Ga naar inhoud

sooi832.bin - Eyestye.N.1039 ??

krisvd
 Delen

Aanbevolen berichten

krisvd Nieuweling

krisvd

Geplaatst:
Geplaatst:

beste,

Ik werk met Windows XP, geïnstalleerd op een bootcamp-partitie van een iMac.

Mijn virusscanner (Avira) komt mij melden dat ik besmet ben met de rootkit Eyestey.N.1039 (sooi832.bin)

Ik ben nu op zoek naar de beste manier om dit 'virus' te verwijderen.

Ik heb uw 'stappenplan bij vermoeden van infectie' uitgevoerd en dit zijn de resultaten :

- DDS : geen resultaat. Scan blijft hangen en moet pc 'hard' rebooten (3x geprobeerd)

- Malwarebytes : zie bijgevoegde log

- HiJackThis : zie bijgevoegde log

Kan u mij aanwijzingen geven over de te volgen procedure voor verwijdering van de rootkit ?

alvast 1000x bedankt !

kris

mbam-log-2012-05-05 (13-55-56).txt

hijackthis.log

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop ASKService

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete ASKService

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop ASKUpgrade

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete ASKUpgrade

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Verwijder Ask Toolbar of AskBarDis via Software (indien aanwezig) of verwijder anders volgende vetgedrukte map : C:\Program Files\AskBarDis

Download TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

Laat dan Malwarebytes opnieuw scannen en verwijder alle gevonden items.

Hang daarna de logjes van HijackThis, TDSS Killer en Malwarebytes in een nieuw bericht.

Link naar reactie
Delen op andere sites
krisvd Nieuweling

krisvd

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

beste,

(vervolg op mijn bericht van gisteren, met nieuwe logs)

heb gedaan wat u voorstelde in uw antwoord

- cmd's : uitgevoerd

- hijackthis : de 4 items laten fixen cfr log hijackthis_NaClean.log in bijlage

- dir C:\Program Files\AskBarDis verwijderd

- TDSSKiller.exe uitgevoerd. cfr TDSSKiller_voorClean.log in bijlage

- Malwarebytes uitgevoerd en alle items verwijderd cfr mbam-log-2012-05-06 (11-16-43)_clean.txt in bijlage

extra :

- nog eens Malwarebytes uitgevoerd cfr mbam-log-2012-05-06 (12-40-55) AfterCleanFullScan.txt

Na deze bewerkingen krijg ik (toevallig, of als gevolg van ?) een melding van Avira dat de pc besmet is met TR/Trah.gen (trojan). cfr image AviraAlert.jpg in bijlage

Ik heb Avira nog geen 'remove' laten doen

Wat kan ik nog doen om verlost te geraken van alle beestjes ?

Heeft u nog suggesties ?

mvg

kris

[ATTACH=CONFIG]18460[/ATTACH][ATTACH]18461[/ATTACH][ATTACH]18462[/ATTACH][ATTACH]18463[/ATTACH][ATTACH]18464[/ATTACH]

komen de bijlagen op deze manier tot bij u ?

Het lukt me niet om dat te doen zoals in het bericht van gisteren .. ?

---------- Post toegevoegd om 19:21 ---------- Vorige post was om 19:07 ----------

Voor alle veiligheid, de log's in plain txt :

HijackThis, na clean vd 4 items :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:29:16, on 6/05/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\system32\AppleOSSMgr.exe

C:\WINDOWS\system32\AppleTimeSrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Synology Data Replicator 3\SynoDrService.exe

C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\Synology\Assistant\UsbClientService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\TeamViewer\Version7\TeamViewer.exe

C:\WINDOWS\system32\IRW.exe

C:\Program Files\Boot Camp\KbdMgr.exe

C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Romain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

E:\Users\krisvandenbergh\XPInstall_Google Calendar Sync\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files\TeamViewer\Version7\tv_w32.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Romain\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN.be, Nieuws, sport en showbizz, 24/24, 7/7, meer dan 350 nieuwsupdates per dag

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.168\npchrome_frame.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iRW] C:\WINDOWS\system32\IRW.exe

O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe

O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"

O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Romain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Google Calendar Sync.lnk = E:\Users\krisvandenbergh\XPInstall_Google Calendar Sync\Google Calendar Sync\GoogleCalendarSync.exe

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.dexia.be

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx

O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx

O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} (ExtraFilm Uploader Control) - http://belgacom.extrafilm.be/ExtraFilmUploader6.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://whselfinvest.webex.com/client/T26L/webex/ieatgpc.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx

O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.168\npchrome_frame.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe

O23 - Service: Apple tijdvoorziening (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator 3\SynoDrService.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - E:\Users\krisvandenbergh\XPinstall_TVersity\Media Server\MediaServer.exe (file missing)

O23 - Service: UsbClientService - Unknown owner - C:\Program Files\Synology\Assistant\UsbClientService.exe

--

End of file - 12356 bytes

TDSSKiller.log :

10:59:25.0593 2544 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

10:59:25.0765 2544 ============================================================

10:59:25.0765 2544 Current date / time: 2012/05/06 10:59:25.0765

10:59:25.0765 2544 SystemInfo:

