Trojaans paard PSW.Agent.ARMW / PSW.Agent.AUET / PSW.Agent.ASJX en meer...

[Renske31]

Hi, heb last van verschillende trojaanse paarden. Hieronder log;

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:08:30, on 11-4-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG2012\avgfws.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\WINDOWS\system32\AccelerometerSt.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\AVG\AVG2012\avgui.exe

C:\Program Files\AVG\AVG2012\avgidsagent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP - United States | Laptop Computers, Desktops, Printers, Servers and more

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - https://picasaweb.google.com/s/v/71.27/uploader2.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll

O20 - AppInit_DLLs: APSHook.dll

O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 13659 bytes

Zie jullie hulp graag tegemoet:)

Veel dank!!

Renske

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll

O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll

O4 - Global Startup: Bluetooth.lnk = ?

O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

[Renske31]

Dank voor je snelle reactie!

Bijgaand log a TDSSKiller;

21:07:24.0093 4772 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

21:07:26.0093 4772 ============================================================

21:07:26.0093 4772 Current date / time: 2012/04/11 21:07:26.0093

21:07:26.0093 4772 SystemInfo:

21:07:26.0093 4772

21:07:26.0093 4772 OS Version: 5.1.2600 ServicePack: 3.0

21:07:26.0093 4772 Product type: Workstation

21:07:26.0093 4772 ComputerName: INDEXING3

21:07:26.0093 4772 UserName: Administrator

21:07:26.0093 4772 Windows directory: C:\WINDOWS

21:07:26.0093 4772 System windows directory: C:\WINDOWS

21:07:26.0093 4772 Processor architecture: Intel x86

21:07:26.0093 4772 Number of processors: 2

21:07:26.0093 4772 Page size: 0x1000

21:07:26.0093 4772 Boot type: Normal boot

21:07:26.0093 4772 ============================================================

21:07:26.0921 4772 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

21:07:26.0937 4772 \Device\Harddisk0\DR0:

21:07:26.0937 4772 MBR used

21:07:26.0937 4772 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x21116727

21:07:26.0937 4772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x21116766, BlocksNum 0x4316F5B

21:07:27.0000 4772 Initialize success

21:07:27.0000 4772 ============================================================

21:07:50.0859 5372 ============================================================

21:07:50.0859 5372 Scan started

21:07:50.0859 5372 Mode: Manual;

21:07:50.0859 5372 ============================================================

21:07:51.0031 5372 Abiosdsk - ok

21:07:51.0046 5372 abp480n5 - ok

21:07:51.0125 5372 Accelerometer (558a0039f0ef634397e1f61055504478) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys

21:07:51.0125 5372 Accelerometer - ok

21:07:51.0171 5372 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:07:51.0171 5372 ACPI - ok

21:07:51.0187 5372 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

21:07:51.0187 5372 ACPIEC - ok

21:07:51.0218 5372 ADIHdAudAddService (1600cb3056c984af1987627128874e39) C:\WINDOWS\system32\drivers\ADIHdAud.sys

21:07:51.0234 5372 ADIHdAudAddService - ok

21:07:51.0296 5372 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

21:07:51.0312 5372 AdobeFlashPlayerUpdateSvc - ok

21:07:51.0328 5372 adpu160m - ok

21:07:51.0343 5372 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys

21:07:51.0343 5372 AEAudio - ok

21:07:51.0390 5372 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

21:07:51.0390 5372 aec - ok

21:07:51.0437 5372 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

21:07:51.0437 5372 AFD - ok

21:07:51.0515 5372 AgereSoftModem (90456051c422e09bc36e6340dd891f0c) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

21:07:51.0531 5372 AgereSoftModem - ok

21:07:51.0546 5372 Aha154x - ok

21:07:51.0562 5372 aic78u2 - ok

21:07:51.0562 5372 aic78xx - ok

21:07:51.0640 5372 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

21:07:51.0640 5372 Alerter - ok

21:07:51.0656 5372 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

21:07:51.0656 5372 ALG - ok

21:07:51.0671 5372 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

21:07:51.0671 5372 AliIde - ok

21:07:51.0671 5372 amsint - ok

21:07:51.0843 5372 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:07:51.0843 5372 Apple Mobile Device - ok

21:07:51.0875 5372 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

21:07:51.0875 5372 AppMgmt - ok

21:07:51.0968 5372 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

21:07:51.0968 5372 Arp1394 - ok

21:07:52.0078 5372 ASBroker (2eeda27c19259c2340324ef7180d086b) C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

