Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Detected TrojanDownloader:Win32/Adload.DA virus


  • Please log in to reply
8 replies to this topic

#1 mfgklein

mfgklein

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 03 August 2012 - 07:12 PM

Hi there,
a message came up in the solve PC issues flag stating remove Trojan: Win32/Adload.Da virus
Further, I've got the feeling that my systems (Win7 Pro, SP1, 64bit) slowed down during the last weeks.
McAfee VirusScan Enterprise + AntiSpyware Enterprise 8.8 (up to date) can't find any suspicious files.

Could you please provide me some support, would be great!!!

Huge thanks in advance

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:18 AM

Posted 03 August 2012 - 08:26 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 mfgklein

mfgklein
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 05 August 2012 - 04:54 PM

Dear narenxp,
thx a lot for your prompt answer.

Here the results of the analysis:

TDSSkiller
10:51:29.0502 8768 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
10:51:29.0762 8768 ============================================================
10:51:29.0762 8768 Current date / time: 2012/08/04 10:51:29.0762
10:51:29.0762 8768 SystemInfo:
10:51:29.0762 8768
10:51:29.0762 8768 OS Version: 6.1.7601 ServicePack: 1.0
10:51:29.0762 8768 Product type: Workstation
10:51:29.0762 8768 ComputerName: MFGKLEIN-HP
10:51:29.0762 8768 UserName: mfgklein
10:51:29.0762 8768 Windows directory: C:\Windows
10:51:29.0762 8768 System windows directory: C:\Windows
10:51:29.0762 8768 Running under WOW64
10:51:29.0762 8768 Processor architecture: Intel x64
10:51:29.0762 8768 Number of processors: 4
10:51:29.0762 8768 Page size: 0x1000
10:51:29.0762 8768 Boot type: Normal boot
10:51:29.0762 8768 ============================================================
10:51:30.0342 8768 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:51:30.0352 8768 ============================================================
10:51:30.0352 8768 \Device\Harddisk0\DR0:
10:51:30.0352 8768 MBR partitions:
10:51:30.0352 8768 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
10:51:30.0352 8768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23196800
10:51:30.0352 8768 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2322D000, BlocksNum 0x1E00000
10:51:30.0352 8768 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x2502D000, BlocksNum 0x3FD800
10:51:30.0352 8768 ============================================================
10:51:30.0372 8768 C: <-> \Device\Harddisk0\DR0\Partition1
10:51:30.0412 8768 D: <-> \Device\Harddisk0\DR0\Partition2
10:51:30.0422 8768 E: <-> \Device\Harddisk0\DR0\Partition3
10:51:30.0422 8768 ============================================================
10:51:30.0422 8768 Initialize success
10:51:30.0422 8768 ============================================================
10:52:03.0439 7116 ============================================================
10:52:03.0439 7116 Scan started
10:52:03.0439 7116 Mode: Manual; TDLFS;
10:52:03.0439 7116 ============================================================
10:52:03.0989 7116 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:52:03.0999 7116 1394ohci - ok
10:52:04.0149 7116 AAV UpdateService (7eeb488346fbfa3731276c3ee8a8fd9e) C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
10:52:04.0149 7116 AAV UpdateService - ok
10:52:04.0249 7116 ac.sharedstore (5e8efeb338deb1f485420b090fe6c85e) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
10:52:04.0259 7116 ac.sharedstore - ok
10:52:04.0299 7116 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
10:52:04.0369 7116 Accelerometer - ok
10:52:04.0459 7116 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:52:04.0469 7116 ACPI - ok
10:52:04.0509 7116 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:52:04.0569 7116 AcpiPmi - ok
10:52:04.0699 7116 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:52:04.0699 7116 AdobeARMservice - ok
10:52:04.0879 7116 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:52:04.0899 7116 AdobeFlashPlayerUpdateSvc - ok
10:52:04.0959 7116 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:52:04.0999 7116 adp94xx - ok
10:52:05.0029 7116 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:52:05.0059 7116 adpahci - ok
10:52:05.0089 7116 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:52:05.0109 7116 adpu320 - ok
10:52:05.0129 7116 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:52:05.0129 7116 AeLookupSvc - ok
10:52:05.0249 7116 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
10:52:05.0249 7116 AESTFilters - ok
10:52:05.0349 7116 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:52:05.0359 7116 AFD - ok
10:52:05.0419 7116 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
10:52:05.0419 7116 AgereModemAudio - ok
10:52:05.0499 7116 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
10:52:05.0549 7116 AgereSoftModem - ok
10:52:05.0579 7116 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:52:05.0589 7116 agp440 - ok
10:52:05.0609 7116 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:52:05.0619 7116 ALG - ok
10:52:05.0639 7116 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:52:05.0649 7116 aliide - ok
10:52:05.0659 7116 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:52:05.0659 7116 amdide - ok
10:52:05.0679 7116 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:52:05.0689 7116 AmdK8 - ok
10:52:05.0709 7116 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:52:05.0709 7116 AmdPPM - ok
10:52:05.0749 7116 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:52:05.0789 7116 amdsata - ok
10:52:05.0829 7116 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:52:05.0859 7116 amdsbs - ok
10:52:05.0879 7116 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:52:05.0879 7116 amdxata - ok
10:52:05.0919 7116 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:52:05.0969 7116 AppID - ok
10:52:05.0999 7116 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:52:06.0009 7116 AppIDSvc - ok
10:52:06.0029 7116 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:52:06.0029 7116 Appinfo - ok
10:52:06.0189 7116 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:52:06.0189 7116 Apple Mobile Device - ok
10:52:06.0239 7116 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
10:52:06.0259 7116 AppMgmt - ok
10:52:06.0289 7116 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:52:06.0289 7116 arc - ok
10:52:06.0309 7116 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:52:06.0319 7116 arcsas - ok
10:52:06.0349 7116 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:52:06.0349 7116 AsyncMac - ok
10:52:06.0389 7116 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:52:06.0389 7116 atapi - ok
10:52:06.0459 7116 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:52:06.0549 7116 AudioEndpointBuilder - ok
10:52:06.0559 7116 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:52:06.0559 7116 AudioSrv - ok
10:52:06.0609 7116 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:52:06.0649 7116 AxInstSV - ok
10:52:06.0709 7116 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:52:06.0749 7116 b06bdrv - ok
10:52:06.0789 7116 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:52:06.0809 7116 b57nd60a - ok
10:52:06.0859 7116 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:52:06.0869 7116 BDESVC - ok
10:52:06.0879 7116 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:52:06.0879 7116 Beep - ok
10:52:06.0959 7116 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:52:07.0049 7116 BFE - ok
10:52:07.0129 7116 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:52:07.0249 7116 BITS - ok
10:52:07.0309 7116 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:52:07.0319 7116 blbdrive - ok
10:52:07.0439 7116 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:52:07.0459 7116 Bonjour Service - ok
10:52:07.0489 7116 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:52:07.0499 7116 bowser - ok
10:52:07.0509 7116 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:52:07.0519 7116 BrFiltLo - ok
10:52:07.0539 7116 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:52:07.0549 7116 BrFiltUp - ok
10:52:07.0579 7116 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:52:07.0639 7116 Browser - ok
10:52:07.0669 7116 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:52:07.0699 7116 Brserid - ok
10:52:07.0709 7116 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:52:07.0719 7116 BrSerWdm - ok
10:52:07.0729 7116 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:52:07.0739 7116 BrUsbMdm - ok
10:52:07.0749 7116 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:52:07.0749 7116 BrUsbSer - ok
10:52:07.0789 7116 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
10:52:07.0799 7116 BthEnum - ok
10:52:07.0809 7116 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:52:07.0809 7116 BTHMODEM - ok
10:52:07.0869 7116 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
10:52:07.0879 7116 BthPan - ok
10:52:07.0919 7116 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
10:52:07.0969 7116 BTHPORT - ok
10:52:07.0999 7116 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:52:08.0009 7116 bthserv - ok
10:52:08.0029 7116 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
10:52:08.0079 7116 BTHUSB - ok
10:52:08.0119 7116 btwaudio (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
10:52:08.0200 7116 btwaudio - ok
10:52:08.0220 7116 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
10:52:08.0270 7116 btwavdt - ok
10:52:08.0400 7116 btwdins (31da517946ffe416442e864592548f8a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:52:08.0420 7116 btwdins - ok
10:52:08.0440 7116 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
10:52:08.0490 7116 btwl2cap - ok
10:52:08.0500 7116 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
10:52:08.0560 7116 btwrchid - ok
10:52:08.0600 7116 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:52:08.0610 7116 cdfs - ok
10:52:08.0660 7116 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:52:08.0760 7116 cdrom - ok
10:52:08.0810 7116 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:52:08.0840 7116 CertPropSvc - ok
10:52:08.0870 7116 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:52:08.0870 7116 circlass - ok
10:52:08.0930 7116 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:52:08.0930 7116 CLFS - ok
10:52:08.0990 7116 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:52:09.0000 7116 clr_optimization_v2.0.50727_32 - ok
10:52:09.0060 7116 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:52:09.0060 7116 clr_optimization_v2.0.50727_64 - ok
10:52:09.0170 7116 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:52:09.0180 7116 clr_optimization_v4.0.30319_32 - ok
10:52:09.0210 7116 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:52:09.0220 7116 clr_optimization_v4.0.30319_64 - ok
10:52:09.0240 7116 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:52:09.0250 7116 CmBatt - ok
10:52:09.0280 7116 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:52:09.0290 7116 cmdide - ok
10:52:09.0360 7116 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
10:52:09.0380 7116 CNG - ok
10:52:09.0560 7116 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
10:52:09.0570 7116 Com4QLBEx - ok
10:52:09.0590 7116 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:52:09.0590 7116 Compbatt - ok
10:52:09.0610 7116 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:52:09.0670 7116 CompositeBus - ok