10:59:25.0765 2544

10:59:25.0765 2544 OS Version: 5.1.2600 ServicePack: 3.0

10:59:25.0765 2544 Product type: Workstation

10:59:25.0765 2544 ComputerName: MAC-XP

10:59:25.0765 2544 UserName: Romain

10:59:25.0765 2544 Windows directory: C:\WINDOWS

10:59:25.0765 2544 System windows directory: C:\WINDOWS

10:59:25.0765 2544 Processor architecture: Intel x86

10:59:25.0765 2544 Number of processors: 2

10:59:25.0765 2544 Page size: 0x1000

10:59:25.0765 2544 Boot type: Normal boot

10:59:25.0765 2544 ============================================================

10:59:26.0655 2544 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

10:59:26.0655 2544 ============================================================

10:59:26.0655 2544 \Device\Harddisk0\DR0:

10:59:26.0655 2544 GPT partitions:

10:59:26.0655 2544 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {000058EE-000F-0000-9E4A-00001F190000}, Name: EFI system partition, StartLBA 0x28, BlocksNum 0x64000

10:59:26.0655 2544 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {00000A6A-3560-0000-BA20-000098470000}, Name: Customer, StartLBA 0x64028, BlocksNum 0x213C0000

10:59:26.0655 2544 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {54DB0369-7708-4569-8626-2371AD4496D2}, Name: Untitled, StartLBA 0x21464028, BlocksNum 0x3FCAA60

10:59:26.0655 2544 MBR partitions:

10:59:26.0655 2544 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x21464028, BlocksNum 0x3FCAA60

10:59:26.0655 2544 ============================================================

10:59:26.0702 2544 C: <-> \Device\Harddisk0\DR0\Partition3

10:59:26.0702 2544 ============================================================

10:59:26.0702 2544 Initialize success

10:59:26.0702 2544 ============================================================

10:59:45.0968 2952 ============================================================

10:59:45.0968 2952 Scan started

10:59:45.0968 2952 Mode: Manual;

10:59:45.0968 2952 ============================================================

10:59:47.0108 2952 Abiosdsk - ok

10:59:47.0124 2952 abp480n5 - ok

10:59:47.0202 2952 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:59:47.0202 2952 ACPI - ok

10:59:47.0202 2952 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

10:59:47.0202 2952 ACPIEC - ok

10:59:47.0202 2952 adpu160m - ok

10:59:47.0249 2952 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:59:47.0249 2952 aec - ok

10:59:47.0265 2952 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

10:59:47.0265 2952 AFD - ok

10:59:47.0280 2952 Aha154x - ok

10:59:47.0280 2952 aic78u2 - ok

10:59:47.0280 2952 aic78xx - ok

10:59:47.0327 2952 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll

10:59:47.0327 2952 Alerter - ok

10:59:47.0358 2952 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe

10:59:47.0358 2952 ALG - ok

10:59:47.0358 2952 AliIde - ok

10:59:47.0374 2952 amsint - ok

10:59:47.0405 2952 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe

10:59:47.0405 2952 AntiVirSchedulerService - ok

10:59:47.0437 2952 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

10:59:47.0437 2952 AntiVirService - ok

10:59:47.0515 2952 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

10:59:47.0515 2952 Apple Mobile Device - ok

10:59:47.0593 2952 AppleOSSMgr (e1c456f933d27813b46ca4bb2071b947) C:\WINDOWS\system32\AppleOSSMgr.exe

10:59:47.0593 2952 AppleOSSMgr - ok

10:59:47.0608 2952 AppleTimeSrv (9c55d327a8a2a8234d43193adde2b5f0) C:\WINDOWS\system32\AppleTimeSrv.exe

10:59:47.0608 2952 AppleTimeSrv - ok

10:59:47.0624 2952 AppMgmt - ok

10:59:47.0671 2952 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

10:59:47.0671 2952 Arp1394 - ok

10:59:47.0687 2952 asc - ok

10:59:47.0718 2952 asc3350p - ok

10:59:47.0718 2952 asc3550 - ok

10:59:47.0858 2952 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

10:59:47.0858 2952 aspnet_state - ok

10:59:47.0890 2952 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:59:47.0890 2952 AsyncMac - ok

10:59:47.0905 2952 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

10:59:47.0905 2952 atapi - ok

10:59:47.0921 2952 Atdisk - ok

10:59:47.0983 2952 Ati HotKey Poller (8afb4aff8837254e6d14338b1b11e690) C:\WINDOWS\system32\Ati2evxx.exe

10:59:47.0983 2952 Ati HotKey Poller - ok

10:59:48.0030 2952 ATI Smart (4550c352086794ef6fbccb39f4a42c4e) C:\WINDOWS\system32\ati2sgag.exe

10:59:48.0046 2952 ATI Smart - ok

10:59:48.0155 2952 ati2mtag (d0c00ee032994b698b47837a3561717a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

10:59:48.0155 2952 ati2mtag - ok

10:59:48.0202 2952 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:59:48.0202 2952 Atmarpc - ok

10:59:48.0280 2952 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll

10:59:48.0280 2952 AudioSrv - ok

10:59:48.0296 2952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:59:48.0296 2952 audstub - ok

10:59:48.0327 2952 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

10:59:48.0327 2952 avgntflt - ok

10:59:48.0343 2952 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys

10:59:48.0343 2952 avipbb - ok

10:59:48.0343 2952 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

10:59:48.0358 2952 avkmgr - ok

10:59:48.0405 2952 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

10:59:48.0421 2952 BCM43XX - ok

10:59:48.0437 2952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:59:48.0437 2952 Beep - ok