21:07:52.0093 5372 ASBroker - ok

21:07:52.0093 5372 asc - ok

21:07:52.0109 5372 asc3350p - ok

21:07:52.0109 5372 asc3550 - ok

21:07:52.0140 5372 ASChannel (bb3c0521ecca4bb17ac55eb640df0fa5) C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll

21:07:52.0140 5372 ASChannel - ok

21:07:52.0265 5372 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

21:07:52.0343 5372 aspnet_state - ok

21:07:52.0375 5372 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:07:52.0375 5372 AsyncMac - ok

21:07:52.0390 5372 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

21:07:52.0390 5372 atapi - ok

21:07:52.0406 5372 Atdisk - ok

21:07:52.0421 5372 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:07:52.0437 5372 Atmarpc - ok

21:07:52.0500 5372 ATSWPDRV (293e8cc3c246a89f4cca75b024ad757f) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys

21:07:52.0500 5372 ATSWPDRV - ok

21:07:52.0546 5372 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

21:07:52.0546 5372 AudioSrv - ok

21:07:52.0562 5372 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

21:07:52.0562 5372 audstub - ok

21:07:52.0593 5372 Avgfwdx (8be661c16fbf84a73bcec84b6b4a9db5) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

21:07:52.0593 5372 Avgfwdx - ok

21:07:52.0593 5372 Avgfwfd (8be661c16fbf84a73bcec84b6b4a9db5) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

21:07:52.0609 5372 Avgfwfd - ok

21:07:52.0937 5372 avgfws (c0b5a964c1c329ed19e5a4b6e49ea1fe) C:\Program Files\AVG\AVG2012\avgfws.exe

21:07:53.0156 5372 avgfws - ok

21:07:53.0484 5372 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files\AVG\AVG2012\avgidsagent.exe

21:07:53.0734 5372 AVGIDSAgent - ok

21:07:53.0875 5372 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys

21:07:53.0875 5372 AVGIDSDriver - ok

21:07:53.0890 5372 AVGIDSEH (f4050c31e6a83cf1e4cdc80d165f7f08) C:\WINDOWS\system32\DRIVERS\avgidsehx.sys

21:07:53.0890 5372 AVGIDSEH - ok

21:07:53.0906 5372 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys

21:07:53.0906 5372 AVGIDSFilter - ok

21:07:53.0953 5372 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys

21:07:53.0953 5372 AVGIDSShim - ok

21:07:54.0015 5372 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

21:07:54.0015 5372 Avgldx86 - ok

21:07:54.0031 5372 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

21:07:54.0031 5372 Avgmfx86 - ok

21:07:54.0046 5372 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

21:07:54.0046 5372 Avgrkx86 - ok

21:07:54.0062 5372 Avgtdix (b2fc9d4de6a2e57a4dfb5a11440c5b85) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

21:07:54.0078 5372 Avgtdix - ok

21:07:54.0187 5372 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

21:07:54.0187 5372 avgwd - ok

21:07:54.0218 5372 b57w2k (74a65415dfaad20f06e7550fa9b6e012) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

21:07:54.0218 5372 b57w2k - ok

21:07:54.0250 5372 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

21:07:54.0281 5372 Beep - ok

21:07:54.0328 5372 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

21:07:54.0359 5372 BITS - ok

21:07:54.0453 5372 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

21:07:54.0453 5372 Bonjour Service - ok

21:07:54.0484 5372 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

21:07:54.0500 5372 Browser - ok

21:07:54.0578 5372 BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

21:07:54.0578 5372 BTKRNL - ok

21:07:54.0656 5372 btwdins (0ece2b1910527ae85691151d56621891) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

21:07:54.0656 5372 btwdins - ok

21:07:54.0703 5372 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys

21:07:54.0703 5372 BTWUSB - ok

21:07:54.0718 5372 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

21:07:54.0750 5372 cbidf2k - ok

21:07:54.0796 5372 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

21:07:54.0796 5372 CCDECODE - ok

21:07:54.0796 5372 cd20xrnt - ok

21:07:54.0828 5372 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

21:07:54.0843 5372 Cdaudio - ok

21:07:54.0875 5372 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

21:07:54.0875 5372 Cdfs - ok

21:07:54.0906 5372 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:07:54.0906 5372 Cdrom - ok

