Javer

Beste kape, Geweldig! Alle verwijder-instructies uitgevoerd. Uninstall van Combofix ontvindbaar maar van bureaublad deleted. Met CCleaner vier scans gedaan. Alles hersteld. Als slot nog een AVG scan gemaakt. Geen bedreigingen meer gevonden. Geweldig bedankt voor de geduldige hulp.

Beste Kape, Super! Ik denk dat we nu een 100% score hebben. TDSS Killer laten scannen en de bedreigingen in quarantaine laten zetten ("copy..."???) Geen nieuwe opstart vereist. Nogmaals TDSS laten scannen en nog steeds bedreigingen gevonden! Gekozen voor "cure". TDSS verlangde een nieuwe opstart. Na opstart opnieuw een TDSS scan gemaakt en die vond geen bedreigingen meer. Daarna een AVG scan gemaakt van hele computer. Geen bedreigingen meer gevonden! (voor de eerste keer na ca. 20 scans met AVG tussen vrijdag 13.07.12 en woensdag 18.07.12)! Wat denk je, kunnen we gerust zijn?

Beste kape, Vooraf even het volgende: 1. ING-bank heeft vorige week, vóór mijn kontakt met pc helpforum, mijn TAN codes geblokkeerd omdat er een ernstige infectie in mijn computer zou zitten die waarschijnlijk niet zonder deskundigen verwijderd zou kunnen worden. 2. Emsisoft heeft een Trojan ontdekt die zij niet konden verwijderen en waarbij zij naar de deskundigen van hun support forum verwezen. 3. De (gratis) AVG versie zit al zo'n 14 maanden op mijn computer en er is regelmatig een update. Denk je dat ik toch de huidige AVG versie moet verwijderen? EMSISOFT: PhysicalDrive0 Ontdekt: Trojan.DOS.Sinowal!E2 \\.\PhysicalDrive0 - Rootkits worden niet automatisch verwijderd. Raadpleeg aub de experts op het Emsisoft forum voor hulp bij het handmatig verwijderen van deze malware: Emsisoft Support Forum

Beste kape, Bestand C:\WINDOWS\system32\svchost.exe (684) is onvindbaar. Scannen met Jotti C:\WINDOWS\system32\svchost.exe levert niets op. Scannen met AVG (met vrijwel alle opties aangevinkt) C:\WINDOWS\system32\svchost.exe levert niets op. Scannen met AVG (met vrijwel alle opties aangevinkt) C:\WINDOWS\system32 levert niets op. Scannen met AVG (met vrijwel alle opties aangevinkt) C:\WINDOWS levert niets op. Scannen met AVG (met vrijwel alle opties aangevinkt) C: levert niets op. Scannen met AVG hele computer geeft 5 (10) Trojaanse paarden. Scannen met Jotti C:\WINDOWS\explorer.exe levert niets op.

Beste kape, Een klein succesje: Emsisoft draait in de veilige modus! Er zijn besmettingen gevonden waarvan er 1 (trojaans paard) niet verwijderd kon worden. Daarna is de computer opnieuw opgestart. Vervolgens een AVG-scan gemaakt. Hieruit blijkt dat de 5 (10) trojaanse paarden alle nog aanwezig zijn. Hieronder volgt: 1. de slotopmerking van Emsisoft in een venster 2. het log bestand van Emsisoft 3. de niet verwijderde trojaanse paarden na een AVG scan 1. ======================================== \\.\PhysicalDrive0 - Rootkits worden niet automatisch verwijderd. Raadpleeg aub de experts op het Emsisoft forum voor hulp bij het handmatig verwijderen van deze malware: Emsisoft Support Forum ======================================== 2. ======================================== Emsisoft Emergency Kit - Versie 2.0 Laatste Update: 14-7-2012 12:11:35 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\ Scan archieven: Aan ADS Scan: Aan Scan gestart: 17-7-2012 15:12:02 \\.\PhysicalDrive0 Ontdekt: Trojan.DOS.Sinowal!E2 C:\Documents and Settings\Jack Verhoeven\Application Data\Sun\Java\Deployment\cache\6.0\63\330ed57f-3e86a4b1 -> ehsa\ehsc.class Ontdekt: Exploit.Java.Blacole!E2 C:\Documents and Settings\Jack Verhoeven\Application Data\Sun\Java\Deployment\cache\6.0\63\330ed57f-3e86a4b1 -> ehsa\ter.class Ontdekt: Java.CVE!E2 C:\Documents and Settings\Jack Verhoeven\Application Data\Sun\Java\Deployment\cache\6.0\63\330ed57f-3e86a4b1 -> ehsa\ehsb.class Ontdekt: Exploit.Java.CVE-2012-0507!E2 Gescand 473918 Gevonden 4 Scan geëindigd: 17-7-2012 16:29:15 Scantijd: 1:17:13 C:\Documents and Settings\Jack Verhoeven\Application Data\Sun\Java\Deployment\cache\6.0\63\330ed57f-3e86a4b1 -> ehsa\ehsb.class Verwijderd Exploit.Java.CVE-2012-0507!E2 Verwijderd 1 In quarantaine 0 ========================================= 3. ========================================= "";"C:\WINDOWS\system32\winlogon.exe (1248)";"Trojaans paard PSW.Agent.AUET";"Verwijderd" "";"C:\WINDOWS\system32\svchost.exe (684)";"Trojaans paard PSW.Agent.AUET";"Verwijderd" "";"C:\WINDOWS\system32\svchost.exe (1620)";"Trojaans paard PSW.Agent.AUET";"Verwijderd" "";"C:\WINDOWS\system32\svchost.exe (1508)";"Trojaans paard PSW.Agent.AUET";"Verwijderd" "";"C:\WINDOWS\explorer.exe (1832)";"Trojaans paard PSW.Agent.AUET";"Verwijderd" "";"C:\WINDOWS\system32\winlogon.exe (1248):\memory_01140000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd" "";"C:\WINDOWS\system32\svchost.exe (684):\memory_00c70000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd" "";"C:\WINDOWS\system32\svchost.exe (1620):\memory_02360000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd" "";"C:\WINDOWS\system32\svchost.exe (1508):\memory_00ff0000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd" "";"C:\WINDOWS\explorer.exe (1832):\memory_00c10000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd"

Beste kape, Ik heb AVG laten scannen direct na TDSS Killer. Er waren 26 (!) potentiele bedreigingen waarvan uiteindelijk de besmettingen overbleven waarmee we begonnen zijn. Er is dus nog niets veranderd aan de 5 (10) trojaanse paarden.