10:59:48.0483 2952 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll

10:59:48.0483 2952 BITS - ok

10:59:48.0577 2952 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

10:59:48.0577 2952 Bonjour Service - ok

10:59:48.0640 2952 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll

10:59:48.0640 2952 Browser - ok

10:59:48.0671 2952 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

10:59:48.0671 2952 BthEnum - ok

10:59:48.0687 2952 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

10:59:48.0687 2952 BthPan - ok

10:59:48.0718 2952 BTHPORT (29ff6a865782d0f5b8e7fa1ffab4182b) C:\WINDOWS\system32\Drivers\BTHport.sys

10:59:48.0718 2952 BTHPORT - ok

10:59:48.0733 2952 BthServ (530494ef38b7eea798fac9b87ecd5284) C:\WINDOWS\System32\bthserv.dll

10:59:48.0733 2952 BthServ - ok

10:59:48.0749 2952 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

10:59:48.0749 2952 BTHUSB - ok

10:59:48.0765 2952 busenum (cec1dbed5ea31801cdeb12833234f139) C:\WINDOWS\system32\DRIVERS\busenum.sys

10:59:48.0765 2952 busenum - ok

10:59:48.0780 2952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:59:48.0780 2952 cbidf2k - ok

10:59:48.0796 2952 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

10:59:48.0796 2952 CCDECODE - ok

10:59:48.0812 2952 cd20xrnt - ok

10:59:48.0827 2952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:59:48.0827 2952 Cdaudio - ok

10:59:48.0858 2952 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:59:48.0858 2952 Cdfs - ok

10:59:48.0874 2952 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:59:48.0874 2952 Cdrom - ok

10:59:48.0874 2952 Changer - ok

10:59:48.0905 2952 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe

10:59:48.0905 2952 CiSvc - ok

10:59:48.0937 2952 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe

10:59:48.0937 2952 ClipSrv - ok

10:59:49.0015 2952 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:59:49.0015 2952 clr_optimization_v2.0.50727_32 - ok

10:59:49.0062 2952 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:59:49.0062 2952 clr_optimization_v4.0.30319_32 - ok

10:59:49.0062 2952 CmdIde - ok

10:59:49.0093 2952 COMSysApp - ok

10:59:49.0093 2952 Cpqarray - ok

10:59:49.0171 2952 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll

10:59:49.0171 2952 CryptSvc - ok

10:59:49.0171 2952 dac2w2k - ok

10:59:49.0171 2952 dac960nt - ok

10:59:49.0218 2952 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll

10:59:49.0218 2952 DcomLaunch - ok

10:59:49.0233 2952 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll

10:59:49.0233 2952 Dhcp - ok

10:59:49.0249 2952 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:59:49.0249 2952 Disk - ok

10:59:49.0265 2952 dmadmin - ok

10:59:49.0312 2952 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys

10:59:49.0312 2952 dmboot - ok

10:59:49.0327 2952 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys

10:59:49.0327 2952 dmio - ok

10:59:49.0343 2952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:59:49.0343 2952 dmload - ok

10:59:49.0374 2952 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll

10:59:49.0374 2952 dmserver - ok

10:59:49.0390 2952 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:59:49.0390 2952 DMusic - ok

10:59:49.0421 2952 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll

10:59:49.0421 2952 Dnscache - ok

10:59:49.0437 2952 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll

10:59:49.0452 2952 Dot3svc - ok

10:59:49.0452 2952 dpti2o - ok

10:59:49.0483 2952 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:59:49.0483 2952 drmkaud - ok

10:59:49.0577 2952 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll

10:59:49.0577 2952 EapHost - ok

10:59:49.0608 2952 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll

10:59:49.0624 2952 ERSvc - ok

10:59:49.0655 2952 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe

10:59:49.0655 2952 Eventlog - ok

10:59:49.0687 2952 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll

10:59:49.0702 2952 EventSystem - ok

10:59:49.0718 2952 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:59:49.0718 2952 Fastfat - ok

10:59:49.0749 2952 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

10:59:49.0749 2952 FastUserSwitchingCompatibility - ok

10:59:49.0796 2952 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

10:59:49.0796 2952 Fdc - ok

10:59:49.0827 2952 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys

10:59:49.0827 2952 Fips - ok

10:59:49.0827 2952 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

10:59:49.0827 2952 Flpydisk - ok

10:59:49.0843 2952 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

10:59:49.0843 2952 FltMgr - ok

10:59:49.0905 2952 FolderSize (7c2b319ef1f62837aad0cdd76f0b84c6) C:\Program Files\FolderSize\FolderSizeSvc.exe

10:59:49.0905 2952 FolderSize - ok

10:59:49.0999 2952 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

10:59:49.0999 2952 FontCache3.0.0.0 - ok

10:59:50.0015 2952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:59:50.0015 2952 Fs_Rec - ok

10:59:50.0093 2952 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:59:50.0093 2952 Ftdisk - ok

10:59:50.0108 2952 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

10:59:50.0108 2952 GEARAspiWDM - ok

10:59:50.0124 2952 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:59:50.0124 2952 Gpc - ok