10:52:09.0680 7116 COMSysApp - ok
10:52:09.0700 7116 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:52:09.0700 7116 crcdisk - ok
10:52:09.0770 7116 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:52:09.0770 7116 CryptSvc - ok
10:52:09.0820 7116 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
10:52:09.0910 7116 CSC - ok
10:52:09.0960 7116 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
10:52:09.0970 7116 CscService - ok
10:52:10.0020 7116 DAMDrv (a8ba4da23ac20bda23ca15234d42a3fa) C:\Windows\system32\DRIVERS\DAMDrv64.sys
10:52:10.0060 7116 DAMDrv - ok
10:52:10.0101 7116 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:52:10.0101 7116 DcomLaunch - ok
10:52:10.0281 7116 DEBridge (2a3d10142495c67b889e3e3fc1222531) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
10:52:10.0301 7116 DEBridge - ok
10:52:10.0341 7116 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:52:10.0371 7116 defragsvc - ok
10:52:10.0421 7116 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:52:10.0431 7116 DfsC - ok
10:52:10.0471 7116 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:52:10.0551 7116 Dhcp - ok
10:52:10.0601 7116 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:52:10.0601 7116 discache - ok
10:52:10.0631 7116 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:52:10.0641 7116 Disk - ok
10:52:10.0671 7116 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:52:10.0721 7116 Dnscache - ok
10:52:10.0741 7116 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:52:10.0801 7116 dot3svc - ok
10:52:10.0981 7116 DpHost (e0e65ed0985a28fb18128d6099e985c4) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
10:52:10.0981 7116 DpHost - ok
10:52:11.0021 7116 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:52:11.0061 7116 DPS - ok
10:52:11.0121 7116 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:52:11.0131 7116 drmkaud - ok
10:52:11.0161 7116 dsNcAdpt (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
10:52:11.0161 7116 dsNcAdpt - ok
10:52:11.0241 7116 dsNcService (60ae3d932bc594ff9cdc91f7cd2c2015) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
10:52:11.0271 7116 dsNcService - ok
10:52:11.0371 7116 DXGKrnl (209f1a92cb507b2c2eb9e28a1416590e) C:\Windows\System32\drivers\dxgkrnl.sys
10:52:11.0481 7116 DXGKrnl - ok
10:52:11.0531 7116 e1kexpress (324fcd2dd8a4229ddef3cc954ff12fa5) C:\Windows\system32\DRIVERS\e1k62x64.sys
10:52:11.0561 7116 e1kexpress - ok
10:52:11.0611 7116 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:52:11.0621 7116 EapHost - ok
10:52:11.0841 7116 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:52:11.0961 7116 ebdrv - ok
10:52:12.0081 7116 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:52:12.0081 7116 EFS - ok
10:52:12.0171 7116 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:52:12.0191 7116 ehRecvr - ok
10:52:12.0221 7116 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:52:12.0231 7116 ehSched - ok
10:52:12.0301 7116 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:52:12.0331 7116 elxstor - ok
10:52:12.0351 7116 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:52:12.0351 7116 ErrDev - ok
10:52:12.0411 7116 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:52:12.0421 7116 EventSystem - ok
10:52:12.0591 7116 EvtEng (7c1042cda4e7151e91f1e66a4d9118b0) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:52:12.0651 7116 EvtEng - ok
10:52:12.0801 7116 ewusbnet (23b79b19f49a037eba4a9a3bb03ed91d) C:\Windows\system32\DRIVERS\ewusbnet.sys
10:52:12.0881 7116 ewusbnet - ok
10:52:12.0931 7116 ew_hwusbdev (e2cbb821c7cae0ef8b56de28ed85c740) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
10:52:12.0991 7116 ew_hwusbdev - ok
10:52:13.0031 7116 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:52:13.0051 7116 exfat - ok
10:52:13.0081 7116 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:52:13.0091 7116 fastfat - ok
10:52:13.0171 7116 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:52:13.0181 7116 Fax - ok
10:52:13.0201 7116 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:52:13.0201 7116 fdc - ok
10:52:13.0241 7116 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:52:13.0241 7116 fdPHost - ok
10:52:13.0251 7116 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:52:13.0261 7116 FDResPub - ok
10:52:13.0281 7116 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:52:13.0291 7116 FileInfo - ok
10:52:13.0301 7116 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:52:13.0311 7116 Filetrace - ok
10:52:13.0421 7116 FLCDLOCK (3aa6cbe4d03b134a93e8b6f70615cb06) C:\Windows\SysWOW64\flcdlock.exe
10:52:13.0531 7116 FLCDLOCK - ok
10:52:13.0551 7116 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:52:13.0561 7116 flpydisk - ok
10:52:13.0591 7116 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:52:13.0601 7116 FltMgr - ok
10:52:13.0701 7116 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:52:13.0711 7116 FontCache - ok
10:52:13.0791 7116 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:52:13.0791 7116 FontCache3.0.0.0 - ok
10:52:13.0821 7116 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:52:13.0831 7116 FsDepends - ok
10:52:13.0871 7116 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:52:13.0931 7116 Fs_Rec - ok
10:52:13.0981 7116 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:52:13.0991 7116 fvevol - ok
10:52:14.0021 7116 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:52:14.0021 7116 gagp30kx - ok
10:52:14.0111 7116 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:52:14.0191 7116 GEARAspiWDM - ok
10:52:14.0251 7116 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:52:14.0311 7116 gpsvc - ok
10:52:14.0331 7116 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:52:14.0331 7116 hcw85cir - ok
10:52:14.0381 7116 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:52:14.0451 7116 HdAudAddService - ok
10:52:14.0481 7116 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:52:14.0481 7116 HDAudBus - ok
10:52:14.0531 7116 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
10:52:14.0591 7116 HECIx64 - ok
10:52:14.0601 7116 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:52:14.0611 7116 HidBatt - ok
10:52:14.0631 7116 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:52:14.0631 7116 HidBth - ok
10:52:14.0661 7116 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:52:14.0661 7116 HidIr - ok
10:52:14.0691 7116 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:52:14.0691 7116 hidserv - ok
10:52:14.0731 7116 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:52:14.0731 7116 HidUsb - ok
10:52:14.0761 7116 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:52:14.0811 7116 hkmsvc - ok
10:52:14.0861 7116 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:52:14.0861 7116 HomeGroupListener - ok
10:52:14.0901 7116 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:52:14.0901 7116 HomeGroupProvider - ok
10:52:15.0011 7116 HP Power Assistant Service (44ad1d87919994161131d5fb16c5b551) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
10:52:15.0011 7116 HP Power Assistant Service - ok
10:52:15.0131 7116 HP ProtectTools Service (657e81df0625198c97f91c09ae9611fc) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
10:52:15.0131 7116 HP ProtectTools Service - ok
10:52:15.0211 7116 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:52:15.0211 7116 HP Support Assistant Service - ok
10:52:15.0271 7116 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
10:52:15.0271 7116 HP Wireless Assistant Service - ok
10:52:15.0311 7116 HPDrvMntSvc.exe (02ce63d8dd5e6dd5ceff336191c0859e) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:52:15.0321 7116 HPDrvMntSvc.exe - ok
10:52:15.0361 7116 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
10:52:15.0371 7116 hpdskflt - ok
10:52:15.0461 7116 HpFkCryptService (d36d1b821ed5c5c2d540c6d0802a3476) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
10:52:15.0481 7116 HpFkCryptService - ok
10:52:15.0541 7116 HPFSService (e123b122d5217f724b1d2641010c9d3c) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
10:52:15.0551 7116 HPFSService - ok
10:52:15.0591 7116 HPMoA907 (8da866ff836db8c17a586ec40c8ce4f6) C:\Windows\system32\DRIVERS\HPMoA907.sys
10:52:15.0651 7116 HPMoA907 - ok
10:52:15.0701 7116 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:52:15.0771 7116 HpqKbFiltr - ok
10:52:15.0851 7116 hpqwmiex (e7c7829ba0395e48f8c8fe16b8832344) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:52:15.0861 7116 hpqwmiex - ok
10:52:15.0911 7116 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:52:15.0971 7116 HpSAMD - ok
10:52:15.0981 7116 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
10:52:15.0981 7116 hpsrv - ok
10:52:16.0001 7116 HPubA907 (868ab343616993628022741ecd0587b9) C:\Windows\system32\Drivers\HPubA907.sys
10:52:16.0051 7116 HPubA907 - ok
10:52:16.0132 7116 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:52:16.0152 7116 HTTP - ok
10:52:16.0192 7116 huawei_enumerator (08b1a06a55f068a17a51ba26618cf50f) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
10:52:16.0262 7116 huawei_enumerator - ok
10:52:16.0302 7116 hwdatacard (6e5cd3984742a922d0c183c7e82c3c94) C:\Windows\system32\DRIVERS\ewusbmdm.sys
10:52:16.0372 7116 hwdatacard - ok
10:52:16.0402 7116 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:52:16.0402 7116 hwpolicy - ok
10:52:16.0452 7116 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:52:16.0462 7116 i8042prt - ok
10:52:16.0592 7116 IAANTMON (593ef9f904c8497f6d794dc6fcc59dca) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:52:16.0612 7116 IAANTMON - ok
10:52:16.0682 7116 iaStor (c50107c730c9a955f6fd7376733f2d68) C:\Windows\system32\DRIVERS\iaStor.sys
10:52:16.0682 7116 iaStor - ok
10:52:16.0742 7116 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:52:16.0822 7116 iaStorV - ok
10:52:17.0012 7116 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:52:17.0072 7116 idsvc - ok
10:52:17.0252 7116 IFXSpMgtSrv (455fe9a193385ed81396322678f28c4c) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
10:52:17.0272 7116 IFXSpMgtSrv - ok
10:52:17.0342 7116 IFXTCS (59d8a7933ac75a2e2823ddd5da4a2182) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
10:52:17.0372 7116 IFXTCS - ok
10:52:17.0512 7116 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:52:17.0522 7116 iirsp - ok
10:52:17.0592 7116 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:52:17.0662 7116 IKEEXT - ok
10:52:17.0702 7116 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:52:17.0712 7116 intelide - ok
10:52:17.0732 7116 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:52:17.0732 7116 intelppm - ok
10:52:17.0772 7116 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:52:17.0772 7116 IPBusEnum - ok
10:52:17.0802 7116 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:52:17.0852 7116 IpFilterDriver - ok
10:52:17.0932 7116 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:52:17.0942 7116 iphlpsvc - ok
10:52:17.0962 7116 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:52:18.0022 7116 IPMIDRV - ok
10:52:18.0052 7116 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:52:18.0052 7116 IPNAT - ok
10:52:18.0202 7116 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
10:52:18.0232 7116 iPod Service - ok
10:52:18.0252 7116 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:52:18.0262 7116 IRENUM - ok
10:52:18.0282 7116 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:52:18.0282 7116 isapnp - ok
10:52:18.0312 7116 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:52:18.0402 7116 iScsiPrt - ok
