Inhoud van krisvd - PC Helpforum

sooi832.bin - Eyestye.N.1039 ??

krisvd reageerde op krisvd's topic in Archief Bestrijding malware & virussen

Beste, gedaan wat u hier voorstelt, maar zelfde resultaat : - melding : Boot partitie kan niet correct opgeteld worden - scan start - scan na 30 min nog niet beëindigd. Pc volledig geblokkeerd (muis reageert). Harde Restart gedaan - Windows schijfcontrole start automatisch en meldt : - fouten in allerlei mappen (applic data, ..) - pc start vervolgens wel normaal op en ik kan schijnbaar ook normaal werken Wat kan ik nog meer doen ? THX krisvd

8 mei 2012
7 antwoorden

sooi832.bin - Eyestye.N.1039 ??

krisvd reageerde op krisvd's topic in Archief Bestrijding malware & virussen

PC Helpforum moderator bericht: Beste krisvd, we gaan verder in dit topic, want daar hoort het bij! beste, heb ondertussen gedaan wat u voorstelde, nl Combofix uitgevoerd. Resultaat : - melding : Boot partitie kan niet correct opgeteld worden - scan start - scan na 45 min nog niet beëindigd. Pc volledig geblokkeerd. Harde Restart gedaan - Windows schijfcontrole start automatisch en meldt : - fouten in map /combofix : - meer dan één ncmd.com vermelding in map /combofix - melding over kruiskoppeling in /combofix - pc start vervolgens wel normaal op en ik kan schijnbaar ook normaal werken Wat kan ik nog meer doen ? THX krisvd

8 mei 2012
7 antwoorden

sooi832.bin - Eyestye.N.1039 ??