10:59:50.0218 2952 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

10:59:50.0218 2952 gupdate - ok

10:59:50.0218 2952 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

10:59:50.0233 2952 gupdatem - ok

10:59:50.0280 2952 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

10:59:50.0280 2952 gusvc - ok

10:59:50.0296 2952 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

10:59:50.0296 2952 HDAudBus - ok

10:59:50.0343 2952 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

10:59:50.0343 2952 helpsvc - ok

10:59:50.0374 2952 HidBth (d8cc702bb02ad520c3379e7ecb009ae1) C:\WINDOWS\system32\DRIVERS\hidbth.sys

10:59:50.0374 2952 HidBth - ok

10:59:50.0390 2952 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll

10:59:50.0390 2952 HidServ - ok

10:59:50.0405 2952 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:59:50.0405 2952 hidusb - ok

10:59:50.0468 2952 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll

10:59:50.0483 2952 hkmsvc - ok

10:59:50.0483 2952 hpn - ok

10:59:50.0515 2952 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

10:59:50.0515 2952 HTTP - ok

10:59:50.0593 2952 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll

10:59:50.0593 2952 HTTPFilter - ok

10:59:50.0593 2952 i2omgmt - ok

10:59:50.0593 2952 i2omp - ok

10:59:50.0655 2952 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

10:59:50.0655 2952 idsvc - ok

10:59:50.0687 2952 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:59:50.0687 2952 Imapi - ok

10:59:50.0718 2952 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe

10:59:50.0718 2952 ImapiService - ok

10:59:50.0718 2952 ini910u - ok

10:59:50.0890 2952 IntcAzAudAddService (613a2b00da1d4a80de1ec8cfb52c0d89) C:\WINDOWS\system32\drivers\RtkHDAud.sys

10:59:50.0921 2952 IntcAzAudAddService - ok

10:59:50.0968 2952 IntelIde - ok

10:59:50.0999 2952 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys

10:59:50.0999 2952 intelppm - ok

10:59:51.0030 2952 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

10:59:51.0030 2952 Ip6Fw - ok

10:59:51.0062 2952 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:59:51.0062 2952 IpFilterDriver - ok

10:59:51.0077 2952 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:59:51.0077 2952 IpInIp - ok

10:59:51.0108 2952 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:59:51.0108 2952 IpNat - ok

10:59:51.0171 2952 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe

10:59:51.0171 2952 iPod Service - ok

10:59:51.0202 2952 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:59:51.0202 2952 IPSec - ok

10:59:51.0218 2952 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:59:51.0218 2952 IRENUM - ok

10:59:51.0249 2952 IRRemoteFlt (7baef646e550106b039849b72244a35a) C:\WINDOWS\system32\DRIVERS\IRFilter.sys

10:59:51.0249 2952 IRRemoteFlt - ok

10:59:51.0265 2952 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:59:51.0265 2952 isapnp - ok

10:59:51.0374 2952 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe

10:59:51.0374 2952 JavaQuickStarterService - ok

10:59:51.0390 2952 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:59:51.0390 2952 Kbdclass - ok

10:59:51.0405 2952 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

10:59:51.0405 2952 kbdhid - ok

10:59:51.0437 2952 KeyAgent (41ffd6cf9745c54fa2310cfec88ee5ed) C:\WINDOWS\system32\drivers\KeyAgent.sys

10:59:51.0437 2952 KeyAgent - ok

10:59:51.0452 2952 KeyMagic (f0135c184560c73aacd53ad07a9aa434) C:\WINDOWS\system32\DRIVERS\KeyMagic.sys

10:59:51.0452 2952 KeyMagic - ok

10:59:51.0483 2952 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:59:51.0483 2952 kmixer - ok

10:59:51.0499 2952 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

10:59:51.0499 2952 KSecDD - ok

10:59:51.0546 2952 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll

10:59:51.0546 2952 lanmanserver - ok

10:59:51.0577 2952 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll

10:59:51.0577 2952 lanmanworkstation - ok

10:59:51.0577 2952 lbrtfdc - ok

10:59:51.0608 2952 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll

10:59:51.0608 2952 LmHosts - ok

10:59:51.0671 2952 MacDriveService (3085e01e239b2875dfa538e6eb7d7ada) C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe

10:59:51.0671 2952 MacDriveService - ok

10:59:51.0687 2952 MacHALDriver (67817e31acb988465aafe7d51888002b) C:\WINDOWS\system32\drivers\MacHALDriver.sys

10:59:51.0687 2952 MacHALDriver - ok

10:59:51.0718 2952 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

10:59:51.0718 2952 MBAMProtector - ok

10:59:51.0780 2952 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

10:59:51.0780 2952 MBAMService - ok

10:59:51.0812 2952 MDFSYSNT (3f6542dbf1fcaa30cb6a42719a24bd71) C:\WINDOWS\system32\drivers\MDFSYSNT.sys

10:59:51.0812 2952 MDFSYSNT - ok

10:59:51.0812 2952 MDPMGRNT (71c3f8fa39c7409bca9099e44c19dd78) C:\WINDOWS\system32\drivers\MDPMGRNT.sys

10:59:51.0812 2952 MDPMGRNT - ok

10:59:51.0843 2952 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll

10:59:51.0858 2952 Messenger - ok

10:59:51.0921 2952 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

10:59:51.0921 2952 Microsoft Office Groove Audit Service - ok

10:59:51.0937 2952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:59:51.0937 2952 mnmdd - ok