21:07:54.0906 5372 Changer - ok

21:07:54.0953 5372 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

21:07:54.0953 5372 CiSvc - ok

21:07:54.0984 5372 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

21:07:54.0984 5372 ClipSrv - ok

21:07:55.0062 5372 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:07:55.0140 5372 clr_optimization_v2.0.50727_32 - ok

21:07:55.0171 5372 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

21:07:55.0171 5372 CmBatt - ok

21:07:55.0187 5372 CmdIde - ok

21:07:55.0218 5372 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

21:07:55.0218 5372 Compbatt - ok

21:07:55.0234 5372 COMSysApp - ok

21:07:55.0250 5372 Cpqarray - ok

21:07:55.0265 5372 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

21:07:55.0265 5372 CryptSvc - ok

21:07:55.0281 5372 dac2w2k - ok

21:07:55.0281 5372 dac960nt - ok

21:07:55.0328 5372 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

21:07:55.0343 5372 DcomLaunch - ok

21:07:55.0343 5372 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

21:07:55.0359 5372 Dhcp - ok

21:07:55.0359 5372 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

21:07:55.0375 5372 Disk - ok

21:07:55.0375 5372 dmadmin - ok

21:07:55.0406 5372 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

21:07:55.0421 5372 dmboot - ok

21:07:55.0453 5372 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

21:07:55.0453 5372 dmio - ok

21:07:55.0468 5372 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

21:07:55.0468 5372 dmload - ok

21:07:55.0500 5372 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

21:07:55.0500 5372 dmserver - ok

21:07:55.0531 5372 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

21:07:55.0531 5372 DMusic - ok

21:07:55.0562 5372 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

21:07:55.0562 5372 Dnscache - ok

21:07:55.0593 5372 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

21:07:55.0609 5372 Dot3svc - ok

21:07:55.0609 5372 dpti2o - ok

21:07:55.0640 5372 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

21:07:55.0640 5372 drmkaud - ok

21:07:55.0656 5372 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys

21:07:55.0656 5372 eabfiltr - ok

21:07:55.0687 5372 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

21:07:55.0703 5372 EapHost - ok

21:07:55.0734 5372 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

21:07:55.0734 5372 ERSvc - ok

21:07:55.0765 5372 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

21:07:55.0781 5372 Eventlog - ok

21:07:55.0812 5372 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

21:07:55.0828 5372 EventSystem - ok

21:07:55.0843 5372 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

21:07:55.0843 5372 Fastfat - ok

21:07:55.0875 5372 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

21:07:55.0890 5372 FastUserSwitchingCompatibility - ok

21:07:55.0921 5372 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

21:07:55.0921 5372 Fdc - ok

21:07:55.0953 5372 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

21:07:56.0000 5372 Fips - ok

21:07:56.0031 5372 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

21:07:56.0046 5372 Flpydisk - ok

21:07:56.0062 5372 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

21:07:56.0062 5372 FltMgr - ok

21:07:56.0171 5372 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

21:07:56.0171 5372 FontCache3.0.0.0 - ok

21:07:56.0203 5372 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:07:56.0234 5372 Fs_Rec - ok

21:07:56.0250 5372 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:07:56.0250 5372 Ftdisk - ok

21:07:56.0281 5372 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

21:07:56.0296 5372 GEARAspiWDM - ok

21:07:56.0328 5372 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:07:56.0328 5372 Gpc - ok

21:07:56.0421 5372 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

21:07:56.0421 5372 gupdate - ok

21:07:56.0421 5372 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

21:07:56.0421 5372 gupdatem - ok

21:07:56.0468 5372 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

21:07:56.0468 5372 gusvc - ok

21:07:56.0500 5372 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

21:07:56.0500 5372 HBtnKey - ok

21:07:56.0531 5372 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

21:07:56.0531 5372 HDAudBus - ok

21:07:56.0609 5372 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

21:07:56.0609 5372 helpsvc - ok

21:07:56.0609 5372 HidServ - ok

21:07:56.0671 5372 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:07:56.0687 5372 HidUsb - ok

21:07:56.0718 5372 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

21:07:56.0718 5372 hkmsvc - ok

21:07:56.0750 5372 hpdskflt (5953c0952e4dd2b25b9adef05ab0285c) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys

21:07:56.0750 5372 hpdskflt - ok

21:07:56.0843 5372 HpFkCryptService (fac83c27d09da59e9687b33bc100cf67) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

