\Program Files\Java\jre6\bin\jqs.exe
10:01:02.0265 3348 JavaQuickStarterService - ok
10:01:02.0343 3348 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:01:02.0359 3348 Kbdclass - ok
10:01:02.0453 3348 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:01:02.0468 3348 kbdhid - ok
10:01:02.0593 3348 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:01:02.0593 3348 kmixer - ok
10:01:02.0687 3348 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:01:02.0687 3348 KSecDD - ok
10:01:02.0781 3348 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll
10:01:02.0796 3348 lanmanserver - ok
10:01:02.0859 3348 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll
10:01:02.0875 3348 lanmanworkstation - ok
10:01:02.0937 3348 lbrtfdc - ok
10:01:03.0015 3348 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll
10:01:03.0015 3348 LmHosts - ok
10:01:03.0125 3348 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll
10:01:03.0140 3348 Messenger - ok
10:01:03.0234 3348 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:01:03.0234 3348 mnmdd - ok
10:01:03.0328 3348 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe
10:01:03.0328 3348 mnmsrvc - ok
10:01:03.0406 3348 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
10:01:03.0406 3348 Modem - ok
10:01:03.0500 3348 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:01:03.0515 3348 Mouclass - ok
10:01:03.0640 3348 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:01:03.0640 3348 mouhid - ok
10:01:03.0734 3348 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:01:03.0750 3348 MountMgr - ok
10:01:03.0812 3348 mraid35x - ok
10:01:03.0875 3348 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:01:03.0875 3348 MRxDAV - ok
10:01:03.0984 3348 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:01:04.0000 3348 MRxSmb - ok
10:01:04.0093 3348 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe
10:01:04.0093 3348 MSDTC - ok
10:01:04.0203 3348 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:01:04.0203 3348 Msfs - ok
10:01:04.0265 3348 MSIServer - ok
10:01:04.0312 3348 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:01:04.0328 3348 MSKSSRV - ok
10:01:04.0406 3348 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:01:04.0406 3348 MSPCLOCK - ok
10:01:04.0468 3348 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:01:04.0468 3348 MSPQM - ok
10:01:04.0656 3348 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:01:04.0656 3348 mssmbios - ok
10:01:04.0875 3348 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:01:04.0906 3348 Mup - ok
10:01:05.0203 3348 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll
10:01:05.0234 3348 napagent - ok
10:01:05.0515 3348 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:01:05.0625 3348 NDIS - ok
10:01:05.0734 3348 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:01:05.0750 3348 NdisTapi - ok
10:01:05.0859 3348 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:01:05.0859 3348 Ndisuio - ok
10:01:05.0953 3348 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:01:05.0953 3348 NdisWan - ok
10:01:06.0062 3348 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:01:06.0062 3348 NDProxy - ok
10:01:06.0250 3348 Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
10:01:06.0281 3348 Nero BackItUp Scheduler 4.0 - ok
10:01:06.0359 3348 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
10:01:06.0375 3348 Net Driver HPZ12 - ok
10:01:06.0468 3348 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:01:06.0468 3348 NetBIOS - ok
10:01:06.0562 3348 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:01:06.0578 3348 NetBT - ok
10:01:06.0671 3348 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
10:01:06.0687 3348 NetDDE - ok
10:01:06.0718 3348 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
10:01:06.0781 3348 NetDDEdsdm - ok
10:01:06.0890 3348 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
10:01:06.0906 3348 Netlogon - ok
10:01:07.0000 3348 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll
10:01:07.0000 3348 Netman - ok
10:01:07.0187 3348 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:01:07.0187 3348 NetTcpPortSharing - ok
10:01:07.0296 3348 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll
10:01:07.0312 3348 Nla - ok
10:01:07.0406 3348 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:01:07.0406 3348 Npfs - ok
10:01:07.0515 3348 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:01:07.0531 3348 Ntfs - ok
10:01:07.0640 3348 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
10:01:07.0640 3348 NtLmSsp - ok
10:01:07.0750 3348 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll
10:01:07.0765 3348 NtmsSvc - ok
10:01:07.0890 3348 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:01:07.0890 3348 Null - ok
10:01:08.0281 3348 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:01:08.0343 3348 nv - ok
10:01:08.0437 3348 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:01:08.0437 3348 NwlnkFlt - ok
10:01:08.0546 3348 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:01:08.0546 3348 NwlnkFwd - ok
10:01:08.0687 3348 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:01:08.0687 3348 odserv - ok
10:01:08.0781 3348 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
10:01:08.0781 3348 OMCI - ok
10:01:08.0875 3348 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:01:08.0890 3348 ose - ok
10:01:08.0968 3348 p695x9cu.sys - ok
10:01:09.0015 3348 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
10:01:09.0015 3348 Parport - ok
10:01:09.0125 3348 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:01:09.0125 3348 PartMgr - ok
10:01:09.0218 3348 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
10:01:09.0218 3348 ParVdm - ok
10:01:09.0265 3348 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
10:01:09.0281 3348 PCI - ok
10:01:09.0359 3348 PCIDump - ok
10:01:09.0484 3348 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\drivers\PCIIde.sys
10:01:09.0500 3348 PCIIde - ok
10:01:09.0765 3348 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:01:09.0781 3348 Pcmcia - ok
10:01:09.0843 3348 PDCOMP - ok
10:01:09.0859 3348 PDFRAME - ok
10:01:09.0890 3348 PDRELI - ok
10:01:09.0906 3348 PDRFRAME - ok
10:01:09.0937 3348 perc2 - ok
10:01:09.0968 3348 perc2hib - ok
10:01:10.0062 3348 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
10:01:10.0078 3348 PlugPlay - ok
10:01:10.0187 3348 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
10:01:10.0187 3348 Pml Driver HPZ12 - ok
10:01:10.0281 3348 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
10:01:10.0281 3348 PolicyAgent - ok
10:01:10.0359 3348 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:01:10.0359 3348 PptpMiniport - ok
10:01:10.0437 3348 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
10:01:10.0453 3348 ProtectedStorage - ok
10:01:10.0500 3348 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:01:10.0500 3348 PSched - ok
10:01:10.0609 3348 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:01:10.0609 3348 Ptilink - ok
10:01:10.0687 3348 ql1080 - ok
10:01:10.0703 3348 Ql10wnt - ok
10:01:10.0718 3348 ql12160 - ok
10:01:10.0750 3348 ql1240 - ok
10:01:10.0765 3348 ql1280 - ok
10:01:10.0828 3348 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:01:10.0828 3348 RasAcd - ok
10:01:10.0890 3348 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll
10:01:10.0890 3348 RasAuto - ok
10:01:10.0984 3348 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:01:10.0984 3348 Rasl2tp - ok
10:01:11.0125 3348 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll
10:01:11.0140 3348 RasMan - ok
10:01:11.0234 3348 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:01:11.0250 3348 RasPppoe - ok
10:01:11.0343 3348 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:01:11.0343 3348 Raspti - ok
10:01:11.0468 3348 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:01:11.0468 3348 Rdbss - ok
10:01:11.0562 3348 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:01:11.0562 3348 RDPCDD - ok
10:01:11.0687 3348 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:01:11.0703 3348 rdpdr - ok
10:01:11.0796 3348 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
10:01:11.0812 3348 RDPWD - ok
10:01:11.0906 3348 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe
10:01:11.0921 3348 RDSessMgr - ok
10:01:12.0000 3348 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:01:12.0015 3348 redbook - ok
10:01:12.0046 3348 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll
10:01:12.0062 3348 RemoteAccess - ok
10:01:12.0171 3348 RemoteRegistry (2fd5b89bf9289c774c5c730dea96cd91) C:\WINDOWS\system32\regsvc.dll
10:01:12.0203 3348 RemoteRegistry - ok
10:01:12.0281 3348 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe
10:01:12.0296 3348 RpcLocator - ok
10:01:12.0359 3348 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
10:01:12.0375 3348 RpcSs - ok
10:01:12.0468 3348 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe
10:01:12.0484 3348 RSVP - ok
10:01:12.0562 3348 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
10:01:12.0562 3348 SamSs - ok
10:01:12.0625 3348 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe
10:01:12.0640 3348 SCardSvr - ok
10:01:12.0718 3348 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll
10:01:12.0734 3348 Schedule - ok
10:01:12.0843 3348 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:01:12.0843 3348 Secdrv - ok
10:01:12.0906 3348 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll
10:01:12.0921 3348 seclogon - ok
10:01:13.0000 3348 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll
10:01:13.0015 3348 SENS - ok
10:01:13.0078 3348 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:01:13.0078 3348 serenum - ok
10:01:13.0234 3348 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
10:01:13.0250 3348 Serial - ok
10:01:13.0359 3348 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:01:13.0375 3348 Sfloppy - ok
10:01:13.0468 3348 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll
10:01:13.0484 3348 SharedAccess - ok
10:01:13.0609 3348 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
10:01:13.0625 3348 ShellHWDetection - ok
10:01:13.0687 3348 Simbad - ok
10:01:13.0765 3348 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
10:01:13.0781 3348 smwdm - ok
10:01:13.0843 3348 Sparrow - ok
10:01:13.0906 3348 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:01:13.0906 3348 splitter - ok
10:01:13.0984 3348 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:01:14.0000 3348 Spooler - ok
10:01:14.0062 3348 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
10:01:14.0062 3348 sr - ok
10:01:14.0171 3348 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll
10:01:14.0187 3348 srservice - ok
10:01:14.0281 3348 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:01:14.0312 3348 Srv - ok
10:01:14.0406 3348 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll
10:01:14.0421 3348 SSDPSRV - ok
10:01:14.0468 3348 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll
10:01:14.0500 3348 stisvc - ok
10:01:14.0593 3348 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:01:14.0593 3348 swenum - ok
10:01:14.0656 3348 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:01:14.0656 3348 swmidi - ok
10:01:14.0718 3348 SwPrv - ok
10:01:14.0750 3348 symc810 - ok
10:01:14.0781 3348 symc8xx - ok
10:01:14.0796 3348 sym_hi - ok
10:01:14.0828 3348 sym_u3 - ok
10:01:14.0875 3348 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:01:14.0890 3348 sysaudio - ok
10:01:14.0984 3348 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe
10:01:14.0984 3348 SysmonLog - ok
10:01:15.0062 3348 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll
10:01:15.0078 3348 TapiSrv - ok
10:01:15.0343 3348 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:01:15.0437 3348 Tcpip - ok
10:01:15.0609 3348 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:01:15.0609 3348 TDPIPE - ok
10:01:15.0765 3348 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:01:15.0765 3348 TDTCP - ok
10:01:15.0859 3348 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:01:15.0859 3348 TermDD - ok
10:01:15.0984 3348 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll
10:01:16.0015 3348 TermService - ok
10:01:16.0156 3348 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
10:01:16.0171 3348 Themes - ok
10:01:16.0250 3348 TlntSvr (78a2fe13662a119875f10e9ffcb49a8f) C:\WINDOWS\system32\tlntsvr.exe
10:01:16.0281 3348 TlntSvr - ok
10:01:16.0421 3348 TosIde - ok
10:01:16.0500 3348 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll
10:01:17.0296 3348 TrkWks - ok
10:01:17.0421 3348 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:01:17.0437 3348 Udfs - ok
10:01:17.0843 3348 ultra - ok
10:01:17.0937 3348 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:01:18.0281 3348 Update - ok
10:01:18.0359 3348 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll
10:01:19.0140 3348 upnphost - ok
10:01:19.0250 3348 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe
10:01:20.0453 3348 UPS - ok
10:01:20.0531 3348 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:01:20.0796 3348 usbccgp - ok
10:01:20.0906 3348 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:01:21.0109 3348 usbehci - ok
10:01:21.0328 3348 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:01:21.0625 3348 usbhub - ok
10:01:21.0828 3348 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:01:21.0937 3348 usbprint - ok
10:01:22.0250 3348 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:01:22.0265 3348 usbscan - ok
10:01:22.0546 3348 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:01:22.0578 3348 USBSTOR - ok
10:01:22.0750 3348 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:01:22.0750 3348 usbuhci - ok
10:01:22.0843 3348 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:01:22.0843 3348 VgaSave - ok
10:01:22.0906 3348 ViaIde - ok
10:01:22.0968 3348 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
10:01:22.0968 3348 VolSnap - ok
10:01:23.0078 3348 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe
10:01:23.0093 3348 VSS - ok
10:01:23.0281 3348 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll
10:01:23.0296 3348 W32Time - ok
10:01:23.0406 3348 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:01:23.0406 3348 Wanarp - ok
10:01:23.0468 3348 WDICA - ok
10:01:23.0515 3348 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:01:23.0531 3348 wdmaud - ok
10:01:23.0625 3348 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll
10:01:23.0656 3348 WebClient - ok
10:01:23.0828 3348 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:01:23.0828 3348 winmgmt - ok
10:01:23.0953 3348 WmdmPmSN (2628076412ec86c92827ae5202501e5d) C:\WINDOWS\system32\mspmsnsv.dll
10:01:23.0953 3348 WmdmPmSN - ok
10:01:24.0062 3348 Wmi (93f8eb8c7cd4e325ec92edbfc545103d) C:\WINDOWS\System32\advapi32.dll
10:01:24.0078 3348 Wmi - ok
10:01:24.0250 3348 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:01:24.0250 3348 WmiApSrv - ok
10:01:24.0359 3348 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll
10:01:24.0359 3348 wscsvc - ok
10:01:24.0453 3348 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll
10:01:24.0468 3348 wuauserv - ok
10:01:24.0531 3348 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll
10:01:24.0562 3348 WZCSVC - ok
10:01:24.0625 3348 xcpip - ok
10:01:24.0703 3348 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll
10:01:24.0718 3348 xmlprov - ok
10:01:24.0781 3348 xpsec - ok
10:01:24.0828 3348 MBR (0x1B8) (25fdd3b61791a226676b12dc5bddef71) \Device\Harddisk0\DR0
10:01:24.0828 3348 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
10:01:24.0828 3348 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
10:01:24.0843 3348 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
10:01:28.0812 3348 \Device\Harddisk1\DR4 - ok
10:01:28.0843 3348 Boot (0x1200) (eaa7511aad5f67d48329524711e0cdfd) \Device\Harddisk0\DR0\Partition0
10:01:28.0843 3348 \Device\Harddisk0\DR0\Partition0 - ok
10:01:28.0875 3348 Boot (0x1200) (97337f8e7248d485b0a45553a8d2bd96) \Device\Harddisk0\DR0\Partition1
10:01:28.0875 3348 \Device\Harddisk0\DR0\Partition1 - ok
10:01:28.0875 3348 Boot (0x1200) (ffe9445d9b5adb98550c2e732878c1a0) \Device\Harddisk1\DR4\Partition0
10:01:28.0890 3348 \Device\Harddisk1\DR4\Partition0 - ok
10:01:28.0890 3348 ============================================================
10:01:28.0890 3348 Scan finished
10:01:28.0890 3348 ============================================================
10:01:28.0906 1688 Detected object count: 1
10:01:28.0906 1688 Actual detected object count: 1
10:01:51.0203 1688 \Device\Harddisk0\DR0\# - copied to quarantine
10:01:51.0203 1688 \Device\Harddisk0\DR0 - copied to quarantine
10:01:51.0234 1688 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
10:01:51.0234 1688 \Device\Harddisk0\DR0 - ok
10:01:51.0234 1688 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
10:02:11.0937 0984 Deinitialize success