10:59:51.0968 2952 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe

10:59:51.0968 2952 mnmsrvc - ok

10:59:51.0999 2952 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys

10:59:51.0999 2952 Modem - ok

10:59:52.0015 2952 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:59:52.0015 2952 Mouclass - ok

10:59:52.0046 2952 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:59:52.0046 2952 mouhid - ok

10:59:52.0062 2952 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:59:52.0077 2952 MountMgr - ok

10:59:52.0077 2952 mraid35x - ok

10:59:52.0077 2952 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:59:52.0077 2952 MRxDAV - ok

10:59:52.0108 2952 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:59:52.0108 2952 MRxSmb - ok

10:59:52.0171 2952 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe

10:59:52.0171 2952 MSDTC - ok

10:59:52.0187 2952 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:59:52.0187 2952 Msfs - ok

10:59:52.0202 2952 MSIServer - ok

10:59:52.0218 2952 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:59:52.0218 2952 MSKSSRV - ok

10:59:52.0218 2952 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:59:52.0218 2952 MSPCLOCK - ok

10:59:52.0233 2952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:59:52.0233 2952 MSPQM - ok

10:59:52.0249 2952 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:59:52.0249 2952 mssmbios - ok

10:59:52.0249 2952 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

10:59:52.0249 2952 MSTEE - ok

10:59:52.0249 2952 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

10:59:52.0265 2952 Mup - ok

10:59:52.0280 2952 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

10:59:52.0280 2952 NABTSFEC - ok

10:59:52.0327 2952 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll

10:59:52.0343 2952 napagent - ok

10:59:52.0374 2952 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:59:52.0374 2952 NDIS - ok

10:59:52.0390 2952 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

10:59:52.0390 2952 NdisIP - ok

10:59:52.0405 2952 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:59:52.0405 2952 NdisTapi - ok

10:59:52.0437 2952 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:59:52.0452 2952 Ndisuio - ok

10:59:52.0452 2952 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:59:52.0452 2952 NdisWan - ok

10:59:52.0452 2952 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

10:59:52.0452 2952 NDProxy - ok

10:59:52.0593 2952 Nero BackItUp Scheduler 4.0 (c7f5c284b6f46fcaf6910ea4e644700b) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

10:59:52.0593 2952 Nero BackItUp Scheduler 4.0 - ok

10:59:52.0608 2952 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:59:52.0608 2952 NetBIOS - ok

10:59:52.0624 2952 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:59:52.0624 2952 NetBT - ok

10:59:52.0655 2952 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe

10:59:52.0671 2952 NetDDE - ok

10:59:52.0671 2952 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe

10:59:52.0671 2952 NetDDEdsdm - ok

10:59:52.0718 2952 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

10:59:52.0718 2952 Netlogon - ok

10:59:52.0796 2952 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll

10:59:52.0796 2952 Netman - ok

10:59:52.0890 2952 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

10:59:52.0890 2952 NetTcpPortSharing - ok

10:59:52.0905 2952 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

10:59:52.0905 2952 NIC1394 - ok

10:59:52.0999 2952 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll

10:59:52.0999 2952 Nla - ok

10:59:53.0015 2952 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

10:59:53.0015 2952 Npfs - ok

10:59:53.0046 2952 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

10:59:53.0062 2952 Ntfs - ok

10:59:53.0062 2952 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

10:59:53.0062 2952 NtLmSsp - ok

10:59:53.0124 2952 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll

10:59:53.0124 2952 NtmsSvc - ok

10:59:53.0140 2952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

10:59:53.0140 2952 Null - ok

10:59:53.0171 2952 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:59:53.0171 2952 NwlnkFlt - ok

10:59:53.0187 2952 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:59:53.0187 2952 NwlnkFwd - ok

10:59:53.0265 2952 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

10:59:53.0265 2952 odserv - ok

10:59:53.0280 2952 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

10:59:53.0280 2952 ohci1394 - ok

10:59:53.0327 2952 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:59:53.0327 2952 ose - ok

10:59:53.0358 2952 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys

10:59:53.0358 2952 Parport - ok

10:59:53.0358 2952 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

10:59:53.0358 2952 PartMgr - ok

10:59:53.0374 2952 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys

10:59:53.0390 2952 ParVdm - ok

10:59:53.0405 2952 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys

10:59:53.0405 2952 PCI - ok

10:59:53.0405 2952 PCIDump - ok

10:59:53.0405 2952 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys

10:59:53.0405 2952 PCIIde - ok

10:59:53.0437 2952 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys

10:59:53.0452 2952 Pcmcia - ok

10:59:53.0452 2952 PDCOMP - ok

10:59:53.0452 2952 PDFRAME - ok

10:59:53.0468 2952 PDRELI - ok

10:59:53.0468 2952 PDRFRAME - ok

10:59:53.0468 2952 perc2 - ok

10:59:53.0468 2952 perc2hib - ok

10:59:53.0515 2952 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe

10:59:53.0515 2952 PlugPlay - ok

10:59:53.0515 2952 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

10:59:53.0515 2952 PolicyAgent - ok

10:59:53.0530 2952 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:59:53.0530 2952 PptpMiniport - ok