10:52:18.0432 7116 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:52:18.0432 7116 kbdclass - ok
10:52:18.0462 7116 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:52:18.0492 7116 kbdhid - ok
10:52:18.0542 7116 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:52:18.0542 7116 KeyIso - ok
10:52:18.0602 7116 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
10:52:18.0602 7116 KSecDD - ok
10:52:18.0652 7116 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
10:52:18.0662 7116 KSecPkg - ok
10:52:18.0682 7116 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:52:18.0692 7116 ksthunk - ok
10:52:18.0732 7116 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:52:18.0762 7116 KtmRm - ok
10:52:18.0812 7116 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:52:18.0872 7116 LanmanServer - ok
10:52:18.0912 7116 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:52:18.0962 7116 LanmanWorkstation - ok
10:52:19.0052 7116 LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
10:52:19.0112 7116 LEqdUsb - ok
10:52:19.0162 7116 LHidEqd (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
10:52:19.0212 7116 LHidEqd - ok
10:52:19.0262 7116 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:52:19.0302 7116 LHidFilt - ok
10:52:19.0402 7116 LightScribeService (c34411a244029f1c08687f7c752c4563) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:52:19.0402 7116 LightScribeService - ok
10:52:19.0452 7116 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:52:19.0452 7116 lltdio - ok
10:52:19.0492 7116 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:52:19.0512 7116 lltdsvc - ok
10:52:19.0532 7116 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:52:19.0542 7116 lmhosts - ok
10:52:19.0592 7116 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:52:19.0642 7116 LMouFilt - ok
10:52:19.0732 7116 LMS (17a9c5ffa241aaab275ee5cacef77686) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:52:19.0742 7116 LMS - ok
10:52:19.0772 7116 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:52:19.0772 7116 LSI_FC - ok
10:52:19.0792 7116 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:52:19.0792 7116 LSI_SAS - ok
10:52:19.0812 7116 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:52:19.0822 7116 LSI_SAS2 - ok
10:52:19.0842 7116 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:52:19.0852 7116 LSI_SCSI - ok
10:52:19.0872 7116 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:52:19.0872 7116 luafv - ok
10:52:19.0962 7116 McAfeeFramework (062d80f13d762f7bc2f38430d60f5048) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
10:52:19.0962 7116 McAfeeFramework - ok
10:52:20.0092 7116 McShield (3243e462de3d307b8b1f85707be0cbfc) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
10:52:20.0092 7116 McShield - ok
10:52:20.0162 7116 McTaskManager (462eb5733c52471db574727b5d1f77e4) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
10:52:20.0162 7116 McTaskManager - ok
10:52:20.0192 7116 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:52:20.0262 7116 Mcx2Svc - ok
10:52:20.0302 7116 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:52:20.0302 7116 megasas - ok
10:52:20.0342 7116 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:52:20.0352 7116 MegaSR - ok
10:52:20.0412 7116 mfeapfk (a8010e2442349df1ede61258415406de) C:\Windows\system32\drivers\mfeapfk.sys
10:52:20.0412 7116 mfeapfk - ok
10:52:20.0462 7116 mfeavfk (0152dbef3ac1bfdcfeb67488fecffbf7) C:\Windows\system32\drivers\mfeavfk.sys
10:52:20.0572 7116 mfeavfk - ok
10:52:20.0612 7116 mfeavfk01 - ok
10:52:20.0712 7116 mfehidk (dd61b7472629163ac86c73ff5cb8c090) C:\Windows\system32\drivers\mfehidk.sys
10:52:20.0742 7116 mfehidk - ok
10:52:20.0792 7116 mferkdet (63af163f785600be49c35429adadceb2) C:\Windows\system32\drivers\mferkdet.sys
10:52:20.0872 7116 mferkdet - ok
10:52:20.0962 7116 mfevtp (832ff782c16081535956403c488a9391) C:\Windows\system32\mfevtps.exe
10:52:20.0962 7116 mfevtp - ok
10:52:21.0022 7116 mfewfpk (a07ae92232e9c1023d8011f5f48723c5) C:\Windows\system32\drivers\mfewfpk.sys
10:52:21.0042 7116 mfewfpk - ok
10:52:21.0183 7116 Microsoft SharePoint Workspace Audit Service - ok
10:52:21.0233 7116 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:52:21.0233 7116 MMCSS - ok
10:52:21.0253 7116 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:52:21.0263 7116 Modem - ok
10:52:21.0273 7116 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:52:21.0273 7116 monitor - ok
10:52:21.0303 7116 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:52:21.0313 7116 mouclass - ok
10:52:21.0343 7116 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:52:21.0343 7116 mouhid - ok
10:52:21.0383 7116 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:52:21.0383 7116 mountmgr - ok
10:52:21.0473 7116 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:52:21.0533 7116 MozillaMaintenance - ok
10:52:21.0563 7116 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:52:21.0603 7116 mpio - ok
10:52:21.0613 7116 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:52:21.0623 7116 mpsdrv - ok
10:52:21.0693 7116 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:52:21.0713 7116 MpsSvc - ok
10:52:21.0743 7116 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:52:21.0793 7116 MRxDAV - ok
10:52:21.0823 7116 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:52:21.0823 7116 mrxsmb - ok
10:52:21.0883 7116 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:52:21.0893 7116 mrxsmb10 - ok
10:52:21.0913 7116 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:52:21.0913 7116 mrxsmb20 - ok
10:52:21.0943 7116 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:52:21.0943 7116 msahci - ok
10:52:21.0963 7116 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:52:22.0003 7116 msdsm - ok
10:52:22.0043 7116 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:52:22.0063 7116 MSDTC - ok
10:52:22.0083 7116 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:52:22.0083 7116 Msfs - ok
10:52:22.0103 7116 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:52:22.0113 7116 mshidkmdf - ok
10:52:22.0133 7116 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:52:22.0143 7116 msisadrv - ok
10:52:22.0183 7116 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:52:22.0193 7116 MSiSCSI - ok
10:52:22.0203 7116 msiserver - ok
10:52:22.0233 7116 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:52:22.0233 7116 MSKSSRV - ok
10:52:22.0253 7116 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:52:22.0253 7116 MSPCLOCK - ok
10:52:22.0263 7116 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:52:22.0263 7116 MSPQM - ok
10:52:22.0303 7116 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:52:22.0323 7116 MsRPC - ok
10:52:22.0353 7116 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:52:22.0353 7116 mssmbios - ok
10:52:22.0373 7116 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:52:22.0373 7116 MSTEE - ok
10:52:22.0393 7116 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:52:22.0393 7116 MTConfig - ok
10:52:22.0423 7116 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:52:22.0423 7116 Mup - ok
10:52:22.0453 7116 mv2 (621c40398b1a0242acbcc2ba65c23a66) C:\Windows\system32\DRIVERS\mv2.sys
10:52:22.0463 7116 mv2 - ok
10:52:22.0503 7116 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:52:22.0523 7116 napagent - ok
10:52:22.0583 7116 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:52:22.0603 7116 NativeWifiP - ok
10:52:22.0693 7116 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:52:22.0743 7116 NDIS - ok
10:52:22.0753 7116 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:52:22.0763 7116 NdisCap - ok
10:52:22.0783 7116 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:52:22.0783 7116 NdisTapi - ok
10:52:22.0813 7116 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:52:22.0813 7116 Ndisuio - ok
10:52:22.0843 7116 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:52:22.0913 7116 NdisWan - ok
10:52:22.0953 7116 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:52:22.0983 7116 NDProxy - ok
10:52:23.0043 7116 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
10:52:23.0103 7116 Netaapl - ok
10:52:23.0123 7116 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:52:23.0123 7116 NetBIOS - ok
10:52:23.0163 7116 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:52:23.0163 7116 NetBT - ok
10:52:23.0203 7116 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:52:23.0203 7116 Netlogon - ok
10:52:23.0273 7116 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:52:23.0273 7116 Netman - ok
10:52:23.0313 7116 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:52:23.0313 7116 netprofm - ok
10:52:23.0403 7116 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:52:23.0413 7116 NetTcpPortSharing - ok
10:52:23.0963 7116 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
10:52:24.0113 7116 NETw5s64 - ok
10:52:24.0223 7116 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:52:24.0233 7116 nfrd960 - ok
10:52:24.0273 7116 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:52:24.0283 7116 NlaSvc - ok
10:52:24.0293 7116 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:52:24.0303 7116 Npfs - ok
10:52:24.0323 7116 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:52:24.0333 7116 nsi - ok
10:52:24.0343 7116 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:52:24.0343 7116 nsiproxy - ok
10:52:24.0473 7116 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:52:24.0513 7116 Ntfs - ok
10:52:24.0583 7116 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:52:24.0593 7116 Null - ok
10:52:24.0663 7116 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
10:52:24.0673 7116 NVHDA - ok
10:52:25.0593 7116 nvlddmkm (b6a61c77c5e065b0aa5c9394f4547082) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:52:25.0843 7116 nvlddmkm - ok
10:52:25.0933 7116 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:52:26.0023 7116 nvraid - ok
10:52:26.0063 7116 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:52:26.0153 7116 nvstor - ok
10:52:26.0283 7116 NVSvc (952d354cc735ace7a970e70620a88886) C:\Windows\system32\nvvsvc.exe
10:52:26.0303 7116 NVSvc - ok
10:52:26.0353 7116 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:52:26.0363 7116 nv_agp - ok
10:52:26.0383 7116 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:52:26.0383 7116 ohci1394 - ok
10:52:26.0513 7116 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:52:26.0603 7116 ose - ok
10:52:27.0143 7116 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:52:27.0253 7116 osppsvc - ok
10:52:27.0383 7116 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:52:27.0393 7116 p2pimsvc - ok
10:52:27.0433 7116 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:52:27.0443 7116 p2psvc - ok
10:52:27.0483 7116 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:52:27.0493 7116 Parport - ok
10:52:27.0543 7116 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:52:27.0553 7116 partmgr - ok
10:52:27.0573 7116 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:52:27.0593 7116 PcaSvc - ok
10:52:27.0633 7116 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
10:52:27.0723 7116 pccsmcfd - ok
10:52:27.0753 7116 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:52:27.0763 7116 pci - ok
10:52:27.0783 7116 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
10:52:27.0793 7116 pciide - ok
10:52:27.0823 7116 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:52:27.0833 7116 pcmcia - ok
10:52:27.0853 7116 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:52:27.0863 7116 pcw - ok