krisvd reageerde op krisvd's topic in Archief Bestrijding malware & virussen

beste, (vervolg op mijn bericht van gisteren, met nieuwe logs) heb gedaan wat u voorstelde in uw antwoord - cmd's : uitgevoerd - hijackthis : de 4 items laten fixen cfr log hijackthis_NaClean.log in bijlage - dir C:\Program Files\AskBarDis verwijderd - TDSSKiller.exe uitgevoerd. cfr TDSSKiller_voorClean.log in bijlage - Malwarebytes uitgevoerd en alle items verwijderd cfr mbam-log-2012-05-06 (11-16-43)_clean.txt in bijlage extra : - nog eens Malwarebytes uitgevoerd cfr mbam-log-2012-05-06 (12-40-55) AfterCleanFullScan.txt Na deze bewerkingen krijg ik (toevallig, of als gevolg van ?) een melding van Avira dat de pc besmet is met TR/Trah.gen (trojan). cfr image AviraAlert.jpg in bijlage Ik heb Avira nog geen 'remove' laten doen Wat kan ik nog doen om verlost te geraken van alle beestjes ? Heeft u nog suggesties ? mvg kris [ATTACH=CONFIG]18460[/ATTACH][ATTACH]18461[/ATTACH][ATTACH]18462[/ATTACH][ATTACH]18463[/ATTACH][ATTACH]18464[/ATTACH] komen de bijlagen op deze manier tot bij u ? Het lukt me niet om dat te doen zoals in het bericht van gisteren .. ? ---------- Post toegevoegd om 19:21 ---------- Vorige post was om 19:07 ---------- Voor alle veiligheid, de log's in plain txt : HijackThis, na clean vd 4 items : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:29:16, on 6/05/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\AppleOSSMgr.exe C:\WINDOWS\system32\AppleTimeSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Synology Data Replicator 3\SynoDrService.exe C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Synology\Assistant\UsbClientService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\TeamViewer\Version7\TeamViewer.exe C:\WINDOWS\system32\IRW.exe C:\Program Files\Boot Camp\KbdMgr.exe C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Romain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe E:\Users\krisvandenbergh\XPInstall_Google Calendar Sync\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\TeamViewer\Version7\tv_w32.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Romain\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN.be, Nieuws, sport en showbizz, 24/24, 7/7, meer dan 350 nieuwsupdates per dag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.168\npchrome_frame.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [iRW] C:\WINDOWS\system32\IRW.exe O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe" O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Romain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Google Calendar Sync.lnk = E:\Users\krisvandenbergh\XPInstall_Google Calendar Sync\Google Calendar Sync\GoogleCalendarSync.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.dexia.be O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} (ExtraFilm Uploader Control) - http://belgacom.extrafilm.be/ExtraFilmUploader6.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://whselfinvest.webex.com/client/T26L/webex/ieatgpc.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.168\npchrome_frame.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe O23 - Service: Apple tijdvoorziening (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator 3\SynoDrService.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - E:\Users\krisvandenbergh\XPinstall_TVersity\Media Server\MediaServer.exe (file missing) O23 - Service: UsbClientService - Unknown owner - C:\Program Files\Synology\Assistant\UsbClientService.exe -- End of file - 12356 bytes TDSSKiller.log : 10:59:25.0593 2544 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 10:59:25.0765 2544 ============================================================ 10:59:25.0765 2544 Current date / time: 2012/05/06 10:59:25.0765 10:59:25.0765 2544 SystemInfo: 10:59:25.0765 2544 10:59:25.0765 2544 OS Version: 5.1.2600 ServicePack: 3.0 10:59:25.0765 2544 Product type: Workstation 10:59:25.0765 2544 ComputerName: MAC-XP 10:59:25.0765 2544 UserName: Romain 10:59:25.0765 2544 Windows directory: C:\WINDOWS 10:59:25.0765 2544 System windows directory: C:\WINDOWS 10:59:25.0765 2544 Processor architecture: Intel x86 10:59:25.0765 2544 Number of processors: 2 10:59:25.0765 2544 Page size: 0x1000 10:59:25.0765 2544 Boot type: Normal boot 10:59:25.0765 2544 ============================================================ 10:59:26.0655 2544 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 10:59:26.0655 2544 ============================================================ 10:59:26.0655 2544 \Device\Harddisk0\DR0: 10:59:26.0655 2544 GPT partitions: 10:59:26.0655 2544 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {000058EE-000F-0000-9E4A-00001F190000}, Name: EFI system partition, StartLBA 0x28, BlocksNum 0x64000 10:59:26.0655 2544 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {00000A6A-3560-0000-BA20-000098470000}, Name: Customer, StartLBA 0x64028, BlocksNum 0x213C0000 10:59:26.0655 2544 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {54DB0369-7708-4569-8626-2371AD4496D2}, Name: Untitled, StartLBA 0x21464028, BlocksNum 0x3FCAA60 10:59:26.0655 2544 MBR partitions: 10:59:26.0655 2544 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x21464028, BlocksNum 0x3FCAA60 10:59:26.0655 2544 ============================================================ 10:59:26.0702 2544 C: <-> \Device\Harddisk0\DR0\Partition3 10:59:26.0702 2544 ============================================================ 10:59:26.0702 2544 Initialize success 10:59:26.0702 2544 ============================================================ 10:59:45.0968 2952 ============================================================ 10:59:45.0968 2952 Scan started 10:59:45.0968 2952 Mode: Manual; 10:59:45.0968 2952 ============================================================ 10:59:47.0108 2952 Abiosdsk - ok 10:59:47.0124 2952 abp480n5 - ok 10:59:47.0202 2952 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:59:47.0202 2952 ACPI - ok 10:59:47.0202 2952 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 10:59:47.0202 2952 ACPIEC - ok 10:59:47.0202 2952 adpu160m - ok 10:59:47.0249 2952 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 10:59:47.0249 2952 aec - ok 10:59:47.0265 2952 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 10:59:47.0265 2952 AFD - ok 10:59:47.0280 2952 Aha154x - ok 10:59:47.0280 2952 aic78u2 - ok 10:59:47.0280 2952 aic78xx - ok 10:59:47.0327 2952 