10:59:53.0530 2952 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

10:59:53.0530 2952 ProtectedStorage - ok

10:59:53.0546 2952 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

10:59:53.0546 2952 PSched - ok

10:59:53.0546 2952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:59:53.0546 2952 Ptilink - ok

10:59:53.0546 2952 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

10:59:53.0546 2952 PxHelp20 - ok

10:59:53.0562 2952 ql1080 - ok

10:59:53.0562 2952 Ql10wnt - ok

10:59:53.0562 2952 ql12160 - ok

10:59:53.0562 2952 ql1240 - ok

10:59:53.0577 2952 ql1280 - ok

10:59:53.0577 2952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:59:53.0577 2952 RasAcd - ok

10:59:53.0608 2952 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll

10:59:53.0624 2952 RasAuto - ok

10:59:53.0640 2952 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:59:53.0640 2952 Rasl2tp - ok

10:59:53.0671 2952 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll

10:59:53.0671 2952 RasMan - ok

10:59:53.0687 2952 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:59:53.0687 2952 RasPppoe - ok

10:59:53.0687 2952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

10:59:53.0687 2952 Raspti - ok

10:59:53.0702 2952 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:59:53.0702 2952 Rdbss - ok

10:59:53.0718 2952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:59:53.0718 2952 RDPCDD - ok

10:59:53.0749 2952 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

10:59:53.0749 2952 RDPWD - ok

10:59:53.0796 2952 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe

10:59:53.0796 2952 RDSessMgr - ok

10:59:53.0812 2952 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys

10:59:53.0812 2952 redbook - ok

10:59:53.0858 2952 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll

10:59:53.0874 2952 RemoteAccess - ok

10:59:53.0890 2952 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

10:59:53.0905 2952 RFCOMM - ok

10:59:53.0921 2952 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe

10:59:53.0921 2952 RpcLocator - ok

10:59:53.0968 2952 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll

10:59:53.0968 2952 RpcSs - ok

10:59:53.0999 2952 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe

10:59:53.0999 2952 RSVP - ok

10:59:53.0999 2952 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

10:59:53.0999 2952 SamSs - ok

10:59:54.0015 2952 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe

10:59:54.0015 2952 SCardSvr - ok

10:59:54.0046 2952 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys

10:59:54.0046 2952 SCDEmu - ok

10:59:54.0093 2952 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll

10:59:54.0093 2952 Schedule - ok

10:59:54.0171 2952 ScsiAccess (54196cdac7e1d81d71c652e100b99e77) C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

10:59:54.0171 2952 ScsiAccess - ok

10:59:54.0202 2952 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:59:54.0202 2952 Secdrv - ok

10:59:54.0233 2952 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll

10:59:54.0233 2952 seclogon - ok

10:59:54.0249 2952 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll

10:59:54.0249 2952 SENS - ok

10:59:54.0296 2952 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys

10:59:54.0296 2952 Serial - ok

10:59:54.0358 2952 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

10:59:54.0358 2952 Sfloppy - ok

10:59:54.0405 2952 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll

10:59:54.0405 2952 SharedAccess - ok

10:59:54.0437 2952 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

10:59:54.0437 2952 ShellHWDetection - ok

10:59:54.0437 2952 Simbad - ok

10:59:54.0468 2952 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

10:59:54.0468 2952 SLIP - ok

10:59:54.0468 2952 Sparrow - ok

10:59:54.0499 2952 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

10:59:54.0499 2952 splitter - ok

10:59:54.0530 2952 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

10:59:54.0530 2952 Spooler - ok

10:59:54.0546 2952 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys

10:59:54.0546 2952 sr - ok

10:59:54.0577 2952 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll

10:59:54.0577 2952 srservice - ok

10:59:54.0593 2952 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

10:59:54.0593 2952 Srv - ok

10:59:54.0624 2952 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll

10:59:54.0624 2952 SSDPSRV - ok

10:59:54.0640 2952 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

10:59:54.0640 2952 ssmdrv - ok

10:59:54.0687 2952 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll

10:59:54.0702 2952 stisvc - ok

10:59:54.0718 2952 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

10:59:54.0718 2952 streamip - ok

10:59:54.0733 2952 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

10:59:54.0733 2952 swenum - ok

10:59:54.0765 2952 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

10:59:54.0765 2952 swmidi - ok

10:59:54.0796 2952 SwPrv - ok

10:59:54.0796 2952 symc810 - ok

10:59:54.0812 2952 symc8xx - ok

10:59:54.0812 2952 sym_hi - ok

10:59:54.0812 2952 sym_u3 - ok

10:59:54.0905 2952 SynoDrService (cf01636a8753af8c6b81f49a3404aa5d) C:\Program Files\Synology Data Replicator 3\SynoDrService.exe

10:59:54.0905 2952 SynoDrService - ok

10:59:54.0937 2952 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

10:59:54.0937 2952 sysaudio - ok

10:59:54.0952 2952 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe

10:59:54.0952 2952 SysmonLog - ok

10:59:54.0999 2952 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll

10:59:54.0999 2952 TapiSrv - ok

10:59:55.0030 2952 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:59:55.0030 2952 Tcpip - ok