10:52:27.0923 7116 pdfcDispatcher - ok
10:52:28.0023 7116 PdiService (baf3216ddaa12e66ebbb31760e02bc14) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
10:52:28.0023 7116 PdiService - ok
10:52:28.0073 7116 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:52:28.0113 7116 PEAUTH - ok
10:52:28.0213 7116 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
10:52:28.0223 7116 PeerDistSvc - ok
10:52:28.0303 7116 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:52:28.0313 7116 PerfHost - ok
10:52:28.0423 7116 PersonalSecureDrive (5e0cca35392a8ee87c985b9cb021726b) C:\Windows\System32\drivers\psd.sys
10:52:28.0483 7116 PersonalSecureDrive - ok
10:52:28.0573 7116 PersonalSecureDriveService (01c1f728874baffb02c7daf682bfd562) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
10:52:28.0593 7116 PersonalSecureDriveService - ok
10:52:28.0703 7116 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:52:28.0813 7116 pla - ok
10:52:28.0873 7116 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:52:28.0913 7116 PlugPlay - ok
10:52:28.0943 7116 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:52:28.0953 7116 PNRPAutoReg - ok
10:52:28.0983 7116 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:52:28.0993 7116 PNRPsvc - ok
10:52:29.0043 7116 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:52:29.0123 7116 PolicyAgent - ok
10:52:29.0173 7116 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:52:29.0173 7116 Power - ok
10:52:29.0223 7116 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:52:29.0283 7116 PptpMiniport - ok
10:52:29.0303 7116 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:52:29.0303 7116 Processor - ok
10:52:29.0343 7116 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:52:29.0343 7116 ProfSvc - ok
10:52:29.0383 7116 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:52:29.0383 7116 ProtectedStorage - ok
10:52:29.0423 7116 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:52:29.0423 7116 Psched - ok
10:52:29.0523 7116 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
10:52:29.0533 7116 PSI_SVC_2 - ok
10:52:29.0583 7116 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:52:29.0583 7116 PxHlpa64 - ok
10:52:29.0703 7116 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:52:29.0783 7116 ql2300 - ok
10:52:29.0913 7116 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:52:29.0923 7116 ql40xx - ok
10:52:29.0953 7116 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:52:29.0973 7116 QWAVE - ok
10:52:29.0993 7116 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:52:30.0003 7116 QWAVEdrv - ok
10:52:30.0063 7116 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
10:52:30.0063 7116 RapiMgr - ok
10:52:30.0073 7116 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:52:30.0083 7116 RasAcd - ok
10:52:30.0113 7116 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:52:30.0123 7116 RasAgileVpn - ok
10:52:30.0143 7116 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:52:30.0153 7116 RasAuto - ok
10:52:30.0183 7116 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:52:30.0253 7116 Rasl2tp - ok
10:52:30.0303 7116 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:52:30.0313 7116 RasMan - ok
10:52:30.0323 7116 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:52:30.0333 7116 RasPppoe - ok
10:52:30.0353 7116 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:52:30.0363 7116 RasSstp - ok
10:52:30.0403 7116 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:52:30.0413 7116 rdbss - ok
10:52:30.0423 7116 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:52:30.0433 7116 rdpbus - ok
10:52:30.0453 7116 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:52:30.0453 7116 RDPCDD - ok
10:52:30.0493 7116 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
10:52:30.0543 7116 RDPDR - ok
10:52:30.0573 7116 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:52:30.0573 7116 RDPENCDD - ok
10:52:30.0583 7116 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:52:30.0583 7116 RDPREFMP - ok
10:52:30.0623 7116 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:52:30.0693 7116 RDPWD - ok
10:52:30.0773 7116 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:52:30.0783 7116 rdyboost - ok
10:52:30.0953 7116 RegSrvc (6108654c5ebea28a606d6890b4de6de3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:52:30.0963 7116 RegSrvc - ok
10:52:31.0003 7116 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:52:31.0003 7116 RemoteAccess - ok
10:52:31.0043 7116 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:52:31.0063 7116 RemoteRegistry - ok
10:52:31.0144 7116 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
10:52:31.0164 7116 RFCOMM - ok
10:52:31.0224 7116 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
10:52:31.0284 7116 rimmptsk - ok
10:52:31.0304 7116 rismcx64 (d018844dc53d8428410a2feeeee9373e) C:\Windows\system32\DRIVERS\rismcx64.sys
10:52:31.0334 7116 rismcx64 - ok
10:52:31.0564 7116 RoxMediaDB10 (85f9924fb26d924c4a10dc620ae2c350) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
10:52:31.0704 7116 RoxMediaDB10 - ok
10:52:31.0734 7116 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:52:31.0744 7116 RpcEptMapper - ok
10:52:31.0774 7116 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:52:31.0784 7116 RpcLocator - ok
10:52:31.0844 7116 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:52:31.0844 7116 RpcSs - ok
10:52:31.0914 7116 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:52:31.0914 7116 rspndr - ok
10:52:31.0964 7116 RsvLock (9d3e92f07a7205f8a94806a3c160b1b4) C:\Windows\system32\drivers\RsvLock.sys
10:52:32.0044 7116 RsvLock - ok
10:52:32.0074 7116 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
10:52:32.0104 7116 s3cap - ok
10:52:32.0124 7116 SafeBoot (1c7004beecee9b374f239b5f91204b94) C:\Windows\system32\drivers\SafeBoot.sys
10:52:32.0124 7116 Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: 1c7004beecee9b374f239b5f91204b94
10:52:32.0124 7116 SafeBoot ( LockedFile.Multi.Generic ) - warning
10:52:32.0124 7116 SafeBoot - detected LockedFile.Multi.Generic (1)
10:52:32.0174 7116 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:52:32.0174 7116 SamSs - ok
10:52:32.0184 7116 SbAlg (fd8714a36c4646de22ddc7e36f6d09ef) C:\Windows\system32\drivers\SbAlg.sys
10:52:32.0194 7116 SbAlg - ok
10:52:32.0244 7116 SbFsLock (4d4fc3a91655c002b07316a2dd550a2d) C:\Windows\system32\drivers\SbFsLock.sys
10:52:32.0244 7116 SbFsLock - ok
10:52:32.0284 7116 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:52:32.0344 7116 sbp2port - ok
10:52:32.0374 7116 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:52:32.0374 7116 SCardSvr - ok
10:52:32.0404 7116 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:52:32.0454 7116 scfilter - ok
10:52:32.0534 7116 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:52:32.0634 7116 Schedule - ok
10:52:32.0694 7116 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:52:32.0694 7116 SCPolicySvc - ok
10:52:32.0744 7116 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
10:52:32.0794 7116 sdbus - ok
10:52:32.0824 7116 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:52:32.0824 7116 SDRSVC - ok
10:52:32.0854 7116 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:52:32.0854 7116 secdrv - ok
10:52:32.0884 7116 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:52:32.0884 7116 seclogon - ok
10:52:32.0914 7116 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:52:32.0914 7116 SENS - ok
10:52:32.0924 7116 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:52:32.0934 7116 SensrSvc - ok
10:52:32.0974 7116 Sentinel64 (255476b54c82a89416efdf09fd62f107) C:\Windows\System32\Drivers\Sentinel64.sys
10:52:33.0014 7116 Sentinel64 - ok
10:52:33.0034 7116 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:52:33.0044 7116 Serenum - ok
10:52:33.0064 7116 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:52:33.0074 7116 Serial - ok
10:52:33.0094 7116 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:52:33.0104 7116 sermouse - ok
10:52:33.0204 7116 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
10:52:33.0334 7116 ServiceLayer - ok
10:52:33.0374 7116 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:52:33.0434 7116 SessionEnv - ok
10:52:33.0464 7116 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:52:33.0474 7116 sffdisk - ok
10:52:33.0484 7116 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:52:33.0484 7116 sffp_mmc - ok
10:52:33.0494 7116 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:52:33.0534 7116 sffp_sd - ok
10:52:33.0544 7116 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:52:33.0544 7116 sfloppy - ok
10:52:33.0604 7116 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:52:33.0624 7116 SharedAccess - ok
10:52:33.0654 7116 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:52:33.0654 7116 ShellHWDetection - ok
10:52:33.0684 7116 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:52:33.0694 7116 SiSRaid2 - ok
10:52:33.0714 7116 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:52:33.0724 7116 SiSRaid4 - ok
10:52:33.0854 7116 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:52:33.0854 7116 SkypeUpdate - ok
10:52:33.0884 7116 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:52:33.0894 7116 Smb - ok
10:52:33.0944 7116 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:52:33.0954 7116 SNMPTRAP - ok
10:52:34.0084 7116 SNP2UVC (84e347359a28e9e544ff169fbdea5f59) C:\Windows\system32\DRIVERS\snp2uvc.sys
10:52:34.0124 7116 SNP2UVC - ok
10:52:34.0284 7116 SNTUSB64 (2d5576c01c8a34aa614870e745fe8f19) C:\Windows\system32\DRIVERS\SNTUSB64.SYS
10:52:34.0354 7116 SNTUSB64 - ok
10:52:34.0374 7116 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:52:34.0384 7116 spldr - ok
10:52:34.0424 7116 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:52:34.0494 7116 Spooler - ok
10:52:34.0724 7116 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:52:34.0814 7116 sppsvc - ok
10:52:34.0934 7116 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:52:34.0944 7116 sppuinotify - ok
10:52:35.0004 7116 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:52:35.0024 7116 srv - ok
10:52:35.0094 7116 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:52:35.0104 7116 srv2 - ok
10:52:35.0144 7116 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:52:35.0144 7116 srvnet - ok
10:52:35.0174 7116 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:52:35.0194 7116 SSDPSRV - ok
10:52:35.0214 7116 SSIPDDP - ok
10:52:35.0234 7116 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:52:35.0244 7116 SstpSvc - ok
10:52:35.0374 7116 STacSV (f8807aaf697e1d20c9d7716a4941e574) C:\Program Files\IDT\WDM\STacSV64.exe
10:52:35.0374 7116 STacSV - ok
10:52:35.0394 7116 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:52:35.0394 7116 stexstor - ok
10:52:35.0444 7116 STHDA (96df19a03d37f8568141612d31f0d035) C:\Windows\system32\DRIVERS\stwrt64.sys
10:52:35.0484 7116 STHDA - ok
10:52:35.0544 7116 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:52:35.0674 7116 stisvc - ok
10:52:35.0754 7116 stllssvr (ad989072596ab313d7fa13bcf69573f7) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
10:52:35.0834 7116 stllssvr - ok
10:52:35.0854 7116 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
10:52:35.0864 7116 storflt - ok
10:52:35.0884 7116 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
10:52:35.0884 7116 StorSvc - ok
10:52:35.0904 7116 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