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll 10:59:47.0327 2952 Alerter - ok 10:59:47.0358 2952 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe 10:59:47.0358 2952 ALG - ok 10:59:47.0358 2952 AliIde - ok 10:59:47.0374 2952 amsint - ok 10:59:47.0405 2952 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe 10:59:47.0405 2952 AntiVirSchedulerService - ok 10:59:47.0437 2952 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 10:59:47.0437 2952 AntiVirService - ok 10:59:47.0515 2952 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 10:59:47.0515 2952 Apple Mobile Device - ok 10:59:47.0593 2952 AppleOSSMgr (e1c456f933d27813b46ca4bb2071b947) C:\WINDOWS\system32\AppleOSSMgr.exe 10:59:47.0593 2952 AppleOSSMgr - ok 10:59:47.0608 2952 AppleTimeSrv (9c55d327a8a2a8234d43193adde2b5f0) C:\WINDOWS\system32\AppleTimeSrv.exe 10:59:47.0608 2952 AppleTimeSrv - ok 10:59:47.0624 2952 AppMgmt - ok 10:59:47.0671 2952 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 10:59:47.0671 2952 Arp1394 - ok 10:59:47.0687 2952 asc - ok 10:59:47.0718 2952 asc3350p - ok 10:59:47.0718 2952 asc3550 - ok 10:59:47.0858 2952 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 10:59:47.0858 2952 aspnet_state - ok 10:59:47.0890 2952 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:59:47.0890 2952 AsyncMac - ok 10:59:47.0905 2952 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 10:59:47.0905 2952 atapi - ok 10:59:47.0921 2952 Atdisk - ok 10:59:47.0983 2952 Ati HotKey Poller (8afb4aff8837254e6d14338b1b11e690) C:\WINDOWS\system32\Ati2evxx.exe 10:59:47.0983 2952 Ati HotKey Poller - ok 10:59:48.0030 2952 ATI Smart (4550c352086794ef6fbccb39f4a42c4e) C:\WINDOWS\system32\ati2sgag.exe 10:59:48.0046 2952 ATI Smart - ok 10:59:48.0155 2952 ati2mtag (d0c00ee032994b698b47837a3561717a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 10:59:48.0155 2952 ati2mtag - ok 10:59:48.0202 2952 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:59:48.0202 2952 Atmarpc - ok 10:59:48.0280 2952 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll 10:59:48.0280 2952 AudioSrv - ok 10:59:48.0296 2952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 10:59:48.0296 2952 audstub - ok 10:59:48.0327 2952 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 10:59:48.0327 2952 avgntflt - ok 10:59:48.0343 2952 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys 10:59:48.0343 2952 avipbb - ok 10:59:48.0343 2952 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys 10:59:48.0358 2952 avkmgr - ok 10:59:48.0405 2952 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 10:59:48.0421 2952 BCM43XX - ok 10:59:48.0437 2952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 10:59:48.0437 2952 Beep - ok 10:59:48.0483 2952 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll 10:59:48.0483 2952 BITS - ok 10:59:48.0577 2952 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 10:59:48.0577 2952 Bonjour Service - ok 10:59:48.0640 2952 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll 10:59:48.0640 2952 Browser - ok 10:59:48.0671 2952 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 10:59:48.0671 2952 BthEnum - ok 10:59:48.0687 2952 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys 10:59:48.0687 2952 BthPan - ok 10:59:48.0718 2952 BTHPORT (29ff6a865782d0f5b8e7fa1ffab4182b) C:\WINDOWS\system32\Drivers\BTHport.sys 10:59:48.0718 2952 BTHPORT - ok 10:59:48.0733 2952 BthServ (530494ef38b7eea798fac9b87ecd5284) C:\WINDOWS\System32\bthserv.dll 10:59:48.0733 2952 BthServ - ok 10:59:48.0749 2952 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 10:59:48.0749 2952 BTHUSB - ok 10:59:48.0765 2952 busenum (cec1dbed5ea31801cdeb12833234f139) C:\WINDOWS\system32\DRIVERS\busenum.sys 10:59:48.0765 2952 busenum - ok 10:59:48.0780 2952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 10:59:48.0780 2952 cbidf2k - ok 10:59:48.0796 2952 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 10:59:48.0796 2952 CCDECODE - ok 10:59:48.0812 2952 cd20xrnt - ok 10:59:48.0827 2952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 10:59:48.0827 2952 Cdaudio - ok 10:59:48.0858 2952 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 10:59:48.0858 2952 Cdfs - ok 10:59:48.0874 2952 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:59:48.0874 2952 Cdrom - ok 10:59:48.0874 2952 Changer - ok 10:59:48.0905 2952 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe 10:59:48.0905 2952 CiSvc - ok 10:59:48.0937 2952 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe 10:59:48.0937 2952 ClipSrv - ok 10:59:49.0015 2952 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:59:49.0015 2952 clr_optimization_v2.0.50727_32 - ok 10:59:49.0062 2952 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 10:59:49.0062 2952 clr_optimization_v4.0.30319_32 - ok 10:59:49.0062 2952 CmdIde - ok 10:59:49.0093 2952 COMSysApp - ok 10:59:49.0093 2952 Cpqarray - ok 10:59:49.0171 2952 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll 10:59:49.0171 2952 CryptSvc - ok 10:59:49.0171 2952 dac2w2k - ok 10:59:49.0171 2952 dac960nt - ok 10:59:49.0218 2952 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll 10:59:49.0218 2952 DcomLaunch - ok 10:59:49.0233 2952 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll 10:59:49.0233 2952 Dhcp - ok 10:59:49.0249 2952 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 10:59:49.0249 2952 Disk - ok 10:59:49.0265 2952 dmadmin - ok 10:59:49.0312 2952 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 10:59:49.0312 2952 dmboot - ok 10:59:49.0327 2952 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 10:59:49.0327 2952 dmio - ok 10:59:49.0343 2952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 10:59:49.0343 2952 dmload - ok 10:59:49.0374 2952 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll 10:59:49.0374 2952 dmserver - ok 10:59:49.0390 2952 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 10:59:49.0390 2952 DMusic - ok 10:59:49.0421 2952 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll 10:59:49.0421 2952 Dnscache - ok 10:59:49.0437 2952 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll 10:59:49.0452 2952 Dot3svc - ok 10:59:49.0452 2952 dpti2o - ok 10:59:49.0483 2952 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 10:59:49.0483 2952 drmkaud - ok 10:59:49.0577 2952 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll 10:59:49.0577 2952 EapHost - ok 10:59:49.0608 2952 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll 10:59:49.0624 2952 ERSvc - ok 10:59:49.0655 2952 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 10:59:49.0655 2952 Eventlog - ok 10:59:49.0687 2952 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll 10:59:49.0702 2952 EventSystem - ok 10:59:49.0718 2952 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 10:59:49.0718 2952 Fastfat - ok 10:59:49.0749 2952 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 10:59:49.0749 2952 FastUserSwitchingCompatibility - ok 10:59:49.0796 2952 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 10:59:49.0796 2952 Fdc - ok 10:59:49.0827 2952 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 10:59:49.0827 2952 Fips - ok 10:59:49.0827 2952 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 10:59:49.0827 2952 Flpydisk - ok 10:59:49.0843 2952 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 10:59:49.0843 2952 FltMgr - ok 10:59:49.0905 2952 FolderSize (7c2b319ef1f62837aad0cdd76f0b84c6) C:\Program Files\FolderSize\FolderSizeSvc.exe 10:59:49.0905 2952 FolderSize - ok 10:59:49.0999 2952 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 10:59:49.0999 2952 FontCache3.0.0.0 - ok 10:59:50.0015 2952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:59:50.0015 2952 Fs_Rec - ok 10:59:50.0093 2952 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:59:50.0093 2952 Ftdisk - ok 10:59:50.0108 2952 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 10:59:50.0108 2952 GEARAspiWDM - ok 10:59:50.0124 2952 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:59:50.0124 2952 Gpc - ok 10:59:50.0218 2952 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 10:59:50.0218 2952 gupdate - ok 10:59:50.0218 2952 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 10:59:50.0233 2952 gupdatem - ok 10:59:50.0280 2952 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 10:59:50.0280 2952 gusvc - ok 10:59:50.0296 2952 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 10:59:50.0296 2952 HDAudBus - ok 10:59:50.0343 2952 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 10:59:50.0343 2952 helpsvc - ok 10:59:50.0374 2952 HidBth (d8cc702bb02ad520c3379e7ecb009ae1) C:\WINDOWS\system32\DRIVERS\hidbth.sys 10:59:50.0374 2952 HidBth - ok 10:59:50.0390 2952 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll 10:59:50.0390 2952 HidServ - ok 10:59:50.0405 2952 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:59:50.0405 2952 hidusb - ok 10:59:50.0468 2952 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll 10:59:50.0483 2952 hkmsvc - ok 10:59:50.0483 2952 hpn - ok 10:59:50.0515 2952 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 10:59:50.0515 2952 HTTP - ok 10:59:50.0593 2952 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll 10:59:50.0593 2952 HTTPFilter - ok 10:59:50.0593 2952 i2omgmt - ok 10:59:50.0593 2952 i2omp - ok 10:59:50.0655 2952 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 10:59:50.0655 2952 idsvc - ok 10:59:50.0687 2952 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 10:59:50.0687 2952 Imapi - ok 10:59:50.0718 2952 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe 10:59:50.0718 2952 ImapiService - ok 10:59:50.0718 2952 ini910u - ok 10:59:50.0890 2952 IntcAzAudAddService (613a2b00da1d4a80de1ec8cfb52c0d89) C:\WINDOWS\system32\drivers\RtkHDAud.sys 10:59:50.0921 2952 IntcAzAudAddService - ok 10:59:50.0968 2952 IntelIde - ok 10:59:50.0999 2952 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys 10:59:50.0999 2952 intelppm - ok 10:59:51.0030 2952 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 10:59:51.0030 2952 Ip6Fw - ok 10:59:51.0062 2952 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:59:51.0062 2952 IpFilterDriver - ok 10:59:51.0077 2952 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:59:51.0077 2952 IpInIp - ok 10:59:51.0108 2952 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:59:51.0108 2952 IpNat - ok 10:59:51.0171 2952 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe 10:59:51.0171 2952 iPod Service - ok 10:59:51.0202 2952 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:59:51.0202 2952 IPSec - ok 10:59:51.0218 2952 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 10:59:51.0218 2952 IRENUM - ok 10:59:51.0249 2952 IRRemoteFlt (7baef646e550106b039849b72244a35a) C:\WINDOWS\system32\DRIVERS\IRFilter.sys 10:59:51.0249 2952 IRRemoteFlt - ok 10:59:51.0265 2952 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:59:51.0265 2952 isapnp - ok 10:59:51.0374 2952 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe 10:59:51.0374 2952 JavaQuickStarterService - ok 10:59:51.0390 2952 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:59:51.0390 2952 Kbdclass - ok 10:59:51.0405 2952 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 10:59:51.0405 2952 kbdhid - ok 10:59:51.0437 2952 KeyAgent (41ffd6cf9745c54fa2310cfec88ee5ed) C:\WINDOWS\system32\drivers\KeyAgent.sys 10:59:51.0437 2952 KeyAgent - ok 10:59:51.0452 2952 KeyMagic (f0135c184560c73aacd53ad07a9aa434) C:\WINDOWS\system32\DRIVERS\KeyMagic.sys 10:59:51.0452 2952 KeyMagic - ok 10:59:51.0483 2952 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 10:59:51.0483 2952 kmixer - ok 10:59:51.0499 2952 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 10:59:51.0499 2952 KSecDD - ok 10:59:51.0546 2952 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll 10:59:51.0546 2952 lanmanserver - ok 10:59:51.0577 2952 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll 10:59:51.0577 2952 lanmanworkstation - ok 10:59:51.0577 2952 lbrtfdc - ok 10:59:51.0608 2952 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll 10:59:51.0608 2952 LmHosts - ok 10:59:51.0671 2952 MacDriveService (3085e01e239b2875dfa538e6eb7d7ada) C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe 10:59:51.0671 2952 MacDriveService - ok 10:59:51.0687 2952 MacHALDriver (67817e31acb988465aafe7d51888002b) C:\WINDOWS\system32\drivers\MacHALDriver.sys 10:59:51.0687 2952 MacHALDriver - ok 10:59:51.0718 2952 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 10:59:51.0718 2952 MBAMProtector - ok 10:59:51.0780 2952 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 10:59:51.0780 2952 MBAMService - ok 10:59:51.0812 2952 MDFSYSNT (3f6542dbf1fcaa30cb6a42719a24bd71) C:\WINDOWS\system32\drivers\MDFSYSNT.sys 10:59:51.0812 2952 MDFSYSNT - ok 10:59:51.0812 2952 MDPMGRNT (71c3f8fa39c7409bca9099e44c19dd78) C:\WINDOWS\system32\drivers\MDPMGRNT.sys 