10:59:55.0062 2952 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

10:59:55.0062 2952 TDPIPE - ok

10:59:55.0077 2952 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

10:59:55.0077 2952 TDTCP - ok

10:59:55.0233 2952 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

10:59:55.0249 2952 TeamViewer7 - ok

10:59:55.0343 2952 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

10:59:55.0343 2952 TermDD - ok

10:59:55.0421 2952 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll

10:59:55.0421 2952 TermService - ok

10:59:55.0452 2952 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

10:59:55.0452 2952 Themes - ok

10:59:55.0452 2952 TosIde - ok

10:59:55.0515 2952 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll

10:59:55.0515 2952 TrkWks - ok

10:59:55.0515 2952 TVersityMediaServer - ok

10:59:55.0546 2952 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

10:59:55.0546 2952 Udfs - ok

10:59:55.0546 2952 ultra - ok

10:59:55.0593 2952 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

10:59:55.0593 2952 Update - ok

10:59:55.0624 2952 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll

10:59:55.0624 2952 upnphost - ok

10:59:55.0655 2952 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe

10:59:55.0655 2952 UPS - ok

10:59:55.0687 2952 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys

10:59:55.0687 2952 USBAAPL - ok

10:59:55.0718 2952 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

10:59:55.0718 2952 usbccgp - ok

10:59:55.0827 2952 UsbClientService (6af12011c88c80920d0543616e107cff) C:\Program Files\Synology\Assistant\UsbClientService.exe

10:59:55.0827 2952 UsbClientService - ok

10:59:55.0858 2952 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:59:55.0858 2952 usbehci - ok

10:59:55.0905 2952 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:59:55.0905 2952 usbhub - ok

10:59:55.0905 2952 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

10:59:55.0905 2952 usbprint - ok

10:59:55.0983 2952 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

10:59:55.0983 2952 usbscan - ok

10:59:56.0093 2952 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:59:56.0093 2952 USBSTOR - ok

10:59:56.0171 2952 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:59:56.0171 2952 usbuhci - ok

10:59:56.0312 2952 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

10:59:56.0312 2952 usbvideo - ok

10:59:56.0343 2952 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

10:59:56.0358 2952 VgaSave - ok

10:59:56.0358 2952 ViaIde - ok

10:59:56.0421 2952 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys

10:59:56.0421 2952 VolSnap - ok

10:59:56.0468 2952 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe

10:59:56.0468 2952 VSS - ok

10:59:56.0499 2952 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll

10:59:56.0499 2952 W32Time - ok

10:59:56.0515 2952 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:59:56.0515 2952 Wanarp - ok

10:59:56.0546 2952 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

10:59:56.0546 2952 Wdf01000 - ok

10:59:56.0562 2952 WDICA - ok

10:59:56.0577 2952 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

10:59:56.0577 2952 wdmaud - ok

10:59:56.0593 2952 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll

10:59:56.0608 2952 WebClient - ok

10:59:56.0624 2952 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll

10:59:56.0624 2952 winmgmt - ok

10:59:56.0655 2952 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

10:59:56.0671 2952 WmdmPmSN - ok

10:59:56.0687 2952 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe

10:59:56.0687 2952 WmiApSrv - ok

10:59:56.0765 2952 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe

10:59:56.0780 2952 WMPNetworkSvc - ok

10:59:56.0937 2952 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

10:59:56.0952 2952 WPFFontCache_v0400 - ok

10:59:56.0999 2952 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll

10:59:56.0999 2952 wscsvc - ok

10:59:57.0046 2952 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

10:59:57.0046 2952 WSTCODEC - ok

10:59:57.0077 2952 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll

10:59:57.0093 2952 wuauserv - ok

10:59:57.0108 2952 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

10:59:57.0108 2952 WudfPf - ok

10:59:57.0140 2952 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

10:59:57.0140 2952 WudfRd - ok

10:59:57.0155 2952 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

10:59:57.0155 2952 WudfSvc - ok

10:59:57.0218 2952 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll

10:59:57.0218 2952 WZCSVC - ok

10:59:57.0265 2952 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll

10:59:57.0265 2952 xmlprov - ok

10:59:57.0296 2952 yukonwxp (f20fc720f74a2533d70cea1f4458f3c8) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

10:59:57.0296 2952 yukonwxp - ok

10:59:57.0343 2952 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0

10:59:57.0468 2952 \Device\Harddisk0\DR0 - ok

10:59:57.0468 2952 Boot (0x1200) (3bbc7c1c8f91845a58ff07219ee597d9) \Device\Harddisk0\DR0\Partition0

10:59:57.0468 2952 \Device\Harddisk0\DR0\Partition0 - ok

10:59:57.0515 2952 Boot (0x1200) (a2640e1d79cdf7cf2f9d6c99ff1380be) \Device\Harddisk0\DR0\Partition1

10:59:57.0515 2952 \Device\Harddisk0\DR0\Partition1 - ok

10:59:57.0515 2952 Boot (0x1200) (580caa2b8f6914568f8be558e1d06775) \Device\Harddisk0\DR0\Partition2

10:59:57.0515 2952 \Device\Harddisk0\DR0\Partition2 - ok

10:59:57.0546 2952 Boot (0x1200) (580caa2b8f6914568f8be558e1d06775) \Device\Harddisk0\DR0\Partition3