10:52:35.0934 7116 storvsc - ok
10:52:35.0964 7116 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:52:35.0974 7116 swenum - ok
10:52:36.0034 7116 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:52:36.0054 7116 swprv - ok
10:52:36.0194 7116 SynTP (d268d2a0db2a2bbe963e688d0b039267) C:\Windows\system32\DRIVERS\SynTP.sys
10:52:36.0234 7116 SynTP - ok
10:52:36.0454 7116 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:52:36.0524 7116 SysMain - ok
10:52:36.0634 7116 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:52:36.0684 7116 TabletInputService - ok
10:52:36.0734 7116 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:52:36.0734 7116 TapiSrv - ok
10:52:36.0754 7116 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:52:36.0754 7116 TBS - ok
10:52:36.0924 7116 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:52:37.0004 7116 Tcpip - ok
10:52:37.0224 7116 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:52:37.0234 7116 TCPIP6 - ok
10:52:37.0324 7116 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:52:37.0384 7116 tcpipreg - ok
10:52:37.0394 7116 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:52:37.0404 7116 TDPIPE - ok
10:52:37.0444 7116 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:52:37.0504 7116 TDTCP - ok
10:52:37.0544 7116 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:52:37.0574 7116 tdx - ok
10:52:37.0604 7116 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:52:37.0634 7116 TermDD - ok
10:52:37.0684 7116 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:52:37.0734 7116 TermService - ok
10:52:37.0754 7116 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:52:37.0764 7116 Themes - ok
10:52:37.0784 7116 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:52:37.0784 7116 THREADORDER - ok
10:52:37.0834 7116 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
10:52:37.0844 7116 TPM - ok
10:52:37.0864 7116 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:52:37.0874 7116 TrkWks - ok
10:52:37.0924 7116 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:52:38.0004 7116 TrustedInstaller - ok
10:52:38.0044 7116 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:52:38.0074 7116 tssecsrv - ok
10:52:38.0114 7116 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:52:38.0165 7116 TsUsbFlt - ok
10:52:38.0225 7116 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:52:38.0225 7116 tunnel - ok
10:52:38.0245 7116 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:52:38.0255 7116 uagp35 - ok
10:52:38.0315 7116 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:52:38.0365 7116 udfs - ok
10:52:38.0395 7116 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:52:38.0395 7116 UI0Detect - ok
10:52:38.0415 7116 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:52:38.0425 7116 uliagpkx - ok
10:52:38.0455 7116 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:52:38.0515 7116 umbus - ok
10:52:38.0535 7116 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:52:38.0535 7116 UmPass - ok
10:52:38.0575 7116 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
10:52:38.0645 7116 UmRdpService - ok
10:52:38.0895 7116 UNS (7953d636309b7f505c70667a7a2437cf) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
10:52:38.0945 7116 UNS - ok
10:52:39.0065 7116 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:52:39.0065 7116 upnphost - ok
10:52:39.0175 7116 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
10:52:39.0225 7116 USBAAPL64 - ok
10:52:39.0295 7116 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:52:39.0345 7116 usbaudio - ok
10:52:39.0365 7116 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:52:39.0405 7116 usbccgp - ok
10:52:39.0445 7116 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:52:39.0445 7116 usbcir - ok
10:52:39.0475 7116 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:52:39.0515 7116 usbehci - ok
10:52:39.0555 7116 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:52:39.0605 7116 usbhub - ok
10:52:39.0615 7116 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:52:39.0655 7116 usbohci - ok
10:52:39.0685 7116 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:52:39.0685 7116 usbprint - ok
10:52:39.0705 7116 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:52:39.0765 7116 USBSTOR - ok
10:52:39.0785 7116 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:52:39.0815 7116 usbuhci - ok
10:52:39.0845 7116 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
10:52:39.0905 7116 usbvideo - ok
10:52:39.0945 7116 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
10:52:39.0955 7116 usb_rndisx - ok
10:52:39.0985 7116 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:52:39.0985 7116 UxSms - ok
10:52:40.0035 7116 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:52:40.0035 7116 VaultSvc - ok
10:52:40.0186 7116 vcsFPService (bbe2b5036d2ff45458c747fb2513591d) C:\Windows\system32\vcsFPService.exe
10:52:40.0306 7116 vcsFPService - ok
10:52:40.0426 7116 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:52:40.0426 7116 vdrvroot - ok
10:52:40.0476 7116 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:52:40.0546 7116 vds - ok
10:52:40.0586 7116 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:52:40.0596 7116 vga - ok
10:52:40.0606 7116 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:52:40.0616 7116 VgaSave - ok
10:52:40.0656 7116 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:52:40.0746 7116 vhdmp - ok
10:52:40.0766 7116 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:52:40.0766 7116 viaide - ok
10:52:40.0796 7116 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
10:52:40.0796 7116 vmbus - ok
10:52:40.0806 7116 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
10:52:40.0856 7116 VMBusHID - ok
10:52:40.0886 7116 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:52:40.0886 7116 volmgr - ok
10:52:40.0936 7116 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:52:40.0956 7116 volmgrx - ok
10:52:41.0016 7116 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
10:52:41.0026 7116 volsnap - ok
10:52:41.0076 7116 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:52:41.0096 7116 vsmraid - ok
10:52:41.0216 7116 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:52:41.0266 7116 VSS - ok
10:52:41.0386 7116 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:52:41.0396 7116 vwifibus - ok
10:52:41.0426 7116 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:52:41.0426 7116 vwififlt - ok
10:52:41.0456 7116 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:52:41.0466 7116 vwifimp - ok
10:52:41.0516 7116 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:52:41.0546 7116 W32Time - ok
10:52:41.0566 7116 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:52:41.0566 7116 WacomPen - ok
10:52:41.0616 7116 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:52:41.0646 7116 WANARP - ok
10:52:41.0656 7116 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:52:41.0656 7116 Wanarpv6 - ok
10:52:41.0786 7116 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:52:41.0906 7116 WatAdminSvc - ok
10:52:42.0036 7116 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:52:42.0126 7116 wbengine - ok
10:52:42.0236 7116 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:52:42.0256 7116 WbioSrvc - ok
10:52:42.0326 7116 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
10:52:42.0326 7116 WcesComm - ok
10:52:42.0376 7116 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:52:42.0466 7116 wcncsvc - ok
10:52:42.0496 7116 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:52:42.0496 7116 WcsPlugInService - ok
10:52:42.0536 7116 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:52:42.0546 7116 Wd - ok
10:52:42.0606 7116 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:52:42.0656 7116 Wdf01000 - ok
10:52:42.0676 7116 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:52:42.0686 7116 WdiServiceHost - ok
10:52:42.0686 7116 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:52:42.0696 7116 WdiSystemHost - ok
10:52:42.0736 7116 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:52:42.0796 7116 WebClient - ok
10:52:42.0836 7116 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:52:42.0856 7116 Wecsvc - ok
10:52:42.0876 7116 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:52:42.0886 7116 wercplsupport - ok
10:52:42.0916 7116 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:52:42.0916 7116 WerSvc - ok
10:52:42.0956 7116 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:52:42.0966 7116 WfpLwf - ok
10:52:42.0976 7116 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:52:42.0986 7116 WIMMount - ok
10:52:43.0026 7116 WinDefend - ok
10:52:43.0026 7116 WinHttpAutoProxySvc - ok
10:52:43.0096 7116 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:52:43.0106 7116 Winmgmt - ok
10:52:43.0266 7116 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:52:43.0356 7116 WinRM - ok
10:52:43.0496 7116 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:52:43.0576 7116 WinUSB - ok
10:52:43.0666 7116 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:52:43.0706 7116 Wlansvc - ok
10:52:43.0726 7116 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:52:43.0726 7116 WmiAcpi - ok
10:52:43.0796 7116 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:52:43.0816 7116 wmiApSrv - ok
10:52:43.0856 7116 WMPNetworkSvc - ok
10:52:43.0866 7116 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:52:43.0876 7116 WPCSvc - ok
10:52:43.0896 7116 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:52:43.0946 7116 WPDBusEnum - ok
10:52:43.0946 7116 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:52:43.0956 7116 ws2ifsl - ok
10:52:43.0966 7116 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:52:43.0976 7116 wscsvc - ok
10:52:43.0976 7116 WSearch - ok
10:52:44.0146 7116 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:52:44.0166 7116 wuauserv - ok
10:52:44.0296 7116 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:52:44.0346 7116 WudfPf - ok
10:52:44.0396 7116 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:52:44.0446 7116 WUDFRd - ok
10:52:44.0476 7116 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:52:44.0526 7116 wudfsvc - ok
10:52:44.0576 7116 WwanSvc (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll
10:52:44.0626 7116 WwanSvc - ok
10:52:44.0736 7116 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:52:45.0096 7116 \Device\Harddisk0\DR0 - ok
10:52:45.0106 7116 Boot (0x1200) (abe3e9994b9351244b7290e848cf41b3) \Device\Harddisk0\DR0\Partition0
10:52:45.0106 7116 \Device\Harddisk0\DR0\Partition0 - ok
10:52:45.0146 7116 Boot (0x1200) (2d425a78d1680448549df6b5bd693de2) \Device\Harddisk0\DR0\Partition1
10:52:45.0146 7116 \Device\Harddisk0\DR0\Partition1 - ok
10:52:45.0176 7116 Boot (0x1200) (35c04c3e936980876c3dcbd7ba7ce55b) \Device\Harddisk0\DR0\Partition2
10:52:45.0186 7116 \Device\Harddisk0\DR0\Partition2 - ok
10:52:45.0196 7116 Boot (0x1200) (54fd20ea8cdb2a8ddd103020f51a94c3) \Device\Harddisk0\DR0\Partition3
10:52:45.0196 7116 \Device\Harddisk0\DR0\Partition3 - ok
10:52:45.0196 7116 ============================================================
10:52:45.0196 7116 Scan finished
10:52:45.0196 7116 ============================================================
10:52:45.0216 9064 Detected object count: 1
10:52:45.0216 9064 Actual detected object count: 1
10:53:55.0990 9064 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
10:53:55.0990 9064 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
10:54:03.0461 2376 Deinitialize success