10:42:05.0817 3096 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11 10:42:06.0020 3096 ============================================================ 10:42:06.0020 3096 Current date / time: 2012/07/17 10:42:06.0020 10:42:06.0020 3096 SystemInfo: 10:42:06.0020 3096 10:42:06.0020 3096 OS Version: 5.1.2600 ServicePack: 3.0 10:42:06.0020 3096 Product type: Workstation 10:42:06.0020 3096 ComputerName: JACOBUS 10:42:06.0020 3096 UserName: Jack Verhoeven 10:42:06.0020 3096 Windows directory: C:\WINDOWS 10:42:06.0020 3096 System windows directory: C:\WINDOWS 10:42:06.0020 3096 Processor architecture: Intel x86 10:42:06.0020 3096 Number of processors: 2 10:42:06.0020 3096 Page size: 0x1000 10:42:06.0020 3096 Boot type: Normal boot 10:42:06.0020 3096 ============================================================ 10:42:08.0239 3096 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 10:42:08.0239 3096 ============================================================ 10:42:08.0239 3096 \Device\Harddisk0\DR0: 10:42:08.0239 3096 MBR partitions: 10:42:08.0239 3096 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x143B000, BlocksNum 0x23FF3000 10:42:08.0239 3096 ============================================================ 10:42:08.0270 3096 C: <-> \Device\Harddisk0\DR0\Partition0 10:42:08.0270 3096 ============================================================ 10:42:08.0270 3096 Initialize success 10:42:08.0270 3096 ============================================================ 10:42:41.0624 3312 ============================================================ 10:42:41.0624 3312 Scan started 10:42:41.0624 3312 Mode: Manual; 10:42:41.0624 3312 ============================================================ 10:42:42.0405 3312 6to4 (31637cf039dd52468238de4a06630d90) C:\WINDOWS\System32\6to4svc.dll 10:42:42.0405 3312 6to4 - ok 10:42:42.0546 3312 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Documents and Settings\Jack Verhoeven\Bureaublad\EmsisoftEmergencyKit\Run\a2ddax86.sys 10:42:42.0546 3312 A2DDA - ok 10:42:42.0562 3312 Abiosdsk - ok 10:42:42.0593 3312 abp480n5 - ok 10:42:42.0640 3312 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:42:42.0640 3312 ACPI - ok 10:42:42.0671 3312 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 10:42:42.0671 3312 ACPIEC - ok 10:42:42.0702 3312 adpu160m - ok 10:42:42.0765 3312 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 10:42:42.0765 3312 aec - ok 10:42:42.0827 3312 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 10:42:42.0843 3312 AFD - ok 10:42:42.0905 3312 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys 10:42:42.0905 3312 AFS2K - ok 10:42:42.0921 3312 Aha154x - ok 10:42:42.0952 3312 aic78u2 - ok 10:42:42.0968 3312 aic78xx - ok 10:42:43.0030 3312 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll 10:42:43.0030 3312 Alerter - ok 10:42:43.0077 3312 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe 10:42:43.0077 3312 ALG - ok 10:42:43.0093 3312 AliIde - ok 10:42:43.0124 3312 amsint - ok 10:42:43.0171 3312 AppMgmt (434a70fa278eb3c42140e3755c2fa4f8) C:\WINDOWS\System32\appmgmts.dll 10:42:43.0187 3312 AppMgmt - ok 10:42:43.0218 3312 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 10:42:43.0233 3312 Arp1394 - ok 10:42:43.0249 3312 asc - ok 10:42:43.0265 3312 asc3350p - ok 10:42:43.0296 3312 asc3550 - ok 10:42:43.0468 3312 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 10:42:43.0468 3312 aspnet_state - ok 10:42:43.0515 3312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:42:43.0515 3312 AsyncMac - ok 10:42:43.0546 3312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 10:42:43.0546 3312 atapi - ok 10:42:43.0562 3312 Atdisk - ok 10:42:43.0624 3312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:42:43.0624 3312 Atmarpc - ok 10:42:43.0671 3312 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll 10:42:43.0671 3312 AudioSrv - ok 10:42:43.0702 3312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 10:42:43.0702 3312 audstub - ok 10:42:44.0124 3312 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe 10:42:44.0202 3312 AVGIDSAgent - ok 10:42:44.0327 3312 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 10:42:44.0327 3312 AVGIDSDriver - ok 10:42:44.0343 3312 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 10:42:44.0358 3312 AVGIDSEH - ok 10:42:44.0390 3312 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 10:42:44.0390 3312 AVGIDSFilter - ok 10:42:44.0405 3312 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 10:42:44.0421 3312 AVGIDSShim - ok 10:42:44.0468 3312 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 10:42:44.0468 3312 Avgldx86 - ok 10:42:44.0499 3312 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 10:42:44.0499 3312 Avgmfx86 - ok 10:42:44.0530 3312 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 10:42:44.0530 3312 Avgrkx86 - ok 10:42:44.0593 3312 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 10:42:44.0608 3312 Avgtdix - ok 10:42:44.0827 3312 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 10:42:44.0827 3312 avgwd - ok 10:42:44.0999 3312 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 10:42:45.0030 3312 BCM43XX - ok 10:42:45.0077 3312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 10:42:45.0077 3312 Beep - ok 10:42:45.0171 3312 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll 10:42:45.0171 3312 BITS - ok 10:42:45.0233 3312 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll 10:42:45.0233 3312 Browser - ok 10:42:45.0264 3312 catchme - ok 10:42:45.0358 3312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 10:42:45.0358 3312 cbidf2k - ok 10:42:45.0421 3312 cd20xrnt - ok 10:42:45.0452 3312 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 10:42:45.0452 3312 Cdaudio - ok 10:42:45.0483 3312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 10:42:45.0483 3312 Cdfs - ok 10:42:45.0530 3312 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:42:45.0530 3312 Cdrom - ok 10:42:45.0546 3312 Changer - ok 10:42:45.0593 3312 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe 10:42:45.0593 3312 CiSvc - ok 10:42:45.0608 3312 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe 10:42:45.0624 3312 ClipSrv - ok 10:42:45.0702 3312 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:42:45.0702 3312 clr_optimization_v2.0.50727_32 - ok 10:42:45.0749 3312 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 10:42:45.0764 3312 CmBatt - ok 10:42:45.0780 3312 CmdIde - ok 10:42:45.0796 3312 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 10:42:45.0796 3312 Compbatt - ok 10:42:45.0827 3312 COMSysApp - ok 10:42:45.0889 3312 Cpqarray - ok 10:42:45.0936 3312 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll 10:42:45.0936 3312 CryptSvc - ok 10:42:45.0952 3312 dac2w2k - ok 10:42:45.0983 3312 dac960nt - ok 10:42:46.0061 3312 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll 10:42:46.0077 3312 DcomLaunch - ok 10:42:46.0092 3312 DgiVecp - ok 10:42:46.0155 3312 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll 10:42:46.0155 3312 Dhcp - ok 10:42:46.0171 3312 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 10:42:46.0171 3312 Disk - ok 10:42:46.0202 3312 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS 10:42:46.0202 3312 DLABMFSM - ok 10:42:46.0233 3312 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS 10:42:46.0233 3312 DLABOIOM - ok 10:42:46.0264 3312 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 10:42:46.0264 3312 DLACDBHM - ok 10:42:46.0296 3312 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS 10:42:46.0296 3312 DLADResM - ok 10:42:46.0327 3312 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS 10:42:46.0327 3312 DLAIFS_M - ok 10:42:46.0342 3312 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS 10:42:46.0358 3312 DLAOPIOM - ok 10:42:46.0374 3312 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS 10:42:46.0374 3312 DLAPoolM - ok 10:42:46.0405 3312 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 10:42:46.0405 3312 DLARTL_M - ok 10:42:46.0452 3312 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS 10:42:46.0452 3312 DLAUDFAM - ok 10:42:46.0467 3312 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS 10:42:46.0483 3312 DLAUDF_M - ok 10:42:46.0499 3312 dmadmin - ok 10:42:46.0608 3312 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 10:42:46.0624 3312 dmboot - ok 10:42:46.0639 3312 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 10:42:46.0639 3312 dmio - ok 10:42:46.0671 3312 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 10:42:46.0671 3312 dmload - ok 10:42:46.0717 3312 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll 10:42:46.0717 3312 dmserver - ok 10:42:46.0764 3312 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 10:42:46.0764 3312 DMusic - ok 10:42:46.0811 3312 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll 10:42:46.0811 3312 Dnscache - ok 10:42:46.0858 3312 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll 10:42:46.0858 3312 Dot3svc - ok 10:42:46.0874 3312 dpti2o - ok 10:42:46.0905 3312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 10:42:46.0905 3312 drmkaud - ok 10:42:46.0952 3312 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 10:42:46.0952 3312 DRVMCDB - ok 10:42:46.0983 3312 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 10:42:46.0983 3312 DRVNDDM - ok 10:42:47.0014 3312 DwProt (6c5abe3c6d8adc67a988a0c3f68fac24) C:\WINDOWS\system32\drivers\dwprot.sys 10:42:47.0014 3312 DwProt - ok 10:42:47.0045 3312 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll 10:42:47.0045 3312 EapHost - ok 10:42:47.0092 3312 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll 10:42:47.0092 3312 ERSvc - ok 10:42:47.0155 3312 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 10:42:47.0155 3312 Eventlog - ok 10:42:47.0217 3312 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll 10:42:47.0217 3312 EventSystem - ok 10:42:47.0249 3312 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 10:42:47.0249 3312 Fastfat - ok 10:42:47.0295 3312 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 10:42:47.0295 3312 FastUserSwitchingCompatibility - ok 10:42:47.0311 3312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 10:42:47.0327 3312 Fdc - ok 10:42:47.0342 3312 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 10:42:47.0358 3312 Fips - ok 10:42:47.0374 3312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 10:42:47.0374 3312 Flpydisk - ok 10:42:47.0436 3312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 10:42:47.0436 3312 FltMgr - ok 10:42:47.0577 3312 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 10:42:47.0577 3312 FontCache3.0.0.0 - ok 10:42:47.0608 3312 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:42:47.0624 3312 Fs_Rec - ok 10:42:47.0670 3312 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:42:47.0670 3312 Ftdisk - ok 10:42:47.0717 3312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:42:47.0733 3312 Gpc - ok 10:42:47.0780 3312 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 10:42:47.0780 3312 HDAudBus - ok 10:42:47.0858 3312 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 10:42:47.0858 3312 helpsvc - ok 10:42:47.0873 3312 HidServ - ok 10:42:47.0936 3312 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:42:47.0936 3312 hidusb - ok 10:42:47.0967 3312 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll 10:42:47.0983 3312 hkmsvc - ok 10:42:47.0998 3312 hpn - ok 10:42:48.0077 3312 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 10:42:48.0077 3312 HTTP - ok 10:42:48.0139 3312 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll 10:42:48.0139 3312 HTTPFilter - ok 10:42:48.0155 3312 i2omgmt - ok 10:42:48.0202 3312 i2omp - ok 10:42:48.0248 3312 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 10:42:48.0248 3312 i8042prt - ok 10:42:48.0358 3312 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 10:42:48.0358 3312 IDriverT - ok 10:42:48.0483 3312 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 10:42:48.0483 3312 idsvc - ok 10:42:48.0577 3312 IISADMIN (f89e74c0b4f17aadccb3cf4cee969f52) C:\WINDOWS\system32\inetsrv\inetinfo.exe 10:42:48.0577 3312 IISADMIN - ok 10:42:48.0623 3312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 10:42:48.0623 3312 Imapi - ok 10:42:48.0686 3312 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe 10:42:48.0686 3312 ImapiService - ok 10:42:48.0733 3312 ini910u - ok 10:42:49.0139 3312 IntcAzAudAddService (613a2b00da1d4a80de1ec8cfb52c0d89) C:\WINDOWS\system32\drivers\RtkHDAud.sys 10:42:49.0233 3312 IntcAzAudAddService - ok 10:42:49.0311 3312 IntelIde - ok 10:42:49.0405 3312 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys 10:42:49.0405 3312 intelppm - ok 10:42:49.0467 3312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 10:42:49.0467 3312 Ip6Fw - ok 10:42:49.0530 3312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:42:49.0530 3312 IpFilterDriver - ok 10:42:49.0561 3312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:42:49.0561 3312 IpInIp - ok 10:42:49.0608 3312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:42:49.0623 3312 IpNat - ok 10:42:49.0670 3312 Iprip (fe06330a5659b692b616a5f8c9c493a0) C:\WINDOWS\System32\iprip.dll 10:42:49.0670 3312 Iprip - ok 10:42:49.0701 3312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:42:49.0701 3312 IPSec - ok 10:42:49.0717 3312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 10:42:49.0717 3312 IRENUM - ok 10:42:49.0795 3312 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:42:49.0795 3312 isapnp - ok 10:42:49.0889 3312 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe 10:42:49.0889 3312 JavaQuickStarterService - ok 10:42:49.0920 3312 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:42:49.0920 3312 Kbdclass - ok 10:42:49.0983 3312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 10:42:49.0983 3312 kmixer - ok 10:42:50.0014 3312 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 10:42:50.0014 3312 KSecDD - ok 10:42:50.0076 3312 LanmanServer (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll 10:42:50.0076 3312 LanmanServer - ok 10:42:50.0154 3312 LanmanWorkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll 10:42:50.0154 3312 LanmanWorkstation - ok 10:42:50.0170 3312 lbrtfdc - ok 10:42:50.0264 3312 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll 10:42:50.0264 3312 LmHosts - ok 10:42:50.0311 3312 LPDSVC (46d8aad86cf13a292900e4b2efa7aafa) C:\WINDOWS\system32\tcpsvcs.exe 10:42:50.0311 3312 LPDSVC - ok 10:42:50.0358 3312 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll 10:42:50.0358 3312 Messenger - ok 10:42:50.0389 3312 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 10:42:50.0404 3312 mnmdd - ok 10:42:50.0436 3312 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe 10:42:50.0436 3312 mnmsrvc - ok 10:42:50.0483 3312 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 10:42:50.0483 3312 Modem - ok 10:42:50.0529 3312 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:42:50.0529 3312 Mouclass - ok 10:42:50.0545 3312 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 10:42:50.0545 3312 mouhid - ok 10:42:50.0576 3312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 10:42:50.0576 3312 MountMgr - ok 10:42:50.0592 3312 mraid35x - ok 10:42:50.0670 3312 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:42:50.0670 3312 MRxDAV - ok 10:42:50.0732 3312 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:42:50.0732 3312 MRxSmb - ok 10:42:50.0779 3312 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe 10:42:50.0779 3312 MSDTC - ok 10:42:50.0811 3312 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 10:42:50.0811 3312 Msfs - ok 10:42:50.0842 3312 MSIServer - ok 10:42:50.0889 3312 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:42:50.0889 3312 MSKSSRV - ok 10:42:50.0904 3312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:42:50.0904 3312 MSPCLOCK - ok 10:42:50.0936 3312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 10:42:50.0936 3312 MSPQM - ok 10:42:50.0982 3312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:42:50.0982 3312 mssmbios - ok 10:42:51.0014 3312 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 10:42:51.0029 3312 Mup - ok 10:42:51.0076 3312 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll 10:42:51.0092 3312 napagent - ok 10:42:51.0123 3312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 10:42:51.0139 3312 NDIS - ok 10:42:51.0186 3312 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:42:51.0186 3312 NdisTapi - ok 10:42:51.0217 3312 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:42:51.0217 3312 Ndisuio - ok 10:42:51.0232 3312 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:42:51.0232 3312 NdisWan - ok 10:42:51.0264 3312 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 10:42:51.0295 3312 NDProxy - ok 10:42:51.0311 3312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 10:42:51.0311 3312 NetBIOS - ok 10:42:51.0373 3312 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 10:42:51.0389 3312 NetBT - ok 10:42:51.0420 3312 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 10:42:51.0420 3312 NetDDE - ok 10:42:51.0436 3312 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 10:42:51.0436 3312 NetDDEdsdm - ok 10:42:51.0482 3312 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:42:51.0482 3312 Netlogon - ok 10:42:51.0529 3312 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll 10:42:51.0529 3312 Netman - ok 10:42:51.0639 3312 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 10:42:51.0639 3312 NetTcpPortSharing - ok 10:42:51.0685 3312 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 10:42:51.0685 3312 NIC1394 - ok 10:42:51.0748 3312 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll 10:42:51.0748 3312 Nla - ok 10:42:51.0795 3312 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 10:42:51.0795 3312 Npfs - ok 10:42:51.0857 3312 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 10:42:51.0857 3312 Ntfs - ok 10:42:51.0889 3312 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:42:51.0904 3312 NtLmSsp - ok 10:42:51.0951 3312 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll 10:42:51.0951 3312 NtmsSvc - ok 10:42:51.0998 3312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 10:42:51.0998 3312 Null - ok 10:42:52.0014 3312 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:42:52.0014 3312 NwlnkFlt - ok 10:42:52.0045 3312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:42:52.0045 3312 NwlnkFwd - ok 10:42:52.0076 3312 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 10:42:52.0092 3312 ohci1394 - ok 10:42:52.0107 3312 OMCI - ok 10:42:52.0170 3312 p2pgasvc (d09e8b4fe927b55059e82d8b9a7780db) C:\WINDOWS\system32\p2pgasvc.dll 10:42:52.0170 3312 p2pgasvc - ok 10:42:52.0217 3312 p2pimsvc (a8a02a2d752ce14099fb06270adb954b) C:\WINDOWS\system32\p2psvc.dll 10:42:52.0232 3312 p2pimsvc - ok 10:42:52.0248 3312 p2psvc (a8a02a2d752ce14099fb06270adb954b) C:\WINDOWS\system32\p2psvc.dll 10:42:52.0248 3312 p2psvc - ok 10:42:52.0310 3312 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys 10:42:52.0310 3312 Parport - ok 10:42:52.0326 3312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 10:42:52.0326 3312 PartMgr - ok 10:42:52.0388 3312 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 10:42:52.0388 3312 ParVdm - ok 10:42:52.0404 3312 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 10:42:52.0404 3312 PCI - ok 10:42:52.0435 3312 PCIDump - ok 10:42:52.0467 3312 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 10:42:52.0467 3312 PCIIde - ok 10:42:52.0513 3312 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys 10:42:52.0513 3312 Pcmcia - ok 10:42:52.0529 3312 PDCOMP - ok 10:42:52.0560 3312 PDFRAME - ok 10:42:52.0592 3312 PDRELI - ok 10:42:52.0623 3312 PDRFRAME - ok 10:42:52.0654 3312 perc2 - ok 10:42:52.0685 3312 perc2hib - ok 10:42:52.0795 3312 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 10:42:52.0795 3312 PlugPlay - ok 10:42:52.0810 3312 PNRPSvc (a8a02a2d752ce14099fb06270adb954b) C:\WINDOWS\system32\p2psvc.dll 10:42:52.0826 3312 PNRPSvc - ok 10:42:52.0842 3312 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:42:52.0857 3312 PolicyAgent - ok 10:42:52.0920 3312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:42:52.0920 3312 PptpMiniport - ok 10:42:52.0935 3312 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:42:52.0935 3312 ProtectedStorage - ok 10:42:52.0967 3312 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 10:42:52.0967 3312 PSched - ok 10:42:52.0998 3312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:42:52.0998 3312 Ptilink - ok 10:42:53.0029 3312 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 10:42:53.0029 3312 PxHelp20 - ok 10:42:53.0060 3312 ql1080 - ok 10:42:53.0092 3312 Ql10wnt - ok 10:42:53.0107 3312 ql12160 - ok 10:42:53.0138 3312 ql1240 - ok 10:42:53.0170 3312 ql1280 - ok 10:42:53.0217 3312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:42:53.0217 3312 RasAcd - ok 10:42:53.0263 3312 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll 10:42:53.0263 3312 RasAuto - ok 10:42:53.0279 3312 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:42:53.0279 3312 Rasl2tp - ok 10:42:53.0326 3312 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll 10:42:53.0341 3312 RasMan - ok 10:42:53.0357 3312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:42:53.0357 3312 RasPppoe - ok 10:42:53.0388 3312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 10:42:53.0388 3312 Raspti - ok 10:42:53.0451 3312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:42:53.0451 3312 Rdbss - ok 10:42:53.0466 3312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:42:53.0466 3312 RDPCDD - ok 10:42:53.0529 3312 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 10:42:53.0529 3312 rdpdr - ok 10:42:53.0591 3312 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys 10:42:53.0607 3312 RDPWD - ok 10:42:53.0670 3312 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe 10:42:53.0670 3312 RDSessMgr - ok 10:42:53.0701 3312 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 10:42:53.0701 3312 redbook - ok 10:42:53.0748 3312 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll 10:42:53.0748 3312 RemoteAccess - ok 10:42:53.0779 3312 RemoteRegistry (2fd5b89bf9289c774c5c730dea96cd91) C:\WINDOWS\system32\regsvc.dll 10:42:53.0795 3312 RemoteRegistry - ok 10:42:53.0826 3312 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe 10:42:53.0826 3312 RpcLocator - ok 10:42:53.0888 3312 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\System32\rpcss.dll 10:42:53.0888 3312 RpcSs - ok 10:42:53.0935 3312 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe 10:42:53.0935 3312 RSVP - ok 10:42:53.0982 3312 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 10:42:53.0982 3312 RTLE8023xp - ok 10:42:54.0013 3312 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:42:54.0013 3312 SamSs - ok 10:42:54.0060 3312 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe 10:42:54.0060 3312 SCardSvr - ok 10:42:54.0123 3312 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll 10:42:54.0138 3312 Schedule - ok 10:42:54.0154 3312 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 10:42:54.0154 3312 sdbus - ok 10:42:54.0201 3312 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:42:54.0201 3312 Secdrv - ok 10:42:54.0232 3312 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll 10:42:54.0248 3312 seclogon - ok 10:42:54.0263 3312 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll 10:42:54.0279 3312 SENS - ok 10:42:54.0310 3312 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys 10:42:54.0310 3312 Serial - ok 10:42:54.0373 3312 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys 10:42:54.0388 3312 sffdisk - ok 10:42:54.0404 3312 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 10:42:54.0404 3312 sffp_sd - ok 10:42:54.0435 3312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 10:42:54.0435 3312 Sfloppy - ok 10:42:54.0513 3312 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll 10:42:54.0513 3312 SharedAccess - ok 10:42:54.0576 3312 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 10:42:54.0576 3312 ShellHWDetection - ok 10:42:54.0591 3312 Simbad - ok 10:42:54.0638 3312 SimpTcp (46d8aad86cf13a292900e4b2efa7aafa) C:\WINDOWS\system32\tcpsvcs.exe 10:42:54.0638 3312 SimpTcp - ok 10:42:54.0748 3312 SMTPSVC (f89e74c0b4f17aadccb3cf4cee969f52) C:\WINDOWS\system32\inetsrv\inetinfo.exe 10:42:54.0748 3312 SMTPSVC - ok 10:42:54.0794 3312 SNMP (395baf8ea14e8c14a2a9eedd13fc8ba0) C:\WINDOWS\System32\snmp.exe 10:42:54.0794 3312 SNMP - ok 10:42:54.0826 3312 SNMPTRAP (f2927de8adc20282835347c22ac31d8a) C:\WINDOWS\System32\snmptrap.exe 10:42:54.0826 3312 SNMPTRAP - ok 10:42:54.0841 3312 Sparrow - ok 10:42:54.0888 3312 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 10:42:54.0888 3312 splitter - ok 10:42:54.0935 3312 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 10:42:54.0951 3312 Spooler - ok 10:42:54.0982 3312 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 10:42:54.0998 3312 sr - ok 10:42:55.0029 3312 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll 10:42:55.0029 3312 srservice - ok 10:42:55.0076 3312 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 10:42:55.0091 3312 Srv - ok 10:42:55.0123 3312 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll 10:42:55.0123 3312 SSDPSRV - ok 10:42:55.0138 3312 SSPORT - ok 10:42:55.0216 3312 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll 10:42:55.0216 3312 stisvc - ok 10:42:55.0357 3312 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 10:42:55.0357 3312 stllssvr - ok 10:42:55.0404 3312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 10:42:55.0404 3312 swenum - ok 10:42:55.0451 3312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 10:42:55.0451 3312 swmidi - ok 10:42:55.0466 3312 SwPrv - ok 10:42:55.0497 3312 symc810 - ok 10:42:55.0529 3312 symc8xx - ok 10:42:55.0560 3312 sym_hi - ok 10:42:55.0591 3312 sym_u3 - ok 10:42:55.0638 3312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 10:42:55.0638 3312 sysaudio - ok 10:42:55.0685 3312 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe 10:42:55.0685 3312 SysmonLog - ok 10:42:55.0716 3312 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll 10:42:55.0732 3312 TapiSrv - ok 10:42:55.0794 3312 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:42:55.0794 3312 Tcpip - ok 10:42:55.0841 3312 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys 10:42:55.0841 3312 Tcpip6 - ok 10:42:55.0888 3312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 10:42:55.0888 3312 TDPIPE - ok 10:42:55.0935 3312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 10:42:55.0935 3312 TDTCP - ok 10:42:55.0951 3312 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 10:42:55.0951 3312 TermDD - ok 10:42:55.0997 3312 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll 10:42:56.0013 3312 TermService - ok 10:42:56.0060 3312 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 10:42:56.0060 3312 Themes - ok 10:42:56.0091 3312 TlntSvr (78a2fe13662a119875f10e9ffcb49a8f) C:\WINDOWS\system32\tlntsvr.exe 10:42:56.0107 3312 TlntSvr - ok 10:42:56.0122 3312 TosIde - ok 10:42:56.0200 3312 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll 10:42:56.0200 3312 TrkWks - ok 10:42:56.0247 3312 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 10:42:56.0247 3312 tunmp - ok 10:42:56.0279 3312 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 10:42:56.0279 3312 Udfs - ok 10:42:56.0294 3312 ultra - ok 10:42:56.0372 3312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 10:42:56.0388 3312 Update - ok 10:42:56.0450 3312 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll 10:42:56.0450 3312 upnphost - ok 10:42:56.0513 3312 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe 10:42:56.0513 3312 UPS - ok 10:42:56.0544 3312 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 10:42:56.0544 3312 usbccgp - ok 10:42:56.0575 3312 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 10:42:56.0575 3312 usbehci - ok 10:42:56.0591 3312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:42:56.0607 3312 usbhub - ok 10:42:56.0638 3312 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 10:42:56.0638 3312 usbprint - ok 10:42:56.0654 3312 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 10:42:56.0669 3312 usbscan - ok 10:42:56.0716 3312 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:42:56.0716 3312 USBSTOR - ok 10:42:56.0763 3312 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 10:42:56.0763 3312 usbuhci - ok 10:42:56.0779 3312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 10:42:56.0779 3312 VgaSave - ok 10:42:56.0810 3312 ViaIde - ok 10:42:56.0841 3312 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 10:42:56.0841 3312 VolSnap - ok 10:42:56.0919 3312 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe 10:42:56.0919 3312 VSS - ok 10:42:56.0966 3312 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll 10:42:56.0966 3312 W32Time - ok 10:42:57.0122 3312 W3SVC (f89e74c0b4f17aadccb3cf4cee969f52) C:\WINDOWS\system32\inetsrv\inetinfo.exe 10:42:57.0122 3312 W3SVC - ok 10:42:57.0138 3312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:42:57.0153 3312 Wanarp - ok 10:42:57.0169 3312 WDICA - ok 10:42:57.0310 3312 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 10:42:57.0310 3312 wdmaud - ok 10:42:57.0403 3312 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll 10:42:57.0419 3312 WebClient - ok 10:42:57.0794 3312 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll 10:42:57.0794 3312 winmgmt - ok 10:42:57.0857 3312 wltrysvc - ok 10:42:57.0888 3312 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll 10:42:57.0888 3312 WmdmPmSN - ok 10:42:57.0981 3312 Wmi (93f8eb8c7cd4e325ec92edbfc545103d) C:\WINDOWS\System32\advapi32.dll 10:42:57.0997 3312 Wmi - ok 10:42:58.0044 3312 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 10:42:58.0044 3312 WmiAcpi - ok 10:42:58.0106 3312 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe 10:42:58.0122 3312 WmiApSrv - ok 10:42:58.0294 3312 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe 10:42:58.0325 3312 WMPNetworkSvc - ok 10:42:58.0356 3312 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 10:42:58.0356 3312 WS2IFSL - ok 10:42:58.0419 3312 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll 10:42:58.0419 3312 wscsvc - ok 10:42:58.0466 3312 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll 10:42:58.0466 3312 wuauserv - ok 10:42:58.0497 3312 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 10:42:58.0497 3312 WudfPf - ok 10:42:58.0528 3312 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 10:42:58.0528 3312 WudfRd - ok 10:42:58.0560 3312 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 10:42:58.0575 3312 WudfSvc - ok 10:42:58.0638 3312 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll 10:42:58.0653 3312 WZCSVC - ok 10:42:58.0669 3312 xcpip - ok 10:42:58.0716 3312 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll 10:42:58.0731 3312 xmlprov - ok 10:42:58.0747 3312 xpsec - ok 10:42:58.0872 3312 MBR (0x1B8) (25fdd3b61791a226676b12dc5bddef71) \Device\Harddisk0\DR0 10:42:58.0872 3312 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected 10:42:58.0872 3312 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0) 10:42:58.0903 3312 Boot (0x1200) (9d718fc77fb037147da2b240fbcd7b41) \Device\Harddisk0\DR0\Partition0 10:42:58.0903 3312 \Device\Harddisk0\DR0\Partition0 - ok 10:42:58.0903 3312 ============================================================ 10:42:58.0903 3312 Scan finished 10:42:58.0903 3312 ============================================================ 10:42:58.0950 3240 Detected object count: 1 10:42:58.0950 3240 Actual detected object count: 1 10:44:45.0670 3240 \Device\Harddisk0\DR0\# - copied to quarantine 10:44:45.0670 3240 \Device\Harddisk0\DR0 - copied to quarantine 10:44:45.0670 3240 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Quarantine 10:44:59.0325 3440 ============================================================ 10:44:59.0325 3440 Scan started 10:44:59.0325 3440 Mode: Manual; 10:44:59.0325 3440 ============================================================ 10:45:00.0012 3440 6to4 (31637cf039dd52468238de4a06630d90) C:\WINDOWS\System32\6to4svc.dll 10:45:00.0012 3440 6to4 - ok 10:45:00.0074 3440 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Documents and Settings\Jack Verhoeven\Bureaublad\EmsisoftEmergencyKit\Run\a2ddax86.sys 10:45:00.0074 3440 A2DDA - ok 10:45:00.0090 3440 Abiosdsk - ok 10:45:00.0121 3440 abp480n5 - ok 10:45:00.0184 3440 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:45:00.0184 3440 ACPI - ok 10:45:00.0199 3440 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 10:45:00.0199 3440 ACPIEC - ok 10:45:00.0231 3440 adpu160m - ok 10:45:00.0293 3440 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 10:45:00.0293 3440 aec - ok 10:45:00.0356 3440 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 10:45:00.0356 3440 AFD - ok 10:45:00.0403 3440 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys 10:45:00.0403 3440 AFS2K - ok 10:45:00.0418 3440 Aha154x - ok 10:45:00.0449 3440 aic78u2 - ok 10:45:00.0465 3440 aic78xx - ok 10:45:00.0512 3440 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll 10:45:00.0512 3440 Alerter - ok 10:45:00.0559 3440 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe 10:45:00.0559 3440 ALG - ok 10:45:00.0574 3440 AliIde - ok 10:45:00.0606 3440 amsint - ok 10:45:00.0668 3440 AppMgmt (434a70fa278eb3c42140e3755c2fa4f8) C:\WINDOWS\System32\appmgmts.dll 10:45:00.0668 3440 AppMgmt - ok 10:45:00.0699 3440 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 10:45:00.0699 3440 Arp1394 - ok 10:45:00.0715 3440 asc - ok 10:45:00.0746 3440 asc3350p - ok 10:45:00.0777 3440 asc3550 - ok 10:45:00.0934 3440 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 10:45:00.0934 3440 aspnet_state - ok 10:45:00.0981 3440 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:45:00.0981 3440 AsyncMac - ok 10:45:01.0012 3440 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 10:45:01.0012 3440 atapi - ok 10:45:01.0027 3440 Atdisk - ok 10:45:01.0090 3440 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:45:01.0090 3440 Atmarpc - ok 10:45:01.0137 3440 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll 10:45:01.0137 3440 AudioSrv - ok 10:45:01.0168 3440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 10:45:01.0168 3440 audstub - ok 10:45:01.0590 3440 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe 10:45:01.0621 3440 AVGIDSAgent - ok 10:45:01.0746 3440 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 10:45:01.0746 3440 AVGIDSDriver - ok 10:45:01.0793 3440 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 10:45:01.0793 3440 AVGIDSEH - ok 10:45:01.0840 3440 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 10:45:01.0840 3440 AVGIDSFilter - ok 10:45:01.0871 3440 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 10:45:01.0871 3440 AVGIDSShim - ok 10:45:01.0934 3440 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 10:45:01.0934 3440 Avgldx86 - ok 10:45:01.0949 3440 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 10:45:01.0949 3440 Avgmfx86 - ok 10:45:01.0980 3440 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 10:45:01.0980 3440 Avgrkx86 - ok 10:45:02.0043 3440 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 10:45:02.0043 3440 Avgtdix - ok 10:45:02.0137 3440 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 10:45:02.0137 3440 avgwd - ok 10:45:02.0293 3440 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 10:45:02.0309 3440 BCM43XX - ok 10:45:02.0355 3440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 10:45:02.0355 3440 Beep - ok 10:45:02.0434 3440 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll 10:45:02.0434 3440 BITS - ok 10:45:02.0480 3440 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll 10:45:02.0480 3440 Browser - ok 10:45:02.0496 3440 catchme - ok 10:45:02.0574 3440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 10:45:02.0574 3440 cbidf2k - ok 10:45:02.0590 3440 cd20xrnt - ok 10:45:02.0621 3440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 10:45:02.0621 3440 Cdaudio - ok 10:45:02.0668 3440 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 10:45:02.0668 3440 Cdfs - ok 10:45:02.0699 3440 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:45:02.0699 3440 Cdrom - ok 10:45:02.0715 3440 Changer - ok 10:45:02.0762 3440 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe 10:45:02.0762 3440 CiSvc - ok 10:45:02.0793 3440 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe 10:45:02.0793 3440 ClipSrv - ok 10:45:02.0887 3440 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:45:02.0887 3440 clr_optimization_v2.0.50727_32 - ok 10:45:02.0933 3440 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 10:45:02.0933 3440 CmBatt - ok 10:45:02.0949 3440 CmdIde - ok 10:45:02.0980 3440 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 10:45:02.0980 3440 Compbatt - ok 10:45:03.0012 3440 COMSysApp - ok 10:45:03.0074 3440 Cpqarray - ok 10:45:03.0121 3440 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll 10:45:03.0121 3440 CryptSvc - ok 10:45:03.0137 3440 dac2w2k - ok 10:45:03.0168 3440 dac960nt - ok 10:45:03.0246 3440 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll 10:45:03.0246 3440 DcomLaunch - ok 10:45:03.0262 3440 DgiVecp - ok 10:45:03.0308 3440 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll 10:45:03.0308 3440 Dhcp - ok 10:45:03.0340 3440 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 10:45:03.0340 3440 Disk - ok 10:45:03.0371 3440 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS 10:45:03.0371 3440 DLABMFSM - ok 10:45:03.0402 3440 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS 10:45:03.0402 3440 DLABOIOM - ok 10:45:03.0418 3440 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 10:45:03.0418 3440 DLACDBHM - ok 10:45:03.0449 3440 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS 10:45:03.0449 3440 DLADResM - ok 10:45:03.0496 3440 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS 10:45:03.0496 3440 DLAIFS_M - ok 10:45:03.0511 3440 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS 10:45:03.0511 3440 DLAOPIOM - ok 10:45:03.0543 3440 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS 10:45:03.0543 3440 DLAPoolM - ok 10:45:03.0574 3440 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 10:45:03.0574 3440 DLARTL_M - ok 10:45:03.0605 3440 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS 10:45:03.0605 3440 DLAUDFAM - ok 10:45:03.0636 3440 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS 10:45:03.0636 3440 DLAUDF_M - ok 10:45:03.0668 3440 dmadmin - ok 10:45:03.0777 3440 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 10:45:03.0777 3440 dmboot - ok 10:45:03.0808 3440 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 10:45:03.0808 3440 dmio - ok 10:45:03.0840 3440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 10:45:03.0840 3440 dmload - ok 10:45:03.0886 3440 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll 10:45:03.0886 3440 dmserver - ok 10:45:03.0933 3440 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 10:45:03.0933 3440 DMusic - ok 10:45:03.0980 3440 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll 10:45:03.0980 3440 Dnscache - ok 10:45:04.0027 3440 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll 10:45:04.0027 3440 Dot3svc - ok 10:45:04.0043 3440 dpti2o - ok 10:45:04.0074 3440 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 10:45:04.0074 3440 drmkaud - ok 10:45:04.0121 3440 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 10:45:04.0121 3440 DRVMCDB - ok 10:45:04.0152 3440 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 10:45:04.0152 3440 DRVNDDM - ok 10:45:04.0183 3440 DwProt (6c5abe3c6d8adc67a988a0c3f68fac24) C:\WINDOWS\system32\drivers\dwprot.sys 10:45:04.0183 3440 DwProt - ok 10:45:04.0215 3440 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll 10:45:04.0215 3440 EapHost - ok 10:45:04.0261 3440 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll 10:45:04.0261 3440 ERSvc - ok 10:45:04.0308 3440 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 10:45:04.0324 3440 Eventlog - ok 10:45:04.0371 3440 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll 10:45:04.0386 3440 EventSystem - ok 10:45:04.0418 3440 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 10:45:04.0418 3440 Fastfat - ok 10:45:04.0464 3440 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 10:45:04.0464 3440 FastUserSwitchingCompatibility - ok 10:45:04.0496 3440 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 10:45:04.0496 3440 Fdc - ok 10:45:04.0527 3440 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 10:45:04.0527 3440 Fips - ok 10:45:04.0543 3440 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 10:45:04.0543 3440 Flpydisk - ok 10:45:04.0605 3440 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 10:45:04.0621 3440 FltMgr - ok 10:45:04.0839 3440 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 10:45:04.0839 3440 FontCache3.0.0.0 - ok 10:45:04.0855 3440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:45:04.0855 3440 Fs_Rec - ok 10:45:04.0918 3440 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:45:04.0918 3440 Ftdisk - ok 10:45:04.0949 3440 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:45:04.0964 3440 Gpc - ok 10:45:05.0011 3440 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 10:45:05.0011 3440 HDAudBus - ok 10:45:05.0089 3440 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 10:45:05.0089 3440 helpsvc - ok 10:45:05.0105 3440 HidServ - ok 10:45:05.0152 3440 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:45:05.0152 3440 hidusb - ok 10:45:05.0199 3440 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll 10:45:05.0199 3440 hkmsvc - ok 10:45:05.0214 3440 hpn - ok 10:45:05.0277 3440 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 10:45:05.0277 3440 HTTP - ok 10:45:05.0324 3440 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll 10:45:05.0324 3440 HTTPFilter - ok 10:45:05.0339 3440 i2omgmt - ok 10:45:05.0371 3440 i2omp - ok 10:45:05.0417 3440 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 10:45:05.0417 3440 i8042prt - ok 10:45:05.0511 3440 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 10:45:05.0527 3440 IDriverT - ok 10:45:05.0636 3440 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 10:45:05.0652 3440 idsvc - ok 10:45:05.0730 3440 IISADMIN (f89e74c0b4f17aadccb3cf4cee969f52) C:\WINDOWS\system32\inetsrv\inetinfo.exe 10:45:05.0730 3440 IISADMIN - ok 10:45:05.0777 3440 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 10:45:05.0777 3440 Imapi - ok 10:45:05.0839 3440 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe 10:45:05.0839 3440 ImapiService - ok 10:45:05.0886 3440 ini910u - ok 10:45:06.0261 3440 IntcAzAudAddService (613a2b00da1d4a80de1ec8cfb52c0d89) C:\WINDOWS\system32\drivers\RtkHDAud.sys 10:45:06.0308 3440 IntcAzAudAddService - ok 10:45:06.0370 3440 IntelIde - ok 10:45:06.0433 3440 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys 10:45:06.0433 3440 intelppm - ok 10:45:06.0464 3440 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 10:45:06.0480 3440 Ip6Fw - ok 10:45:06.0558 3440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:45:06.0558 3440 IpFilterDriver - ok 10:45:06.0605 3440 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:45:06.0605 3440 IpInIp - ok 10:45:06.0652 3440 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:45:06.0652 3440 IpNat - ok 10:45:06.0699 3440 Iprip (fe06330a5659b692b616a5f8c9c493a0) C:\WINDOWS\System32\iprip.dll 10:45:06.0699 3440 Iprip - ok 10:45:06.0730 3440 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:45:06.0730 3440 IPSec - ok 10:45:06.0745 3440 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 10:45:06.0745 3440 IRENUM - ok 10:45:06.0824 3440 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:45:06.0839 3440 isapnp - ok 10:45:06.0917 3440 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe 10:45:06.0917 3440 JavaQuickStarterService - ok 10:45:06.0949 3440 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:45:06.0949 3440 Kbdclass - ok 10:45:07.0011 3440 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 10:45:07.0011 3440 kmixer - ok 10:45:07.0058 3440 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 10:45:07.0058 3440 KSecDD - ok 10:45:07.0105 3440 LanmanServer (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll 10:45:07.0105 3440 LanmanServer - ok 10:45:07.0167 3440 LanmanWorkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll 10:45:07.0183 3440 LanmanWorkstation - ok 10:45:07.0199 3440 lbrtfdc - ok 10:45:07.0261 3440 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll 10:45:07.0261 3440 LmHosts - ok 10:45:07.0323 3440 LPDSVC (46d8aad86cf13a292900e4b2efa7aafa) C:\WINDOWS\system32\tcpsvcs.exe 10:45:07.0323 3440 LPDSVC - ok 10:45:07.0370 3440 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll 10:45:07.0370 3440 Messenger - ok 10:45:07.0402 3440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 10:45:07.0402 3440 mnmdd - ok 10:45:07.0433 3440 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe 10:45:07.0433 3440 mnmsrvc - ok 10:45:07.0480 3440 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 10:45:07.0480 3440 Modem - ok 10:45:07.0511 3440 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:45:07.0511 3440 Mouclass - ok 10:45:07.0542 3440 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 10:45:07.0542 3440 mouhid - ok 10:45:07.0573 3440 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 10:45:07.0573 3440 MountMgr - ok 10:45:07.0589 3440 mraid35x - ok 10:45:07.0652 3440 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:45:07.0652 3440 MRxDAV - ok 10:45:07.0714 3440 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:45:07.0714 3440 MRxSmb - ok 10:45:07.0745 3440 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe 10:45:07.0745 3440 MSDTC - ok 10:45:07.0777 3440 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 10:45:07.0777 3440 Msfs - ok 10:45:07.0808 3440 MSIServer - ok 10:45:07.0855 3440 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:45:07.0855 3440 MSKSSRV - ok 10:45:07.0870 3440 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:45:07.0870 3440 MSPCLOCK - ok 10:45:07.0902 3440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 10:45:07.0917 3440 MSPQM - ok 10:45:07.0948 3440 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:45:07.0948 3440 mssmbios - ok 10:45:07.0995 3440 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 10:45:07.0995 3440 Mup - ok 10:45:08.0042 3440 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll 10:45:08.0042 3440 napagent - ok 10:45:08.0105 3440 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 10:45:08.0105 3440 NDIS - ok 10:45:08.0151 3440 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:45:08.0167 3440 NdisTapi - ok 10:45:08.0183 3440 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:45:08.0183 3440 Ndisuio - ok 10:45:08.0214 3440 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:45:08.0214 3440 NdisWan - ok 10:45:08.0245 3440 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 10:45:08.0245 3440 NDProxy - ok 10:45:08.0276 3440 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 10:45:08.0276 3440 NetBIOS - ok 10:45:08.0323 3440 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 10:45:08.0323 3440 NetBT - ok 10:45:08.0370 3440 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 10:45:08.0370 3440 NetDDE - ok 10:45:08.0386 3440 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 10:45:08.0386 3440 NetDDEdsdm - ok 10:45:08.0433 3440 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:45:08.0433 3440 Netlogon - ok 10:45:08.0480 3440 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll 10:45:08.0480 3440 Netman - ok 10:45:08.0589 3440 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 10:45:08.0589 3440 NetTcpPortSharing - ok 10:45:08.0620 3440 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 10:45:08.0620 3440 NIC1394 - ok 10:45:08.0683 3440 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll 10:45:08.0683 3440 Nla - ok 10:45:08.0714 3440 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 10:45:08.0714 3440 Npfs - ok 10:45:08.0776 3440 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 10:45:08.0776 3440 Ntfs - ok 10:45:08.0808 3440 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:45:08.0823 3440 NtLmSsp - ok 10:45:08.0870 3440 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll 10:45:08.0870 3440 NtmsSvc - ok 10:45:08.0917 3440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 10:45:08.0917 3440 Null - ok 10:45:08.0948 3440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:45:08.0948 3440 NwlnkFlt - ok 10:45:08.0964 3440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:45:08.0964 3440 NwlnkFwd - ok 10:45:08.0995 3440 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 10:45:08.0995 3440 ohci1394 - ok 10:45:09.0026 3440 OMCI - ok 10:45:09.0089 3440 p2pgasvc (d09e8b4fe927b55059e82d8b9a7780db) C:\WINDOWS\system32\p2pgasvc.dll 10:45:09.0089 3440 p2pgasvc - ok 10:45:09.0136 3440 p2pimsvc (a8a02a2d752ce14099fb06270adb954b) C:\WINDOWS\system32\p2psvc.dll 10:45:09.0151 3440 p2pimsvc - ok 10:45:09.0167 3440 p2psvc (a8a02a2d752ce14099fb06270adb954b) C:\WINDOWS\system32\p2psvc.dll 10:45:09.0167 3440 p2psvc - ok 10:45:09.0229 3440 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys 10:45:09.0229 3440 Parport - ok 10:45:09.0245 3440 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 10:45:09.0245 3440 PartMgr - ok 10:45:09.0292 3440 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 10:45:09.0292 3440 ParVdm - ok 10:45:09.0323 3440 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 10:45:09.0323 3440 PCI - ok 10:45:09.0339 3440 PCIDump - ok 10:45:09.0370 3440 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 10:45:09.0386 3440 PCIIde - ok 10:45:09.0433 3440 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys 10:45:09.0433 3440 Pcmcia - ok 10:45:09.0448 3440 PDCOMP - ok 10:45:09.0479 3440 PDFRAME - ok 10:45:09.0511 3440 PDRELI - ok 10:45:09.0542 3440 PDRFRAME - ok 10:45:09.0573 3440 perc2 - ok 10:45:09.0589 3440 perc2hib - ok 10:45:09.0698 3440 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 10:45:09.0714 3440 PlugPlay - ok 10:45:09.0729 3440 PNRPSvc (a8a02a2d752ce14099fb06270adb954b) C:\WINDOWS\system32\p2psvc.dll 10:45:09.0729 3440 PNRPSvc - ok 10:45:09.0761 3440 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:45:09.0761 3440 PolicyAgent - ok 10:45:09.0823 3440 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:45:09.0823 3440 PptpMiniport - ok 10:45:09.0839 3440 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:45:09.0854 3440 ProtectedStorage - ok 10:45:09.0886 3440 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 10:45:09.0886 3440 PSched - ok 10:45:09.0901 3440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:45:09.0917 3440 Ptilink - ok 10:45:09.0948 3440 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 10:45:09.0948 3440 PxHelp20 - ok 10:45:09.0964 3440 ql1080 - ok 10:45:09.0995 3440 Ql10wnt - ok 10:45:10.0026 3440 ql12160 - ok 10:45:10.0057 3440 ql1240 - ok 10:45:10.0089 3440 ql1280 - ok 10:45:10.0136 3440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:45:10.0136 3440 RasAcd - ok 10:45:10.0167 3440 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll 10:45:10.0167 3440 RasAuto - ok 10:45:10.0198 3440 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:45:10.0198 3440 Rasl2tp - ok 10:45:10.0245 3440 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll 10:45:10.0245 3440 RasMan - ok 10:45:10.0261 3440 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:45:10.0261 3440 RasPppoe - ok 10:45:10.0292 3440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 10:45:10.0292 3440 Raspti - ok 10:45:10.0354 3440 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:45:10.0354 3440 Rdbss - ok 10:45:10.0370 3440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:45:10.0370 3440 RDPCDD - ok 10:45:10.0432 3440 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 10:45:10.0432 3440 rdpdr - ok 10:45:10.0495 3440 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys 10:45:10.0495 3440 RDPWD - ok 10:45:10.0542 3440 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe 10:45:10.0542 3440 RDSessMgr - ok 10:45:10.0589 3440 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 10:45:10.0589 3440 redbook - ok 10:45:10.0620 3440 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll 10:45:10.0620 3440 RemoteAccess - ok 10:45:10.0667 3440 RemoteRegistry (2fd5b89bf9289c774c5c730dea96cd91) C:\WINDOWS\system32\regsvc.dll 10:45:10.0667 3440 RemoteRegistry - ok 10:45:10.0698 3440 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe 10:45:10.0698 3440 RpcLocator - ok 10:45:10.0761 3440 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\System32\rpcss.dll 10:45:10.0776 3440 RpcSs - ok 10:45:10.0823 3440 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe 10:45:10.0823 3440 RSVP - ok 10:45:10.0870 3440 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 10:45:10.0870 3440 RTLE8023xp - ok 10:45:10.0901 3440 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 10:45:10.0901 3440 SamSs - ok 10:45:10.0932 3440 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe 10:45:10.0948 3440 SCardSvr - ok 10:45:10.0995 3440 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll 10:45:10.0995 3440 Schedule - ok 10:45:11.0010 3440 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 10:45:11.0026 3440 sdbus - ok 10:45:11.0073 3440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:45:11.0073 3440 Secdrv - ok 10:45:11.0104 3440 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll 10:45:11.0104 3440 seclogon - ok 10:45:11.0167 3440 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll 10:45:11.0167 3440 SENS - ok 10:45:11.0198 3440 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys 10:45:11.0198 3440 Serial - ok 10:45:11.0276 3440 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys 10:45:11.0276 3440 sffdisk - ok 10:45:11.0307 3440 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 10:45:11.0307 3440 sffp_sd - ok 10:45:11.0354 3440 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 10:45:11.0354 3440 Sfloppy - ok 10:45:11.0432 3440 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll 10:45:11.0432 3440 SharedAccess - ok 10:45:11.0479 3440 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 10:45:11.0479 3440 ShellHWDetection - ok 10:45:11.0495 3440 Simbad - ok 10:45:11.0573 3440 SimpTcp (46d8aad86cf13a292900e4b2efa7aafa) C:\WINDOWS\system32\tcpsvcs.exe 10:45:11.0573 3440 SimpTcp - ok 10:45:11.0667 3440 SMTPSVC (f89e74c0b4f17aadccb3cf4cee969f52) C:\WINDOWS\system32\inetsrv\inetinfo.exe 10:45:11.0667 3440 SMTPSVC - ok 10:45:11.0714 3440 SNMP (395baf8ea14e8c14a2a9eedd13fc8ba0) C:\WINDOWS\System32\snmp.exe 10:45:11.0714 3440 SNMP - ok 10:45:11.0745 3440 SNMPTRAP (f2927de8adc20282835347c22ac31d8a) C:\WINDOWS\System32\snmptrap.exe 10:45:11.0760 3440 SNMPTRAP - ok 10:45:11.0776 3440 Sparrow - ok 10:45:11.0823 3440 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 10:45:11.0823 3440 splitter - ok 10:45:11.0870 3440 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 10:45:11.0870 3440 Spooler - ok 10:45:11.0917 3440 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 10:45:11.0917 3440 sr - ok 10:45:11.0963 3440 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll 10:45:11.0963 3440 srservice - ok 10:45:12.0010 3440 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 10:45:12.0010 3440 Srv - ok 10:45:12.0042 3440 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll 10:45:12.0057 3440 SSDPSRV - ok 10:45:12.0073 3440 SSPORT - ok 10:45:12.0135 3440 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll 10:45:12.0135 3440 stisvc - ok 10:45:12.0245 3440 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 10:45:12.0245 3440 stllssvr - ok 10:45:12.0276 3440 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 10:45:12.0276 3440 swenum - ok 10:45:12.0338 3440 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 10:45:12.0338 3440 swmidi - ok 10:45:12.0354 3440 SwPrv - ok 10:45:12.0385 3440 symc810 - ok 10:45:12.0401 3440 symc8xx - ok 10:45:12.0432 3440 sym_hi - ok 10:45:12.0463 3440 sym_u3 - ok 10:45:12.0510 3440 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 10:45:12.0510 3440 sysaudio - ok 10:45:12.0557 3440 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe 10:45:12.0557 3440 SysmonLog - ok 10:45:12.0604 3440 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll 10:45:12.0604 3440 TapiSrv - ok 10:45:12.0667 3440 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:45:12.0682 3440 Tcpip - ok 10:45:12.0713 3440 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys 10:45:12.0713 3440 Tcpip6 - ok 10:45:12.0745 3440 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 10:45:12.0745 3440 TDPIPE - ok 10:45:12.0792 3440 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 10:45:12.0792 3440 TDTCP - ok 10:45:12.0838 3440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 10:45:12.0838 3440 TermDD - ok 10:45:12.0901 3440 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll 10:45:12.0901 3440 TermService - ok 10:45:12.0948 3440 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 10:45:12.0948 3440 Themes - ok 10:45:12.0979 3440 TlntSvr (78a2fe13662a119875f10e9ffcb49a8f) C:\WINDOWS\system32\tlntsvr.exe 10:45:12.0995 3440 TlntSvr - ok 10:45:13.0010 3440 TosIde - ok 10:45:13.0057 3440 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll 10:45:13.0073 3440 TrkWks - ok 10:45:13.0104 3440 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 10:45:13.0104 3440 tunmp - ok 10:45:13.0151 3440 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 10:45:13.0151 3440 Udfs - ok 10:45:13.0166 3440 ultra - ok 10:45:13.0245 3440 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 10:45:13.0245 3440 Update - ok 10:45:13.0291 3440 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll 10:45:13.0307 3440 upnphost - ok 10:45:13.0338 3440 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe 10:45:13.0338 3440 UPS - ok 10:45:13.0385 3440 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 10:45:13.0385 3440 usbccgp - ok 10:45:13.0416 3440 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 10:45:13.0416 3440 usbehci - ok 10:45:13.0432 3440 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:45:13.0432 3440 usbhub - ok 10:45:13.0479 3440 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 10:45:13.0479 3440 usbprint - ok 10:45:13.0495 3440 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 10:45:13.0495 3440 usbscan - ok 10:45:13.0557 3440 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:45:13.0557 3440 USBSTOR - ok 10:45:13.0573 3440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 10:45:13.0573 3440 usbuhci - ok 10:45:13.0604 3440 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 10:45:13.0604 3440 VgaSave - ok 10:45:13.0635 3440 ViaIde - ok 10:45:13.0698 3440 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 10:45:13.0698 3440 VolSnap - ok 10:45:13.0744 3440 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe 10:45:13.0744 3440 VSS - ok 10:45:13.0791 3440 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll 10:45:13.0791 3440 W32Time - ok 10:45:13.0869 3440 W3SVC (f89e74c0b4f17aadccb3cf4cee969f52) C:\WINDOWS\system32\inetsrv\inetinfo.exe 10:45:13.0869 3440 W3SVC - ok 10:45:13.0901 3440 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:45:13.0901 3440 Wanarp - ok 10:45:13.0916 3440 WDICA - ok 10:45:13.0979 3440 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 10:45:13.0979 3440 wdmaud - ok 10:45:14.0026 3440 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll 10:45:14.0026 3440 WebClient - ok 10:45:14.0119 3440 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll 10:45:14.0119 3440 winmgmt - ok 10:45:14.0166 3440 wltrysvc - ok 10:45:14.0213 3440 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll 10:45:14.0213 3440 WmdmPmSN - ok 10:45:14.0307 3440 Wmi (93f8eb8c7cd4e325ec92edbfc545103d) C:\WINDOWS\System32\advapi32.dll 10:45:14.0307 3440 Wmi - ok 10:45:14.0323 3440 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 10:45:14.0323 3440 WmiAcpi - ok 10:45:14.0385 3440 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe 10:45:14.0385 3440 WmiApSrv - ok 10:45:14.0573 3440 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe 10:45:14.0573 3440 WMPNetworkSvc - ok 10:45:14.0619 3440 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 10:45:14.0619 3440 WS2IFSL - ok 10:45:14.0682 3440 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll 10:45:14.0682 3440 wscsvc - ok 10:45:14.0729 3440 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll 10:45:14.0729 3440 wuauserv - ok 10:45:14.0760 3440 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 10:45:14.0760 3440 WudfPf - ok 10:45:14.0791 3440 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 10:45:14.0791 3440 WudfRd - ok 10:45:14.0822 3440 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 10:45:14.0838 3440 WudfSvc - ok 10:45:14.0901 3440 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll 10:45:14.0901 3440 WZCSVC - ok 10:45:14.0916 3440 xcpip - ok 10:45:14.0979 3440 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll 10:45:14.0979 3440 xmlprov - ok 10:45:14.0994 3440 xpsec - ok 10:45:15.0119 3440 MBR (0x1B8) (25fdd3b61791a226676b12dc5bddef71) \Device\Harddisk0\DR0 10:45:15.0119 3440 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected 10:45:15.0119 3440 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0) 10:45:15.0151 3440 Boot (0x1200) (9d718fc77fb037147da2b240fbcd7b41) \Device\Harddisk0\DR0\Partition0 10:45:15.0151 3440 \Device\Harddisk0\DR0\Partition0 - ok 10:45:15.0151 3440 ============================================================ 10:45:15.0151 3440 Scan finished 10:45:15.0151 3440 ============================================================ 10:45:15.0197 2196 Detected object count: 1 10:45:15.0197 2196 Actual detected object count: 1 10:45:29.0383 2196 \Device\Harddisk0\DR0\# - copied to quarantine 10:45:29.0383 2196 \Device\Harddisk0\DR0 - copied to quarantine 10:45:29.0383 2196 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Quarantine