10:59:57.0546 2952 \Device\Harddisk0\DR0\Partition3 - ok

10:59:57.0562 2952 ============================================================

10:59:57.0562 2952 Scan finished

10:59:57.0562 2952 ============================================================

10:59:57.0608 2164 Detected object count: 0

10:59:57.0608 2164 Actual detected object count: 0

Malwarebytes, log van de clean van alle items :

Malwarebytes Anti-Malware (-evaluatieversie-) 1.61.0.1400

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: v2012.05.06.02

Windows XP Service Pack 3 x86 FAT32

Internet Explorer 8.0.6001.18702

Romain :: MAC-XP [administrator]

Realtime bescherming: Ingeschakeld

6/05/2012 11:16:43

mbam-log-2012-05-06 (11-16-43).txt

Scantype: Volledige scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 281027

Verstreken tijd: 1 uur/uren, 1 minuut/minuten, 35 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 1

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UJ7J2I3XZGVF8Y5D (Trojan.LameShield) -> Data: C:\sooi832.bin\CA0A49827DD.exe /q -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 1

C:\sooi832.bin (Trojan.SpyEyes) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 3

C:\sooi832.bin\CA0A49827DD.exe (Trojan.LameShield) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\WINDOWS\Temp\75939599757.exe (Trojan.LameShield) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\sooi832.bin\0305BD00445D70E (Trojan.SpyEyes) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

Malwarebytes, log van volledige re-scan, na de clean :

Malwarebytes Anti-Malware (-evaluatieversie-) 1.61.0.1400

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: v2012.05.06.02

Windows XP Service Pack 3 x86 FAT32

Internet Explorer 8.0.6001.18702

Romain :: MAC-XP [administrator]

Realtime bescherming: Ingeschakeld

6/05/2012 12:40:55

mbam-log-2012-05-06 (12-40-55).txt

Scantype: Volledige scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 280964

Verstreken tijd: 58 minuut/minuten, 11 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

aangepast door kape
dubbellogs verwijderd
Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Verwijder de map C:\sooi832.bin

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

  • Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
    Klik hier
    Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  • Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
    **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
  • Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

Link naar reactie
Delen op andere sites
krisvd Nieuweling

krisvd

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

PC Helpforum moderator bericht:

Beste krisvd,

we gaan verder in dit topic, want daar hoort het bij!

beste,

heb ondertussen gedaan wat u voorstelde, nl Combofix uitgevoerd.

Resultaat :

- melding : Boot partitie kan niet correct opgeteld worden

- scan start

- scan na 45 min nog niet beëindigd. Pc volledig geblokkeerd. Harde Restart gedaan

- Windows schijfcontrole start automatisch en meldt :

- fouten in map /combofix :

- meer dan één ncmd.com vermelding in map /combofix

- melding over kruiskoppeling in /combofix

- pc start vervolgens wel normaal op en ik kan schijnbaar ook normaal werken

Wat kan ik nog meer doen ?

THX

krisvd

aangepast door Kurtt
Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall (met spatie voor de /)

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download combofix opnieuw en probeer het nogmaals.

Link naar reactie
Delen op andere sites
krisvd Nieuweling

krisvd

Geplaatst:
  • Auteur
Geplaatst:

Beste,

gedaan wat u hier voorstelt, maar zelfde resultaat :

- melding : Boot partitie kan niet correct opgeteld worden

- scan start

- scan na 30 min nog niet beëindigd. Pc volledig geblokkeerd (muis reageert). Harde Restart gedaan

- Windows schijfcontrole start automatisch en meldt :

- fouten in allerlei mappen (applic data, ..)

- pc start vervolgens wel normaal op en ik kan schijnbaar ook normaal werken

Wat kan ik nog meer doen ?

THX

krisvd

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Doe eens een grondige schijfcontrole.

Met een tool van Seagate.

Om je harddisk op fouten te controleren kun je het volgende uitvoeren.

Je dient wel een andere werkende pc/laptop ter beschikking te hebben.

Download Seatools for DOS ISO image op een andere pc.

Brand de ISO als image op een lege cd.

Stel in je BIOS je cd/dvd-rom in als first boot device en leg de cd in je drive.

Start nu je pc/laptop op vanaf deze cd.

Als de tool is opgestart accepteer je de gebruikersovereenkomst en zie je een venster waarin je jou HD kunt selecteren.

Klik in de linker bovenhoek op Basic tests en in het keuze menu kies je voor Long test.

Wat geeft dit als resultaat?

Een handleiding voor het gebruik van Seatool for DOS vind je hier.

Met een tool van WD.

Download op de website van Western Digital WinDlg_124.zip

Het gedownloade bestand dien je uit te pakken met b.v. Winzip of WinRar.

In de uitgepakte map dubbelklik je op WinDlg.exe.

Als Windows Vista of Windows 7 gebruiker rechtsklik je op WinDlg.exe en kies Als administrator uitvoeren.

Zet een vinkje bij "I accept this License Agreement" en klik op Next.

Een venster opent waarin je harddisks worden weergegeven.

Rechtsklik op de gewenste harddisk en kies Run Diagnostics waarna volgend venster verschijnt.

diagnostics.png

Selecteer EXTENDED TEST en klik op Start.

Nu gaat deze tool je harddisk controleren, dit kan een hele tijd in beslag nemen

afhankelijk van de grootte van de harddisk.

Vermeld het resultaat van deze test in een volgende bericht.

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.