aswMBR
When scanning the file "c:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications" the tool always crashed.


ESET Online Scanner
No threats found.


Best regards

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:18 AM

Posted 05 August 2012 - 05:02 PM

Boot into safemode with networking and run ASWMBR

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 mfgklein

mfgklein
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 08 August 2012 - 03:35 PM

Dear narenxp,
you're are much faster then I am ;-)

The results:

ASWMBR in safe mode
when scanning the file c:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications the tool crashed - also in the protected mode

MBAM in safe mode
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.07.08

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
mfgklein :: MFGKLEIN-HP [Administrator]

Schutz: Deaktiviert

08.08.2012 09:27:46
mbam-log-2012-08-08 (09-27-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 506924
Laufzeit: 1 Stunde(n), 17 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

mini toolbox
MiniToolBox by Farbar Version: 23-07-2012
Ran by mfgklein (administrator) on 08-08-2012 at 22:11:14
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Ultimate-N 6300 AGN = Drahtlosnetzwerkverbindung (Connected)
Intel® 82577LM Gigabit Network Connection = LAN-Verbindung (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Drahtlosnetzwerkverbindung 2 (Media disconnected)


# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="LAN-Verbindung" nexthop=134.184.118.100 publish=Ja
add address name="LAN-Verbindung" address=134.184.118.12 mask=255.255.255.0


popd
# Ende der IPv4-Konfiguration



Windows-IP-Konfiguration

Hostname . . . . . . . . . . . . : mfgklein-HP
Prim„res DNS-Suffix . . . . . . . :
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein
DNS-Suffixsuchliste . . . . . . . : fritz.box

Ethernet-Adapter LAN-Verbindung* 12:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Juniper Network Connect Virtual Adapter
Physikalische Adresse . . . . . . : 00-FF-C0-C6-D9-06
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung 2:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physikalische Adresse . . . . . . : 00-24-D7-28-B3-F9
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