Beste kape, Of de aktie goed heeft gewerkt weet ik niet. Ik kon alleen kiezen voor scan en niet voor scannen als Administrator. Vevolgens bij de "delete"-aktie onderbrak AVG de operatie en is adwcleaner.exe in quarantaine geplaatst. Opnieuw downloaden lukte niet. Na opstarten van de pc lukte dat wel. Opnieuw instructies uitgevoerd en AVG geen bestanden in quarantaine laten zetten. De logfile volgt hieronder. In de temp-map zitten nog steeds mappen die niet verwijderd of geleegd kunnen worden. Volgens mij komen er steeds meer bestanden in mijn computer die ik niet kan openen of verwijderen. Verder vertelt een AVG-scan dat het aantal trojaanse paarden is toegenomen van 10 naar 12. Hieronder volgt de info: # AdwCleaner v1.702 - Logfile created 07/16/2012 at 21:02:10 # Updated 13/07/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Jack Verhoeven - JACOBUS # Running from : C:\Documents and Settings\Jack Verhoeven\Bureaublad\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [Registre - GUID] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v7.0.5730.13 [OK] Registry is clean. -\\ Mozilla Firefox v3.6.11 (nl) Profile name : default File : C:\Documents and Settings\Jack Verhoeven\Application Data\Mozilla\Firefox\Profiles\qvxjrmah.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R3].txt - [890 octets] - [16/07/2012 21:01:49] AdwCleaner[s2].txt - [822 octets] - [16/07/2012 21:02:10] ########## EOF - C:\AdwCleaner[s2].txt - [949 octets] ########## ================================================================= AVG-scan: "";"C:\WINDOWS\system32\winlogon.exe (1252)";"Trojaans paard PSW.Agent.AUET";"Verwijderd" "";"C:\WINDOWS\system32\svchost.exe (2684)";"Trojaans paard PSW.Agent.AUET";"Verwijderd" "";"C:\WINDOWS\system32\svchost.exe (1632)";"Trojaans paard PSW.Agent.AUET";"Verwijderd" "";"C:\WINDOWS\system32\svchost.exe (1520)";"Trojaans paard PSW.Agent.AUET";"Verwijderd" "";"C:\WINDOWS\explorer.exe (128)";"Trojaans paard PSW.Agent.AUET";"Verwijderd" "";"C:\Program Files\Internet Explorer\iexplore.exe (3728)";"Trojaans paard PSW.Agent.ARJV";"Verwijderd" "";"C:\WINDOWS\system32\winlogon.exe (1252):\memory_013c0000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd" "";"C:\WINDOWS\system32\svchost.exe (2684):\memory_00c70000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd" "";"C:\WINDOWS\system32\svchost.exe (1632):\memory_01760000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd" "";"C:\WINDOWS\system32\svchost.exe (1520):\memory_00ac0000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd" "";"C:\WINDOWS\explorer.exe (128):\memory_02030000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd" "";"C:\Program Files\Internet Explorer\iexplore.exe (3728):\memory_03b60000";"Trojaans paard PSW.Agent.ARJV";"Geïnfecteerd"