21:07:56.0843 5372 HpFkCryptService - ok

21:07:56.0859 5372 hpn - ok

21:07:56.0890 5372 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

21:07:56.0906 5372 hpqwmiex - ok

21:07:56.0937 5372 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

21:07:56.0937 5372 HTTP - ok

21:07:56.0968 5372 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

21:07:56.0968 5372 HTTPFilter - ok

21:07:56.0968 5372 i2omgmt - ok

21:07:56.0984 5372 i2omp - ok

21:07:57.0015 5372 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

21:07:57.0015 5372 i8042prt - ok

21:07:57.0171 5372 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

21:07:57.0281 5372 ialm - ok

21:07:57.0421 5372 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\DRIVERS\iaStor.sys

21:07:57.0421 5372 iaStor - ok

21:07:57.0531 5372 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

21:07:57.0531 5372 IDriverT - ok

21:07:57.0625 5372 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

21:07:57.0640 5372 idsvc - ok

21:07:57.0734 5372 IFXTPM (f67554da27d5b55efcb6c7cb4818fbfd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

21:07:57.0734 5372 IFXTPM - ok

21:07:57.0765 5372 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

21:07:57.0765 5372 Imapi - ok

21:07:57.0796 5372 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

21:07:57.0796 5372 ImapiService - ok

21:07:57.0796 5372 ini910u - ok

21:07:57.0843 5372 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

21:07:57.0843 5372 IntelIde - ok

21:07:57.0859 5372 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

21:07:57.0859 5372 intelppm - ok

21:07:57.0890 5372 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

21:07:57.0890 5372 Ip6Fw - ok

21:07:57.0906 5372 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:07:57.0906 5372 IpFilterDriver - ok

21:07:57.0921 5372 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:07:57.0937 5372 IpInIp - ok

21:07:57.0953 5372 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:07:57.0953 5372 IpNat - ok

21:07:58.0062 5372 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe

21:07:58.0078 5372 iPod Service - ok

21:07:58.0109 5372 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:07:58.0109 5372 IPSec - ok

21:07:58.0140 5372 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

21:07:58.0140 5372 IRENUM - ok

21:07:58.0156 5372 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:07:58.0156 5372 isapnp - ok

21:07:58.0265 5372 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

21:07:58.0265 5372 IviRegMgr - ok

21:07:58.0343 5372 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe

21:07:58.0343 5372 JavaQuickStarterService - ok

21:07:58.0359 5372 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:07:58.0375 5372 Kbdclass - ok

21:07:58.0390 5372 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:07:58.0390 5372 kbdhid - ok

21:07:58.0406 5372 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

21:07:58.0406 5372 kmixer - ok

21:07:58.0453 5372 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

21:07:58.0453 5372 KSecDD - ok

21:07:58.0484 5372 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

21:07:58.0484 5372 lanmanserver - ok

21:07:58.0515 5372 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

21:07:58.0515 5372 lanmanworkstation - ok

21:07:58.0531 5372 lbrtfdc - ok

21:07:58.0671 5372 LightScribeService (31d8b705dcd5f2366186e731f87c7a71) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

21:07:58.0671 5372 LightScribeService - ok

21:07:58.0718 5372 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

21:07:58.0718 5372 LmHosts - ok

21:07:58.0750 5372 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

21:07:58.0765 5372 Messenger - ok

21:07:58.0796 5372 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

21:07:58.0812 5372 mnmdd - ok

21:07:58.0843 5372 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

21:07:58.0843 5372 mnmsrvc - ok

21:07:58.0875 5372 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

21:07:58.0921 5372 Modem - ok

21:07:58.0937 5372 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:07:58.0937 5372 Mouclass - ok

21:07:58.0968 5372 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:07:58.0968 5372 mouhid - ok

21:07:59.0000 5372 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

21:07:59.0000 5372 MountMgr - ok

21:07:59.0031 5372 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys

21:07:59.0046 5372 MQAC - ok

21:07:59.0046 5372 mraid35x - ok

21:07:59.0078 5372 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:07:59.0078 5372 MRxDAV - ok

21:07:59.0109 5372 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:07:59.0125 5372 MRxSmb - ok

21:07:59.0156 5372 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

21:07:59.0156 5372 MSDTC - ok

21:07:59.0171 5372 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

21:07:59.0187 5372 Msfs - ok

21:07:59.0187 5372 MSIServer - ok

21:07:59.0218 5372 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:07:59.0218 5372 MSKSSRV - ok