10:59:51.0812 2952 MDPMGRNT - ok 10:59:51.0843 2952 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll 10:59:51.0858 2952 Messenger - ok 10:59:51.0921 2952 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 10:59:51.0921 2952 Microsoft Office Groove Audit Service - ok 10:59:51.0937 2952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 10:59:51.0937 2952 mnmdd - ok 10:59:51.0968 2952 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe 10:59:51.0968 2952 mnmsrvc - ok 10:59:51.0999 2952 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 10:59:51.0999 2952 Modem - ok 10:59:52.0015 2952 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:59:52.0015 2952 Mouclass - ok 10:59:52.0046 2952 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 10:59:52.0046 2952 mouhid - ok 10:59:52.0062 2952 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 10:59:52.0077 2952 MountMgr - ok 10:59:52.0077 2952 mraid35x - ok 10:59:52.0077 2952 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:59:52.0077 2952 MRxDAV - ok 10:59:52.0108 2952 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:59:52.0108 2952 MRxSmb - ok 10:59:52.0171 2952 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe 10:59:52.0171 2952 MSDTC - ok 10:59:52.0187 2952 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 10:59:52.0187 2952 Msfs - ok 10:59:52.0202 2952 MSIServer - ok 10:59:52.0218 2952 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:59:52.0218 2952 MSKSSRV - ok 10:59:52.0218 2952 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:59:52.0218 2952 MSPCLOCK - ok 10:59:52.0233 2952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 10:59:52.0233 2952 MSPQM - ok 10:59:52.0249 2952 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:59:52.0249 2952 mssmbios - ok 10:59:52.0249 2952 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 10:59:52.0249 2952 MSTEE - ok 10:59:52.0249 2952 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 10:59:52.0265 2952 Mup - ok 10:59:52.0280 2952 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 10:59:52.0280 2952 NABTSFEC - ok 10:59:52.0327 2952 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll 10:59:52.0343 2952 napagent - ok 10:59:52.0374 2952 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 10:59:52.0374 2952 NDIS - ok 10:59:52.0390 2952 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 10:59:52.0390 2952 NdisIP - ok 10:59:52.0405 2952 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:59:52.0405 2952 NdisTapi - ok 10:59:52.0437 2952 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:59:52.0452 2952 Ndisuio - ok 10:59:52.0452 2952 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:59:52.0452 2952 NdisWan - ok 10:59:52.0452 2952 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 10:59:52.0452 2952 NDProxy - ok 10:59:52.0593 2952 Nero BackItUp Scheduler 4.0 (c7f5c284b6f46fcaf6910ea4e644700b) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 10:59:52.0593 2952 Nero BackItUp Scheduler 4.0 - ok 10:59:52.0608 2952 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 10:59:52.0608 2952 NetBIOS - ok 10:59:52.0624 2952 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 10:59:52.0624 2952 NetBT - ok 10:59:52.0655 2952 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 10:59:52.0671 2952 NetDDE - ok 10:59:52.0671 2952 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 10:59:52.0671 2952 NetDDEdsdm - ok 10:59:52.0718 2952 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:59:52.0718 2952 Netlogon - ok 10:59:52.0796 2952 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll 10:59:52.0796 2952 Netman - ok 10:59:52.0890 2952 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 10:59:52.0890 2952 NetTcpPortSharing - ok 10:59:52.0905 2952 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 10:59:52.0905 2952 NIC1394 - ok 10:59:52.0999 2952 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll 10:59:52.0999 2952 Nla - ok 10:59:53.0015 2952 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 10:59:53.0015 2952 Npfs - ok 10:59:53.0046 2952 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 10:59:53.0062 2952 Ntfs - ok 10:59:53.0062 2952 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:59:53.0062 2952 NtLmSsp - ok 10:59:53.0124 2952 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll 10:59:53.0124 2952 NtmsSvc - ok 10:59:53.0140 2952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 10:59:53.0140 2952 Null - ok 10:59:53.0171 2952 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:59:53.0171 2952 NwlnkFlt - ok 10:59:53.0187 2952 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:59:53.0187 2952 NwlnkFwd - ok 10:59:53.0265 2952 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 10:59:53.0265 2952 odserv - ok 10:59:53.0280 2952 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 10:59:53.0280 2952 ohci1394 - ok 10:59:53.0327 2952 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:59:53.0327 2952 ose - ok 10:59:53.0358 2952 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys 10:59:53.0358 2952 Parport - ok 10:59:53.0358 2952 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 10:59:53.0358 2952 PartMgr - ok 10:59:53.0374 2952 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 10:59:53.0390 2952 ParVdm - ok 10:59:53.0405 2952 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 10:59:53.0405 2952 PCI - ok 10:59:53.0405 2952 PCIDump - ok 10:59:53.0405 2952 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 10:59:53.0405 2952 PCIIde - ok 10:59:53.0437 2952 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys 10:59:53.0452 2952 Pcmcia - ok 10:59:53.0452 2952 PDCOMP - ok 10:59:53.0452 2952 PDFRAME - ok 10:59:53.0468 2952 PDRELI - ok 10:59:53.0468 2952 PDRFRAME - ok 10:59:53.0468 2952 perc2 - ok 10:59:53.0468 2952 perc2hib - ok 10:59:53.0515 2952 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 10:59:53.0515 2952 PlugPlay - ok 10:59:53.0515 2952 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:59:53.0515 2952 PolicyAgent - ok 10:59:53.0530 2952 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:59:53.0530 2952 PptpMiniport - ok 10:59:53.0530 2952 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:59:53.0530 2952 ProtectedStorage - ok 10:59:53.0546 2952 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 10:59:53.0546 2952 PSched - ok 10:59:53.0546 2952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:59:53.0546 