Verbindungsspezifisches DNS-Suffix: fritz.box
Beschreibung. . . . . . . . . . . : Intel® Centrino® Ultimate-N 6300 AGN
Physikalische Adresse . . . . . . : 00-24-D7-28-B3-F8
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::d066:9ecc:c36f:30f7%13(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 192.168.178.24(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Lease erhalten. . . . . . . . . . : Mittwoch, 8. August 2012 22:02:25
Lease l„uft ab. . . . . . . . . . : Samstag, 18. August 2012 22:02:25
Standardgateway . . . . . . . . . : 192.168.178.1
DHCP-Server . . . . . . . . . . . : 192.168.178.1
DHCPv6-IAID . . . . . . . . . . . : 352330967
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-14-2A-B6-97-70-5A-B6-AF-C1-45
DNS-Server . . . . . . . . . . . : 192.168.178.1
NetBIOS ber TCP/IP . . . . . . . : Aktiviert

Ethernet-Adapter LAN-Verbindung:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Intel® 82577LM Gigabit Network Connection
Physikalische Adresse . . . . . . : 70-5A-B6-AF-C1-45
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja

Tunneladapter isatap.{CEAA007A-9846-4596-A418-B5D95EEA8FD1}:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #2
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja

Tunneladapter Teredo Tunneling Pseudo-Interface:

Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:79fd:344c:3ab0:a77d:2c42(Bevorzugt)
Verbindungslokale IPv6-Adresse . : fe80::344c:3ab0:a77d:2c42%20(Bevorzugt)
Standardgateway . . . . . . . . . : ::
NetBIOS ber TCP/IP . . . . . . . : Deaktiviert

Tunneladapter isatap.{9331BD64-2AB2-4A01-803C-6DD9ED5650F4}:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #4
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja

Tunneladapter isatap.{A62EDD80-8389-4D1E-BF71-DA33D4653498}:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #5
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
Server: fritz.box
Address: 192.168.178.1

Name: google.com
Addresses: 2a00:1450:8005::8b
173.194.69.101
173.194.69.102
173.194.69.113
173.194.69.138
173.194.69.139
173.194.69.100


Ping wird ausgefhrt fr google.com [173.194.69.101] mit 32 Bytes Daten:
Antwort von 173.194.69.101: Bytes=32 Zeit=61ms TTL=45
Antwort von 173.194.69.101: Bytes=32 Zeit=62ms TTL=45

Ping-Statistik fr 173.194.69.101:
Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
(0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 61ms, Maximum = 62ms, Mittelwert = 61ms
Server: fritz.box
Address: 192.168.178.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Ping wird ausgefhrt fr yahoo.com [98.139.183.24] mit 32 Bytes Daten:
Antwort von 98.139.183.24: Bytes=32 Zeit=170ms TTL=52
Antwort von 98.139.183.24: Bytes=32 Zeit=169ms TTL=51

Ping-Statistik fr 98.139.183.24:
Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
(0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 169ms, Maximum = 170ms, Mittelwert = 169ms
Server: fritz.box
Address: 192.168.178.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Ping wird ausgefhrt fr bleepingcomputer.com [208.43.87.2] mit 32 Bytes Daten:
Antwort von 208.43.87.2: Zielhost nicht erreichbar.
Antwort von 208.43.87.2: Zielhost nicht erreichbar.

Ping-Statistik fr 208.43.87.2:
Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
(0% Verlust),

Ping wird ausgefhrt fr 127.0.0.1 mit 32 Bytes Daten:
Antwort von 127.0.0.1: Bytes=32 Zeit=4ms TTL=128
Antwort von 127.0.0.1: Bytes=32 Zeit=3ms TTL=128

Ping-Statistik fr 127.0.0.1:
Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
(0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 3ms, Maximum = 4ms, Mittelwert = 3ms
===========================================================================
Schnittstellenliste
14...00 ff c0 c6 d9 06 ......Juniper Network Connect Virtual Adapter
16...00 24 d7 28 b3 f9 ......Microsoft Virtual WiFi Miniport Adapter
13...00 24 d7 28 b3 f8 ......Intel® Centrino® Ultimate-N 6300 AGN
12...70 5a b6 af c1 45 ......Intel® 82577LM Gigabit Network Connection
1...........................Software Loopback Interface 1
26...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #2
20...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
42...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #4
43...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #5
===========================================================================

IPv4-Routentabelle
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik
0.0.0.0 0.0.0.0 192.168.178.1 192.168.178.24 25
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
192.168.178.0 255.255.255.0 Auf Verbindung 192.168.178.24 281
192.168.178.24 255.255.255.255 Auf Verbindung 192.168.178.24 281
192.168.178.255 255.255.255.255 Auf Verbindung 192.168.178.24 281
224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 306
224.0.0.0 240.0.0.0 Auf Verbindung 192.168.178.24 281
255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
255.255.255.255 255.255.255.255 Auf Verbindung 192.168.178.24 281
===========================================================================
St„ndige Routen:
Netzwerkadresse Netzmaske Gatewayadresse Metrik
0.0.0.0 0.0.0.0 134.184.118.100 Standard
===========================================================================

IPv6-Routentabelle
===========================================================================
Aktive Routen:
If Metrik Netzwerkziel Gateway
20 58 ::/0 Auf Verbindung
1 306 ::1/128 Auf Verbindung
20 58 2001::/32 Auf Verbindung
20 306 2001:0:5ef5:79fd:344c:3ab0:a77d:2c42/128
Auf Verbindung
13 281 fe80::/64 Auf Verbindung
20 306 fe80::/64 Auf Verbindung
20 306 fe80::344c:3ab0:a77d:2c42/128
Auf Verbindung
13 281 fe80::d066:9ecc:c36f:30f7/128
Auf Verbindung
1 306 ff00::/8 Auf Verbindung
20 306 ff00::/8 Auf Verbindung
13 281 ff00::/8 Auf Verbindung
===========================================================================
St„ndige Routen:
Keine
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/08/2012 08:55:14 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000532d0
ID des fehlerhaften Prozesses: 0x12e0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (08/08/2012 02:57:19 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/07/2012 10:52:32 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\NAS-MICHAEL\Sicherung\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (08/07/2012 10:44:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/07/2012 10:40:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1665, Zeitstempel: 0x4f5f9c86
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e3be
ID des fehlerhaften Prozesses: 0x920
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3

Error: (08/07/2012 10:35:19 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1665, Zeitstempel: 0x4f5f9c86
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e3be
ID des fehlerhaften Prozesses: 0xb00
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3

Error: (08/07/2012 10:29:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/07/2012 10:22:01 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/06/2012 10:07:31 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\NAS-MICHAEL\Sicherung\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (08/06/2012 00:53:48 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (08/08/2012 10:02:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSIPDDP: Parallel port device driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (08/08/2012 10:02:19 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\Drivers\SSIPDDP.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/08/2012 10:00:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSIPDDP: Parallel port device driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (08/08/2012 10:00:37 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\Drivers\SSIPDDP.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/08/2012 09:59:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (08/08/2012 09:59:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (08/08/2012 09:59:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (08/08/2012 09:57:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (08/08/2012 09:57:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (08/08/2012 09:57:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068


Microsoft Office Sessions:
=========================
Error: (08/08/2012 08:55:14 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.177254ec4aa8ec000000500000000000532d012e001cd74dd36dac21dC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll00bca01d-e126-11e1-a6bd-705ab6afc145

Error: (08/08/2012 02:57:19 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (08/07/2012 10:52:32 PM) (Source: Windows Backup)(User: )
Description: \\NAS-MICHAEL\Sicherung\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (08/07/2012 10:44:55 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\mfgklein\Desktop\Trojaner I\esetsmartinstaller_enu.exe

Error: (08/07/2012 10:40:53 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.16654f5f9c86ntdll.dll6.1.7601.177254ec49b8fc00000050002e3be92001cd74dc7d169ad7C:\Users\mfgklein\Desktop\Trojaner I\aswMBR.exeC:\Windows\SysWOW64\ntdll.dll2dc55422-e0d0-11e1-9839-705ab6afc145

Error: (08/07/2012 10:35:19 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.16654f5f9c86ntdll.dll6.1.7601.177254ec49b8fc00000050002e3beb0001cd74db718f602bC:\Users\mfgklein\Desktop\Trojaner I\aswMBR.exeC:\Windows\SysWOW64\ntdll.dll66bdb5e9-e0cf-11e1-9839-705ab6afc145

Error: (08/07/2012 10:29:45 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\mfgklein\Desktop\Trojaner I\esetsmartinstaller_enu.exe

Error: (08/07/2012 10:22:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\mfgklein\Desktop\Trojaner I\esetsmartinstaller_enu.exe

Error: (08/06/2012 10:07:31 PM) (Source: Windows Backup)(User: )
Description: \\NAS-MICHAEL\Sicherung\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (08/06/2012 00:53:48 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\mfgklein\Desktop\neuer ordner\esetsmartinstaller_enu.exe