21:07:59.0234 5372 MSMQ (e9b5f354ae80325283fd5c1c05217b01) C:\WINDOWS\system32\mqsvc.exe

21:07:59.0234 5372 MSMQ - ok

21:07:59.0250 5372 MSMQTriggers (10e6b9022b0a5c9c41e2da6aeae5d404) C:\WINDOWS\system32\mqtgsvc.exe

21:07:59.0250 5372 MSMQTriggers - ok

21:07:59.0250 5372 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:07:59.0265 5372 MSPCLOCK - ok

21:07:59.0281 5372 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

21:07:59.0281 5372 MSPQM - ok

21:07:59.0312 5372 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:07:59.0312 5372 mssmbios - ok

21:07:59.0343 5372 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

21:07:59.0343 5372 MSTEE - ok

21:07:59.0390 5372 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

21:07:59.0390 5372 Mup - ok

21:07:59.0421 5372 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

21:07:59.0421 5372 NABTSFEC - ok

21:07:59.0468 5372 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

21:07:59.0484 5372 napagent - ok

21:07:59.0531 5372 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

21:07:59.0531 5372 NDIS - ok

21:07:59.0562 5372 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

21:07:59.0562 5372 NdisIP - ok

21:07:59.0609 5372 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:07:59.0625 5372 NdisTapi - ok

21:07:59.0656 5372 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:07:59.0656 5372 Ndisuio - ok

21:07:59.0671 5372 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:07:59.0671 5372 NdisWan - ok

21:07:59.0703 5372 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

21:07:59.0703 5372 NDProxy - ok

21:07:59.0718 5372 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

21:07:59.0718 5372 NetBIOS - ok

21:07:59.0734 5372 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

21:07:59.0734 5372 NetBT - ok

21:07:59.0765 5372 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

21:07:59.0781 5372 NetDDE - ok

21:07:59.0781 5372 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

21:07:59.0781 5372 NetDDEdsdm - ok

21:07:59.0812 5372 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:07:59.0812 5372 Netlogon - ok

21:07:59.0843 5372 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

21:07:59.0843 5372 Netman - ok

21:07:59.0937 5372 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:07:59.0937 5372 NetTcpPortSharing - ok

21:08:00.0046 5372 NETw4x32 (12b0d99865434387f784268b70e23360) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

21:08:00.0078 5372 NETw4x32 - ok

21:08:00.0234 5372 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

21:08:00.0234 5372 NIC1394 - ok

21:08:00.0281 5372 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

21:08:00.0281 5372 Nla - ok

21:08:00.0312 5372 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

21:08:00.0312 5372 Npfs - ok

21:08:00.0328 5372 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

21:08:00.0343 5372 Ntfs - ok

21:08:00.0375 5372 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:08:00.0375 5372 NtLmSsp - ok

21:08:00.0421 5372 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

21:08:00.0421 5372 NtmsSvc - ok

21:08:00.0453 5372 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

21:08:00.0468 5372 Null - ok

21:08:00.0500 5372 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:08:00.0500 5372 NwlnkFlt - ok

21:08:00.0515 5372 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:08:00.0515 5372 NwlnkFwd - ok

21:08:00.0562 5372 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

21:08:00.0562 5372 ohci1394 - ok

21:08:00.0687 5372 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:08:00.0703 5372 ose - ok

21:08:00.0734 5372 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

21:08:00.0734 5372 Parport - ok

21:08:00.0734 5372 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

21:08:00.0734 5372 PartMgr - ok

21:08:00.0765 5372 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

21:08:00.0781 5372 ParVdm - ok

21:08:00.0843 5372 PCA (5eeb45f500e3e97153cb75723f8ca185) C:\WINDOWS\SMINST\PCAngel.exe

21:08:00.0859 5372 PCA - ok

21:08:00.0890 5372 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

21:08:00.0890 5372 PCI - ok

21:08:00.0890 5372 PCIDump - ok

21:08:00.0906 5372 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

21:08:00.0906 5372 PCIIde - ok

21:08:00.0921 5372 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

21:08:00.0921 5372 Pcmcia - ok

21:08:00.0921 5372 PDCOMP - ok

21:08:00.0937 5372 PDFRAME - ok

21:08:00.0953 5372 PDRELI - ok

21:08:00.0953 5372 PDRFRAME - ok

21:08:00.0968 5372 perc2 - ok

21:08:00.0984 5372 perc2hib - ok

21:08:01.0015 5372 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

21:08:01.0015 5372 PlugPlay - ok

21:08:01.0046 5372 Pml Driver HPZ12 (3cecda26586ca4db9be51241a6db7c3c) C:\WINDOWS\system32\HPZipm12.dll