De temp-map kan niet volledig leeg gemaakt worden. De volgende twee mappen kunnen niet verwijderd worden en ook de afzonderlijk bestanden niet. Ook na opnieuw opstarten kunnen ze niet verwijderd worden (melding toegang geweigerd omdat de bestanden misschien in gebruik zijn). In de mappen zitten allemaal random- bestanden van 14 juli 20.34u en 20.47u. C:\Documents and Settings\Jack Verhoeven\Local Settings\temp\540A78DB-863C29B9-12C4A2DB-89DF9F15 C:\Documents and Settings\Jack Verhoeven\Local Settings\temp\697328BF-456ABC57-4933C4A4-4F0B27CD Het scannen met AVG geeft hetzelfde resultaat als aan het begin van ons project. Dus alle besmettingen zijn nog aanwezig: "";"C:\WINDOWS\system32\winlogon.exe (1248)";"Trojaans paard PSW.Agent.AUET";"Verwijderd" "";"C:\WINDOWS\system32\svchost.exe (2728)";"Trojaans paard PSW.Agent.AUET";"Verwijderd" "";"C:\WINDOWS\system32\svchost.exe (1628)";"Trojaans paard PSW.Agent.AUET";"Verwijderd" "";"C:\WINDOWS\system32\svchost.exe (1508)";"Trojaans paard PSW.Agent.AUET";"Verwijderd" "";"C:\WINDOWS\explorer.exe (844)";"Trojaans paard PSW.Agent.AUET";"Verwijderd" "";"C:\WINDOWS\system32\winlogon.exe (1248):\memory_012b0000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd" "";"C:\WINDOWS\system32\svchost.exe (2728):\memory_00c70000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd" "";"C:\WINDOWS\system32\svchost.exe (1628):\memory_016e0000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd" "";"C:\WINDOWS\system32\svchost.exe (1508):\memory_00ac0000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd" "";"C:\WINDOWS\explorer.exe (844):\memory_01aa0000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd"