2952 Ptilink - ok 10:59:53.0546 2952 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 10:59:53.0546 2952 PxHelp20 - ok 10:59:53.0562 2952 ql1080 - ok 10:59:53.0562 2952 Ql10wnt - ok 10:59:53.0562 2952 ql12160 - ok 10:59:53.0562 2952 ql1240 - ok 10:59:53.0577 2952 ql1280 - ok 10:59:53.0577 2952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:59:53.0577 2952 RasAcd - ok 10:59:53.0608 2952 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll 10:59:53.0624 2952 RasAuto - ok 10:59:53.0640 2952 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:59:53.0640 2952 Rasl2tp - ok 10:59:53.0671 2952 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll 10:59:53.0671 2952 RasMan - ok 10:59:53.0687 2952 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:59:53.0687 2952 RasPppoe - ok 10:59:53.0687 2952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 10:59:53.0687 2952 Raspti - ok 10:59:53.0702 2952 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:59:53.0702 2952 Rdbss - ok 10:59:53.0718 2952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:59:53.0718 2952 RDPCDD - ok 10:59:53.0749 2952 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 10:59:53.0749 2952 RDPWD - ok 10:59:53.0796 2952 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe 10:59:53.0796 2952 RDSessMgr - ok 10:59:53.0812 2952 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 10:59:53.0812 2952 redbook - ok 10:59:53.0858 2952 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll 10:59:53.0874 2952 RemoteAccess - ok 10:59:53.0890 2952 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 10:59:53.0905 2952 RFCOMM - ok 10:59:53.0921 2952 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe 10:59:53.0921 2952 RpcLocator - ok 10:59:53.0968 2952 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll 10:59:53.0968 2952 RpcSs - ok 10:59:53.0999 2952 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe 10:59:53.0999 2952 RSVP - ok 10:59:53.0999 2952 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:59:53.0999 2952 SamSs - ok 10:59:54.0015 2952 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe 10:59:54.0015 2952 SCardSvr - ok 10:59:54.0046 2952 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys 10:59:54.0046 2952 SCDEmu - ok 10:59:54.0093 2952 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll 10:59:54.0093 2952 Schedule - ok 10:59:54.0171 2952 ScsiAccess (54196cdac7e1d81d71c652e100b99e77) C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe 10:59:54.0171 2952 ScsiAccess - ok 10:59:54.0202 2952 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:59:54.0202 2952 Secdrv - ok 10:59:54.0233 2952 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll 10:59:54.0233 2952 seclogon - ok 10:59:54.0249 2952 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll 10:59:54.0249 2952 SENS - ok 10:59:54.0296 2952 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys 10:59:54.0296 2952 Serial - ok 10:59:54.0358 2952 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 10:59:54.0358 2952 Sfloppy - ok 10:59:54.0405 2952 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll 10:59:54.0405 2952 SharedAccess - ok 10:59:54.0437 2952 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 10:59:54.0437 2952 ShellHWDetection - ok 10:59:54.0437 2952 Simbad - ok 10:59:54.0468 2952 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 10:59:54.0468 2952 SLIP - ok 10:59:54.0468 2952 Sparrow - ok 10:59:54.0499 2952 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 10:59:54.0499 2952 splitter - ok 10:59:54.0530 2952 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 10:59:54.0530 2952 Spooler - ok 10:59:54.0546 2952 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 10:59:54.0546 2952 sr - ok 10:59:54.0577 2952 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll 10:59:54.0577 2952 srservice - ok 10:59:54.0593 2952 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 10:59:54.0593 2952 Srv - ok 10:59:54.0624 2952 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll 10:59:54.0624 2952 SSDPSRV - ok 10:59:54.0640 2952 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 10:59:54.0640 2952 ssmdrv - ok 10:59:54.0687 2952 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll 10:59:54.0702 2952 stisvc - ok 10:59:54.0718 2952 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 10:59:54.0718 2952 streamip - ok 10:59:54.0733 2952 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 10:59:54.0733 2952 swenum - ok 10:59:54.0765 2952 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 10:59:54.0765 2952 swmidi - ok 10:59:54.0796 2952 SwPrv - ok 10:59:54.0796 2952 symc810 - ok 10:59:54.0812 2952 symc8xx - ok 10:59:54.0812 2952 sym_hi - ok 10:59:54.0812 2952 sym_u3 - ok 10:59:54.0905 2952 SynoDrService (cf01636a8753af8c6b81f49a3404aa5d) C:\Program Files\Synology Data Replicator 3\SynoDrService.exe 10:59:54.0905 2952 SynoDrService - ok 10:59:54.0937 2952 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 10:59:54.0937 2952 sysaudio - ok 10:59:54.0952 2952 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe 10:59:54.0952 2952 SysmonLog - ok 10:59:54.0999 2952 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll 10:59:54.0999 2952 TapiSrv - ok 10:59:55.0030 2952 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:59:55.0030 2952 Tcpip - ok 10:59:55.0062 2952 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 10:59:55.0062 2952 TDPIPE - ok 10:59:55.0077 2952 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 10:59:55.0077 2952 TDTCP - ok 10:59:55.0233 2952 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe 10:59:55.0249 2952 TeamViewer7 - ok 10:59:55.0343 2952 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 10:59:55.0343 2952 TermDD - ok 10:59:55.0421 2952 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll 10:59:55.0421 2952 TermService - ok 10:59:55.0452 2952 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 10:59:55.0452 2952 Themes - ok 10:59:55.0452 2952 TosIde - ok 10:59:55.0515 2952 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll 10:59:55.0515 2952 TrkWks - ok 10:59:55.0515 2952 TVersityMediaServer - ok 10:59:55.0546 2952 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 10:59:55.0546 2952 Udfs - ok 10:59:55.0546 2952 ultra - ok 10:59:55.0593 2952 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 10:59:55.0593 2952 Update - ok 10:59:55.0624 