21:08:01.0046 5372 Pml Driver HPZ12 - ok

21:08:01.0078 5372 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:08:01.0078 5372 PolicyAgent - ok

21:08:01.0109 5372 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:08:01.0109 5372 PptpMiniport - ok

21:08:01.0109 5372 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:08:01.0125 5372 ProtectedStorage - ok

21:08:01.0125 5372 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

21:08:01.0125 5372 PSched - ok

21:08:01.0140 5372 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:08:01.0140 5372 Ptilink - ok

21:08:01.0156 5372 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys

21:08:01.0156 5372 PxHelp20 - ok

21:08:01.0187 5372 ql1080 - ok

21:08:01.0203 5372 Ql10wnt - ok

21:08:01.0203 5372 ql12160 - ok

21:08:01.0218 5372 ql1240 - ok

21:08:01.0234 5372 ql1280 - ok

21:08:01.0265 5372 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:08:01.0265 5372 RasAcd - ok

21:08:01.0296 5372 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

21:08:01.0296 5372 RasAuto - ok

21:08:01.0312 5372 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

21:08:01.0312 5372 Rasirda - ok

21:08:01.0343 5372 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:08:01.0343 5372 Rasl2tp - ok

21:08:01.0390 5372 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

21:08:01.0406 5372 RasMan - ok

21:08:01.0421 5372 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:08:01.0421 5372 RasPppoe - ok

21:08:01.0437 5372 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

21:08:01.0437 5372 Raspti - ok

21:08:01.0484 5372 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:08:01.0484 5372 Rdbss - ok

21:08:01.0484 5372 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:08:01.0484 5372 RDPCDD - ok

21:08:01.0500 5372 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

21:08:01.0515 5372 rdpdr - ok

21:08:01.0546 5372 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

21:08:01.0546 5372 RDPWD - ok

21:08:01.0578 5372 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

21:08:01.0593 5372 RDSessMgr - ok

21:08:01.0625 5372 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

21:08:01.0625 5372 redbook - ok

21:08:01.0656 5372 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

21:08:01.0656 5372 RemoteAccess - ok

21:08:01.0703 5372 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

21:08:01.0703 5372 RemoteRegistry - ok

21:08:01.0734 5372 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys

21:08:01.0734 5372 RMCAST - ok

21:08:01.0890 5372 RoxMediaDB9 (ad1411a7ea50f2f97a73a3f51153066e) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

21:08:01.0921 5372 RoxMediaDB9 - ok

21:08:02.0015 5372 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

21:08:02.0015 5372 RpcLocator - ok

21:08:02.0062 5372 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

21:08:02.0062 5372 RpcSs - ok

21:08:02.0140 5372 RsvLock (0de27c94a562d0360fb520c42068cca0) C:\WINDOWS\system32\drivers\RsvLock.sys

21:08:02.0375 5372 RsvLock - ok

21:08:02.0484 5372 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

21:08:02.0484 5372 RSVP - ok

21:08:02.0546 5372 SafeBoot (4ccee8fcfe54262443bb348adb1f7f52) C:\WINDOWS\system32\drivers\SafeBoot.sys

21:08:02.0546 5372 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\SafeBoot.sys. md5: 4ccee8fcfe54262443bb348adb1f7f52

21:08:02.0562 5372 SafeBoot ( LockedFile.Multi.Generic ) - warning

21:08:02.0562 5372 SafeBoot - detected LockedFile.Multi.Generic (1)

21:08:02.0593 5372 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:08:02.0593 5372 SamSs - ok

21:08:02.0593 5372 SbAlg (f6367fb350f8e5d3f6dd8040e4c0e33b) C:\WINDOWS\system32\drivers\SbAlg.sys

21:08:02.0593 5372 SbAlg - ok

21:08:02.0609 5372 SbFsLock (df4a90b29b878e8cd95a1ac8f94ca954) C:\WINDOWS\system32\drivers\SbFsLock.sys

21:08:02.0609 5372 SbFsLock - ok

21:08:02.0640 5372 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

21:08:02.0640 5372 SCardSvr - ok

21:08:02.0671 5372 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

21:08:02.0687 5372 Schedule - ok

21:08:02.0718 5372 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:08:02.0718 5372 Secdrv - ok