=========================== Installed Programs ============================

7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
AAVUpdateManager (Version: 18.00.0000)
ActivClient x64 (Version: 6.2)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.270)
Adobe Flash Player 11 Plugin (Version: 11.3.300.270)
Adobe Reader X (10.1.3) - Deutsch (Version: 10.1.3)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
AVM FRITZ!fax für FRITZ!Box
BlackArmor Discovery (Version: 1.40.1041.002)
Bonjour (Version: 3.0.0.10)
Canon Inkjet Printer Driver Add-On Module
CD-LabelPrint
Corel Graphics - Windows Shell Extension (Version: 15.2.0.686)
Corel Graphics - Windows Shell Extension (Version: 15.2.686)
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686)
CorelDRAW Graphics Suite X5 - BR (Version: 15.3)
CorelDRAW Graphics Suite X5 - Capture (Version: 15.3)
CorelDRAW Graphics Suite X5 - Common (Version: 15.3)
CorelDRAW Graphics Suite X5 - Connect (Version: 15.3)
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.3)
CorelDRAW Graphics Suite X5 - DE (Version: 15.3)
CorelDRAW Graphics Suite X5 - Draw (Version: 15.3)
CorelDRAW Graphics Suite X5 - EN (Version: 15.3)
CorelDRAW Graphics Suite X5 - ES (Version: 15.3)
CorelDRAW Graphics Suite X5 - Extra Content
CorelDRAW Graphics Suite X5 - Extra Content (Version: 15.0)
CorelDRAW Graphics Suite X5 - Filters (Version: 15.3)
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.3)
CorelDRAW Graphics Suite X5 - FR (Version: 15.3)
CorelDRAW Graphics Suite X5 - IPM (Version: 15.3)
CorelDRAW Graphics Suite X5 - IT (Version: 15.3)
CorelDRAW Graphics Suite X5 - NL (Version: 15.3)
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.3)
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0)
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0)
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.3)
CorelDRAW Graphics Suite X5 - VBA (Version: 15.3)
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.3)
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.3)
CorelDRAW Graphics Suite X5 - WT (Version: 15.3)
CorelDRAW Graphics Suite X5 (Version: 15.3)
CorelDRAW® Graphics Suite X5 (Version: 15.2.0.686)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dektak V9.3
Device Access Manager for HP ProtectTools (Version: 5.0.1.9)
DirectX 9 Runtime (Version: 1.00.0000)
Document Express DjVu Plug-in (Version: 6.1.26155)
Drive Encryption for HP ProtectTools (Version: 5.0.2.10)
Dropbox (Version: 1.4.11)
Embedded Security for HP ProtectTools (Version: 5.7.000)
eReg (Version: 1.20.138.34)
ESET Online Scanner v3
File Sanitizer For HP ProtectTools (Version: 5.0.1.4)
Ghostscript GPL 8.64 (Msi Setup) (Version: 8.64)
GPL Ghostscript 8.71
GSview 4.9
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (Version: 1)
HP 3D DriveGuard (Version: 4.1.10.1)
HP Business Card Reader (Version: 0.6.3.0)
HP Customer Experience Enhancements (Version: 6.0.1.3)
HP ESU for Microsoft Windows 7 (Version: 2.0.2.1)
HP Integrated Module with Bluetooth wireless technology (Version: 6.2.1.500)
HP Power Assistant (Version: 2.5.0.16)
HP Power Data (Version: 1.0.35.187)
HP ProtectTools Security Manager (Version: 5.12.754)
HP Quick Launch Buttons (Version: 6.50.17.1)
HP QuickWeb (Version: 1.0.1.48)
HP Software Framework (Version: 4.5.10.1)
HP Support Assistant (Version: 6.1.12.1)
HP Web Camera (Version: 1.0.0)
HP Webcam (Version: 1.0.26.3)
HP Webcam Driver (Version: 5.8.50009.6)
HP Wireless Assistant (Version: 4.0.10.0)
HUAWEI DataCard Driver 4.05.00.00 (Version: 4.05.00.00)
iCloud (Version: 1.1.0.40)
IDT Audio (Version: 1.0.6300.0)
Intel PROSet Wireless
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Network Connections Drivers (Version: 14.8)
Intel® PROSet/Wireless WiFi-Software (Version: 13.01.1000)
Intel® Matrix Storage Manager
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.1.6.0)
Java Card Security for HP ProtectTools (Version: 5.0.4.1)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Juniper Networks Network Connect 7.0.0 (Version: 7.0.0.18809)
Juniper Networks Setup Client (Version: 2.2.5.10685)
Juniper Networks Setup Client Activex Control (Version: 2.1.1.1)
LightScribe System Software (Version: 1.18.22.2)
LSI HDA Modem (Version: 2.2.97)
Malwarebytes Anti-Malware Version 1.62.0.1300 (Version: 1.62.0.1300)
MATLAB R2010a (Version: 7.10)
McAfee Agent (Version: 4.5.0.1810)
McAfee VirusScan Enterprise (Version: 8.8.01000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Personal Folders Backup (Version: 1.10.0.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (Version: 9.0.30729)
Mozilla Firefox 14.0.1 (x86 de) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyTomTom 3.2.0.700 (Version: 3.2.0.700)
NVIDIA Grafiktreiber 296.83 (Version: 296.83)
NVIDIA HD-Audiotreiber 1.2.22.1 (Version: 1.2.22.1)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA nView 136.28 (Version: 136.28)
NVIDIA nView Desktop Manager (Version: 6.14.10.13588)
NVIDIA Systemsteuerung 296.83 (Version: 296.83)
Origin86 (Version: 8.60.00)
PC Connectivity Solution (Version: 10.24.0.0)
PDF-Viewer (Version: 2.0.57.0)
PDF Complete Special Edition (Version: 4.0.64)
Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1)
QLBCASL (Version: 6.40.17.2)
QuickTime (Version: 7.72.80.56)
RICOH Media Driver (Version: 2.13.00.05)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.8.0)
Roxio Creator Business (Version: 10.3)
Roxio Creator Business v10 (Version: 3.8.0)
Roxio Creator Copy (Version: 3.8.0)
Roxio Creator Data (Version: 3.8.0)
Roxio Creator Tools (Version: 3.8.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio MyDVD (Version: 10.3.349)
SDK (Version: 2.30.042)
Sentinel Protection Installer 7.6.1 (Version: 7.6.1)
Sentinel System Driver Installer 7.5.1 (Version: 7.5.1)
Skype Click to Call (Version: 5.10.9560)
Skype™ 5.10 (Version: 5.10.116)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Steuer-Spar-Erklärung 2011 (Version: 16.16)
Steuer-Spar-Erklärung 2012 (Version: 17.11)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
Theft Recovery (Version: 5.1.0.18)
Trillian
UltraVNC 1.0.8.2 (Version: 1.0.8.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Validity Fingerprint Driver (Version: 4.0.15.0)
VD64Inst (Version: 1.00.0000)
Visual Basic for Applications ® Core - English (Version: 6.4.99.69)
Visual Basic for Applications ® Core - German (Version: 6.4.99.69)
Visual Basic for Applications ® Core (Version: 6.4.99.69)
Visual Studio C++ 10.0 Runtime (Version: 10.0.0)
VLC media player 1.1.11 (Version: 1.1.11)
Wiederbeschaffung bei Diebstahl (Version: 5.1.0.18)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows 7 Default Setting (Version: 1.0.1.4)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (Version: 06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows Mobile-Gerätecenter: Treiberupdate (Version: 6.1.6965.0)
WinSCP 4.3.7 (Version: 4.3.7)

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 3957.77 MB
Available physical RAM: 1797.5 MB
Total Pagefile: 7913.74 MB
Available Pagefile: 5074.29 MB
Total Virtual: 4095.88 MB
Available Virtual: 3961.54 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:280.79 GB) (Free:130.65 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:3.08 GB) NTFS
3 Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32

========================= Users: ========================================

Benutzerkonten fr \\MFGKLEIN-HP

Administrator Gast mfgklein
Der Befehl wurde erfolgreich ausgefhrt.


**** End of log ****

FSS
Farbar Service Scanner Version: 06-08-2012
Ran by mfgklein (administrator) on 08-08-2012 at 22:16:26
Running from "C:\Users\mfgklein\Desktop\Trojaner II"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


adware cleaner
# AdwCleaner v1.800 - Logfile created 08/08/2012 at 22:17:58
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : mfgklein - MFGKLEIN-HP
# Running from : C:\Users\mfgklein\Desktop\Trojaner II\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****


***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\mfgklein\AppData\Roaming\Mozilla\Firefox\Profiles\phgd2g17.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [866 octets] - [08/08/2012 22:17:58]

########## EOF - C:\AdwCleaner[S1].txt - [993 octets] ##########

Regards

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:18 AM

Posted 09 August 2012 - 12:19 AM

Any current issues?

#7 mfgklein

mfgklein
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 10 August 2012 - 02:55 AM

The message in the "solve PC issues flag" stating "remove Trojan: Win32/Adload.Da virus" disappeard. Somehow strange as I didn't remove any item, mhhh.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:18 AM

Posted 10 August 2012 - 03:56 AM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#9 mfgklein

mfgklein
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 25 August 2012 - 10:42 AM

I monitored my system distrustfilly over the last days. Now, everything seems to be fine, the windows warning didn't appear again. And it is much faster now, probably due to the TFC. Many thanks for you great and fast support. You were much faster than me.

Best regards!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users