Beste kape, In de temp-map zitten alleen de twee genoemde bestanden met een random benaming. Verder zitten de twee volgende bestanden in de temp-map: ~DF6BDD.tmp ~DFEECA.tmp De datum en tijd van deze bestanden is actueel, 16 juli ca. 09.00u Verder zitten er in de temp-map nog 4 andere mappen. Twee daarvan zitten boordevol met random bestanden en twee mappen bevatten slechts één random bestand. Geen enkel randombestand heeft het type .sys alleen de twee die ik hiervoor naar je gepost heb. De datum en tijd van deze vier mappen is 14 juli ca. 20.30u C:\Documents and Settings\Jack Verhoeven\Local Settings\temp\540A78DB-863C29B9-12C4A2DB-89DF9F15 C:\Documents and Settings\Jack Verhoeven\Local Settings\temp\697328BF-456ABC57-4933C4A4-4F0B27CD C:\Documents and Settings\Jack Verhoeven\Local Settings\temp\4A262CD0-C31CCE3F-D9F6D5CB-5E40F1DC C:\Documents and Settings\Jack Verhoeven\Local Settings\temp\B87294E6-89ED5192-F3C64084-92775B08

4OqWY0Ib.sys C:\Documents and Settings\Jack Verhoeven\Local Settings\temp Systeembestand 14 juli 2012, 20:47:46 216 kB 786r863K.sys C:\Documents and Settings\Jack Verhoeven\Local Settings\temp Systeembestand 14 juli 2012, 20:36:53 216 kB

Beste kape, Hier volgt de info: Crash Time : 14-7-2012 20:49:57 Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED Bug Check Code : 0x1000007e Parameter 1 : 0xc0000005 Parameter 2 : 0xb73820ba Parameter 3 : 0xba507b0c Parameter 4 : 0xba507808 Caused By Driver : 4OqWY0Ib.sys Crash Time : 14-7-2012 20:45:15 Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED Bug Check Code : 0x1000007e Parameter 1 : 0xc0000005 Parameter 2 : 0xb6f000ba Parameter 3 : 0xba503b0c Parameter 4 : 0xba503808 Caused By Driver : 786r863K.sys Crash Time : 14-7-2012 20:31:45 Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED Bug Check Code : 0x1000007e Parameter 1 : 0xc0000005 Parameter 2 : 0xb6ae2015 Parameter 3 : 0xba50fa74 Parameter 4 : 0xba50f770 Caused By Driver : dwprot.sys Crash Time : 14-7-2012 12:42:11 Bug Check String : DRIVER_CORRUPTED_EXPOOL Bug Check Code : 0x100000c5 Parameter 1 : 0x01000000 Parameter 2 : 0x00000002 Parameter 3 : 0x00000001 Parameter 4 : 0x8054b10d Caused By Driver : ACPI.sys Crash Time : 14-7-2012 12:32:41 Bug Check String : NTFS_FILE_SYSTEM Bug Check Code : 0x00000024 Parameter 1 : 0x001902fe Parameter 2 : 0xba527798 Parameter 3 : 0xba527494 Parameter 4 : 0x00000000 Caused By Driver : Ntfs.sys