2952 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll 10:59:55.0624 2952 upnphost - ok 10:59:55.0655 2952 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe 10:59:55.0655 2952 UPS - ok 10:59:55.0687 2952 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys 10:59:55.0687 2952 USBAAPL - ok 10:59:55.0718 2952 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 10:59:55.0718 2952 usbccgp - ok 10:59:55.0827 2952 UsbClientService (6af12011c88c80920d0543616e107cff) C:\Program Files\Synology\Assistant\UsbClientService.exe 10:59:55.0827 2952 UsbClientService - ok 10:59:55.0858 2952 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 10:59:55.0858 2952 usbehci - ok 10:59:55.0905 2952 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:59:55.0905 2952 usbhub - ok 10:59:55.0905 2952 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 10:59:55.0905 2952 usbprint - ok 10:59:55.0983 2952 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 10:59:55.0983 2952 usbscan - ok 10:59:56.0093 2952 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:59:56.0093 2952 USBSTOR - ok 10:59:56.0171 2952 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 10:59:56.0171 2952 usbuhci - ok 10:59:56.0312 2952 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 10:59:56.0312 2952 usbvideo - ok 10:59:56.0343 2952 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 10:59:56.0358 2952 VgaSave - ok 10:59:56.0358 2952 ViaIde - ok 10:59:56.0421 2952 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 10:59:56.0421 2952 VolSnap - ok 10:59:56.0468 2952 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe 10:59:56.0468 2952 VSS - ok 10:59:56.0499 2952 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll 10:59:56.0499 2952 W32Time - ok 10:59:56.0515 2952 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:59:56.0515 2952 Wanarp - ok 10:59:56.0546 2952 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 10:59:56.0546 2952 Wdf01000 - ok 10:59:56.0562 2952 WDICA - ok 10:59:56.0577 2952 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 10:59:56.0577 2952 wdmaud - ok 10:59:56.0593 2952 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll 10:59:56.0608 2952 WebClient - ok 10:59:56.0624 2952 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll 10:59:56.0624 2952 winmgmt - ok 10:59:56.0655 2952 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 10:59:56.0671 2952 WmdmPmSN - ok 10:59:56.0687 2952 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe 10:59:56.0687 2952 WmiApSrv - ok 10:59:56.0765 2952 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe 10:59:56.0780 2952 WMPNetworkSvc - ok 10:59:56.0937 2952 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 10:59:56.0952 2952 WPFFontCache_v0400 - ok 10:59:56.0999 2952 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll 10:59:56.0999 2952 wscsvc - ok 10:59:57.0046 2952 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 10:59:57.0046 2952 WSTCODEC - ok 10:59:57.0077 2952 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll 10:59:57.0093 2952 wuauserv - ok 10:59:57.0108 2952 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 10:59:57.0108 2952 WudfPf - ok 10:59:57.0140 2952 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 10:59:57.0140 2952 WudfRd - ok 10:59:57.0155 2952 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 10:59:57.0155 2952 WudfSvc - ok 10:59:57.0218 2952 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll 10:59:57.0218 2952 WZCSVC - ok 10:59:57.0265 2952 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll 10:59:57.0265 2952 xmlprov - ok 10:59:57.0296 2952 yukonwxp (f20fc720f74a2533d70cea1f4458f3c8) C:\WINDOWS\system32\DRIVERS\yk51x86.sys 10:59:57.0296 2952 yukonwxp - ok 10:59:57.0343 2952 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0 10:59:57.0468 2952 \Device\Harddisk0\DR0 - ok 10:59:57.0468 2952 Boot (0x1200) (3bbc7c1c8f91845a58ff07219ee597d9) \Device\Harddisk0\DR0\Partition0 10:59:57.0468 2952 \Device\Harddisk0\DR0\Partition0 - ok 10:59:57.0515 2952 Boot (0x1200) (a2640e1d79cdf7cf2f9d6c99ff1380be) \Device\Harddisk0\DR0\Partition1 10:59:57.0515 2952 \Device\Harddisk0\DR0\Partition1 - ok 10:59:57.0515 2952 Boot (0x1200) (580caa2b8f6914568f8be558e1d06775) \Device\Harddisk0\DR0\Partition2 10:59:57.0515 2952 \Device\Harddisk0\DR0\Partition2 - ok 10:59:57.0546 2952 Boot (0x1200) (580caa2b8f6914568f8be558e1d06775) \Device\Harddisk0\DR0\Partition3 10:59:57.0546 2952 \Device\Harddisk0\DR0\Partition3 - ok 10:59:57.0562 2952 ============================================================ 10:59:57.0562 2952 Scan finished 10:59:57.0562 2952 ============================================================ 10:59:57.0608 2164 Detected object count: 0 10:59:57.0608 2164 Actual detected object count: 0 Malwarebytes, log van de clean van alle items : Malwarebytes Anti-Malware (-evaluatieversie-) 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.05.06.02 Windows XP Service Pack 3 x86 FAT32 Internet Explorer 8.0.6001.18702 Romain :: MAC-XP [administrator] Realtime bescherming: Ingeschakeld 6/05/2012 11:16:43 mbam-log-2012-05-06 (11-16-43).txt Scantype: Volledige scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 281027 Verstreken tijd: 1 uur/uren, 1 minuut/minuten, 35 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 1 HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UJ7J2I3XZGVF8Y5D (Trojan.LameShield) -> Data: C:\sooi832.bin\CA0A49827DD.exe /q -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 1 C:\sooi832.bin (Trojan.SpyEyes) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 3 C:\sooi832.bin\CA0A49827DD.exe (Trojan.LameShield) -> Succesvol in quarantaine geplaatst en verwijderd. C:\WINDOWS\Temp\75939599757.exe (Trojan.LameShield) -> Succesvol in quarantaine geplaatst en verwijderd. C:\sooi832.bin\0305BD00445D70E (Trojan.SpyEyes) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Malwarebytes, log van volledige re-scan, na de clean : Malwarebytes Anti-Malware (-evaluatieversie-) 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.05.06.02 Windows XP Service Pack 3 x86 FAT32 Internet Explorer 8.0.6001.18702 Romain :: MAC-XP [administrator] Realtime bescherming: Ingeschakeld 6/05/2012 12:40:55 mbam-log-2012-05-06 (12-40-55).txt Scantype: Volledige scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 280964 Verstreken tijd: 58 minuut/minuten, 11 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)