21:08:02.0750 5372 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

21:08:02.0750 5372 seclogon - ok

21:08:02.0765 5372 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

21:08:02.0765 5372 SENS - ok

21:08:02.0781 5372 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

21:08:02.0781 5372 serenum - ok

21:08:02.0796 5372 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

21:08:02.0796 5372 Serial - ok

21:08:02.0843 5372 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

21:08:02.0890 5372 Sfloppy - ok

21:08:02.0937 5372 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

21:08:02.0953 5372 SharedAccess - ok

21:08:02.0984 5372 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

21:08:02.0984 5372 ShellHWDetection - ok

21:08:03.0031 5372 Simbad - ok

21:08:03.0062 5372 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

21:08:03.0062 5372 SLIP - ok

21:08:03.0093 5372 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys

21:08:03.0093 5372 SMCIRDA - ok

21:08:03.0093 5372 Sparrow - ok

21:08:03.0140 5372 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

21:08:03.0140 5372 splitter - ok

21:08:03.0171 5372 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

21:08:03.0171 5372 Spooler - ok

21:08:03.0203 5372 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

21:08:03.0203 5372 sr - ok

21:08:03.0234 5372 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

21:08:03.0234 5372 srservice - ok

21:08:03.0265 5372 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

21:08:03.0265 5372 Srv - ok

21:08:03.0296 5372 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

21:08:03.0296 5372 SSDPSRV - ok

21:08:03.0328 5372 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

21:08:03.0343 5372 stisvc - ok

21:08:03.0453 5372 stllssvr (b254b1434208f280edf3785613dcc41b) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

21:08:03.0453 5372 stllssvr - ok

21:08:03.0484 5372 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

21:08:03.0484 5372 streamip - ok

21:08:03.0515 5372 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

21:08:03.0515 5372 swenum - ok

21:08:03.0531 5372 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

21:08:03.0531 5372 swmidi - ok

21:08:03.0546 5372 SwPrv - ok

21:08:03.0562 5372 symc810 - ok

21:08:03.0562 5372 symc8xx - ok

21:08:03.0578 5372 sym_hi - ok

21:08:03.0593 5372 sym_u3 - ok

21:08:03.0625 5372 SynTP (5876072999220ef2fba1ddec86d2b97e) C:\WINDOWS\system32\DRIVERS\SynTP.sys

21:08:03.0625 5372 SynTP - ok

21:08:03.0656 5372 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

21:08:03.0656 5372 sysaudio - ok

21:08:03.0734 5372 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

21:08:03.0750 5372 SysmonLog - ok

21:08:03.0796 5372 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

21:08:03.0796 5372 TapiSrv - ok

21:08:03.0843 5372 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:08:03.0843 5372 Tcpip - ok

21:08:03.0859 5372 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

21:08:03.0921 5372 TDPIPE - ok

21:08:03.0953 5372 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

21:08:03.0953 5372 TDTCP - ok

21:08:03.0968 5372 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

21:08:03.0968 5372 TermDD - ok

21:08:04.0015 5372 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

21:08:04.0015 5372 TermService - ok

21:08:04.0062 5372 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

21:08:04.0062 5372 Themes - ok

21:08:04.0109 5372 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

21:08:04.0109 5372 TlntSvr - ok

21:08:04.0218 5372 TomTomHOMEService (39bd95a9fe72aaf5c675ad146be456a9) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

21:08:04.0218 5372 TomTomHOMEService - ok

21:08:04.0250 5372 TosIde - ok

21:08:04.0296 5372 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

21:08:04.0296 5372 TrkWks - ok

21:08:04.0343 5372 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

21:08:04.0390 5372 Udfs - ok

21:08:04.0406 5372 ultra - ok

21:08:04.0453 5372 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

21:08:04.0468 5372 Update - ok

21:08:04.0484 5372 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

21:08:04.0484 5372 upnphost - ok

21:08:04.0500 5372 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

21:08:04.0500 5372 UPS - ok

21:08:04.0562 5372 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

21:08:04.0562 5372 USBAAPL - ok

21:08:04.0593 5372 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

21:08:04.0593 5372 usbaudio - ok

21:08:04.0625 5372 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:08:04.0625 5372 usbccgp - ok

21:08:04.0656 5372 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:08:04.0656 5372 usbehci - ok

21:08:04.0703 5372 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:08:04.0703 5372 usbhub - ok

21:08:04.0734 5372 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

21:08:04.0734 5372 usbscan - ok

21:08:04.0734 5372 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:08:04.0750 5372 USBSTOR - ok

21:08:04.0765 5372 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

21:08:04.0765 5372 usbuhci - ok

21:08:04.0796 5372 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

21:08:04.0796 5372 usbvideo - ok

21:08:04.0828 5372 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

21:08:04.0828 5372 VgaSave - ok

21:08:04.0843 5372 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

21:08:04.0843 5372 ViaIde - ok

21:08:04.0859 5372 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

21:08:04.0859 5372 VolSnap - ok

21:08:04.0906 5372 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

21:08:04.0906 5372 VSS - ok

21:08:04.0937 5372 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

21:08:04.0937 5372 W32Time - ok

21:08:04.0968 5372 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:08:04.0968 5372 Wanarp - ok

21:08:04.0984 5372 WDICA - ok

21:08:05.0015 5372 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

21:08:05.0015 5372 wdmaud - ok

21:08:05.0031 5372 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

21:08:05.0031 5372 WebClient - ok

21:08:05.0046 5372 whna2pe6.sys - ok

21:08:05.0125 5372 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

21:08:05.0125 5372 winmgmt - ok

21:08:05.0156 5372 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

21:08:05.0156 5372 WmdmPmSN - ok

21:08:05.0203 5372 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

21:08:05.0218 5372 Wmi - ok

21:08:05.0250 5372 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

21:08:05.0265 5372 WmiAcpi - ok

21:08:05.0343 5372 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

21:08:05.0343 5372 WmiApSrv - ok

21:08:05.0437 5372 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

21:08:05.0437 5372 WMPNetworkSvc - ok

21:08:05.0578 5372 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

21:08:05.0578 5372 WpdUsb - ok

21:08:05.0625 5372 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

21:08:05.0625 5372 wscsvc - ok

21:08:05.0656 5372 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

21:08:05.0656 5372 WSTCODEC - ok

21:08:05.0671 5372 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

21:08:05.0687 5372 wuauserv - ok

21:08:05.0703 5372 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

21:08:05.0718 5372 WudfPf - ok

21:08:05.0734 5372 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

21:08:05.0734 5372 WudfRd - ok

21:08:05.0765 5372 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

21:08:05.0765 5372 WudfSvc - ok

21:08:05.0812 5372 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

21:08:05.0828 5372 WZCSVC - ok

21:08:05.0843 5372 xcpip - ok

21:08:05.0875 5372 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

21:08:05.0875 5372 xmlprov - ok

21:08:05.0890 5372 xpsec - ok

21:08:05.0921 5372 MBR (0x1B8) (f99e04c61083c589f28f47e15e6e1385) \Device\Harddisk0\DR0

21:08:05.0921 5372 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected

21:08:05.0921 5372 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)

21:08:05.0921 5372 Boot (0x1200) (bea3524fc229d4155c40a88ef73453fb) \Device\Harddisk0\DR0\Partition0

21:08:05.0921 5372 \Device\Harddisk0\DR0\Partition0 - ok

21:08:05.0953 5372 Boot (0x1200) (70ed4414ba083724a840b25f17d637fe) \Device\Harddisk0\DR0\Partition1

21:08:05.0953 5372 \Device\Harddisk0\DR0\Partition1 - ok

21:08:05.0953 5372 ============================================================

21:08:05.0953 5372 Scan finished

21:08:05.0953 5372 ============================================================

21:08:05.0953 5216 Detected object count: 2

21:08:05.0953 5216 Actual detected object count: 2

21:10:37.0046 5216 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user

21:10:37.0046 5216 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip

21:10:37.0500 5216 \Device\Harddisk0\DR0\# - copied to quarantine

21:10:37.0500 5216 \Device\Harddisk0\DR0 - copied to quarantine

21:10:37.0500 5216 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot

21:10:37.0515 5216 \Device\Harddisk0\DR0 - ok

21:10:37.0515 5216 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure

[kape]

De PC even uitschakelen, terug opstarten en dan AVG laten scannen. Benieuwd wat die nu nog te vertellen heeft ?

[Renske31]

Hij is aan 't scannen, duurt nog wel even denk ik... Ik laat het weten! Moet ik daarna nog dingen verwijderen?

[kape]

Hij is aan 't scannen, duurt nog wel even denk ik... Ik laat het weten! Moet ik daarna nog dingen verwijderen?

Hangt van het resultaat af ... even afwachten op het scanresultaat ?