Beste kape, Het spijt me dat ik je zo vaak een vraag moet stellen maar het probleem blijft onopgelost. Ik heb Dr.Web Curelt gedownload en opgestart. Na enige tijd verschijnt er een vol scherm met tekst en stop-melding (evenals bij het opstarten van Emsisoft Emergency Kit wat hiervoor ook niet lukte) De tekst meldt dat windows is afgesloten om schade te voorkomen. Verder: "Controleer of er voldoende schijfruimte beschikbaar is. Schakel het stuurprogramma uit wanneer dit in het stopbericht is opgegeven of raadpleeg de fabrikant voor een bijgewerkte versie. Vervang zo nodig de beeldschermadapter. Raadpleeg de hardwareleverancier voor een eventuele Bios-update. Schakel Bios-geheugenopties zoals caching of shadowing uit. Als u de veilige modus wilt gebruiken om onderdelen te verwijderen of uit te schakelen en start de computer opnieuw op. Druk vervolgens F8 om geavanceerde startopties te kiezen en selecteer de veilige modus. Microsoft geeft later een melding in een venster met nogal wat getallen die ik niet kan kopieren naar deze post. Het is voor mij als beginner niet mogelijk om verdere stappen zelf te ondernemen. Hopelijk heb jij een idee.

Beste kape, Het scannen met ESET is klaar. Het valt op dat slechts 1 besmetting is ontdekt. De besmettingen die AVG constateerde bemerkt ESET niet en de besmetting die ESET constateert was hiervoor niet opgemerkt door AVG. Hiet volgt de log van ESET: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=7.00.6000.17110 (vista_gdr.120419-1718) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=a5b837178c7ed847b7f11d2ed34bed95 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-07-14 01:17:00 # local_time=2012-07-14 03:17:00 (+0100, West-Europa (zomertijd)) # country="Netherlands" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 71193 71193 0 0 # compatibility_mode=1024 16777175 100 0 14162842 14162842 0 0 # compatibility_mode=8192 67108863 100 0 216 216 0 0 # scanned=56516 # found=1 # cleaned=1 # scan_time=1941 C:\Documents and Settings\Jack Verhoeven\Application Data\Sun\Java\Deployment\cache\6.0\34\38ec7862-124f707b Java/Exploit.Blacole.AN trojan (deleted - quarantined) 00000000000000000000000000000000 C

Beste kape, Ik heb de instructies over Emsisoft Emergency Kit uitgevoerd. Na het kiezen van "Diep" en klikken op "Scan" verschijnt er een pagina vol tekst met een stop-melding 0x000000c5 (0x01000000, 0x00000002, 0x00000001, 0x8054B10D). Vanaf dat moment zit de computer vast. Wanneer ik de computer opnieuw opstart en de procedure met Emisoft Emergency Kit opnieuw uitvoer gebeurt hetzelfde. Weet je hoe het verder moet?