6 mei 2012
7 antwoorden

sooi832.bin - Eyestye.N.1039 ??

krisvd plaatste een topic in Archief Bestrijding malware & virussen

beste, Ik werk met Windows XP, geïnstalleerd op een bootcamp-partitie van een iMac. Mijn virusscanner (Avira) komt mij melden dat ik besmet ben met de rootkit Eyestey.N.1039 (sooi832.bin) Ik ben nu op zoek naar de beste manier om dit 'virus' te verwijderen. Ik heb uw 'stappenplan bij vermoeden van infectie' uitgevoerd en dit zijn de resultaten : - DDS : geen resultaat. Scan blijft hangen en moet pc 'hard' rebooten (3x geprobeerd) - Malwarebytes : zie bijgevoegde log - HiJackThis : zie bijgevoegde log Kan u mij aanwijzingen geven over de te volgen procedure voor verwijdering van de rootkit ? alvast 1000x bedankt ! kris mbam-log-2012-05-05 (13-55-56).txt hijackthis.log

5 mei 2012
7 antwoorden

Inloggen

krisvd

Items

Registratiedatum

Laatst bezocht

Inhoudstype

Profielen

Forums

Store

Alles dat geplaatst werd door krisvd

sooi832.bin - Eyestye.N.1039 ??

sooi832.bin - Eyestye.N.1039 ??

sooi832.bin - Eyestye.N.1039 ??

sooi832.bin - Eyestye.N.1039 ??

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie