| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan RansomWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.12.2012, 18:31
| #1 |
 |  Trojan Ransom bekomme PUM.UserWload und Trojan.Ransom nicht los, wer kann mir helfen? Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.18.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jacinta Heidenreich :: JACINTA [limitiert] Schutz: Aktiviert 18-12-2012 11:15:02 mbam-log-2012-12-18 (11-15-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 266013 Laufzeit: 14 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr -> Löschen bei Neustart. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
18.12.2012, 18:32
| #2 |
| /// Malware-holic   | Trojan Ransom Hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
18.12.2012, 19:13
| #3 |
| | Trojan Ransom Hi Markus, ich bin nun wirklich kein PS Spezialist hier die daten:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 18-12-2012 18:04:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jacinta Heidenreich\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy 3,98 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 46,08% Memory free 7,96 Gb Paging File | 5,34 Gb Available in Paging File | 67,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 915,23 Gb Total Space | 738,44 Gb Free Space | 80,68% Space Free | Partition Type: NTFS Drive D: | 16,18 Gb Total Space | 2,02 Gb Free Space | 12,48% Space Free | Partition Type: NTFS Computer Name: JACINTA | User Name: Jacinta Heidenreich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-12-18 18:03:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jacinta Heidenreich\Downloads\OTL.exe PRC - [2012-12-17 13:48:57 | 000,894,920 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe PRC - [2012-11-06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012-11-06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012-09-29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012-05-24 01:41:20 | 001,576,080 | ---- | M] (QNAP Systems, Inc.) -- C:\Program Files\QNAP\NetBak\Enclosure.exe PRC - [2012-04-13 18:46:17 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe PRC - [2012-04-04 14:04:58 | 005,515,088 | ---- | M] (Firetrust) -- C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe PRC - [2012-04-04 05:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-08-26 20:35:12 | 012,277,248 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe PRC - [2011-08-26 20:35:08 | 000,322,048 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe PRC - [2011-08-24 21:53:42 | 000,823,632 | R--- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe PRC - [2011-08-05 05:16:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011-08-03 14:55:11 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011-08-03 14:54:41 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011-07-22 00:44:14 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe PRC - [2011-07-22 00:19:58 | 001,318,912 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe PRC - [2011-07-20 18:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011-02-24 07:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2010-02-11 17:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE PRC - [2009-08-25 02:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe PRC - [2009-07-02 21:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe PRC - [2009-06-08 12:59:42 | 003,190,784 | ---- | M] (Siemens AG) -- C:\Program Files (x86)\Licensing\License Agent\bin\cla.exe PRC - [2009-05-08 23:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe PRC - [2009-05-08 23:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe PRC - [2009-02-28 02:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe PRC - [2008-11-20 17:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2012-11-27 10:41:54 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\1352c3e5dd49f3bf8c2f8e106ceb79fb\WindowsFormsIntegration.ni.dll MOD - [2012-11-27 10:41:10 | 013,345,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\b44bc0f669f6a03f9662baf928987d10\System.Data.Entity.ni.dll MOD - [2012-11-27 10:40:33 | 000,134,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\620ad622156f4a3f34a46248ec6a3a03\System.Data.DataSetExtensions.ni.dll MOD - [2012-11-27 10:40:22 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ae40aeae573219a0439def61b1d48b49\UIAutomationTypes.ni.dll MOD - [2012-11-27 10:40:21 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll MOD - [2012-11-27 10:39:50 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll MOD - [2012-11-27 10:39:45 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\5528d332c662a879514630cbee174ada\Accessibility.ni.dll MOD - [2012-11-26 18:21:23 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll MOD - [2012-11-26 18:21:15 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll MOD - [2012-11-26 18:21:09 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll MOD - [2012-11-26 18:21:07 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll MOD - [2012-11-26 18:17:44 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\90f1acbd79e2a5fabfb8c516d6be36a3\System.Data.ni.dll MOD - [2012-11-26 18:17:42 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll MOD - [2012-11-26 18:17:40 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll MOD - [2012-11-26 18:17:38 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll MOD - [2012-11-26 18:17:36 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll MOD - [2012-11-26 18:17:36 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll MOD - [2012-11-26 18:17:35 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll MOD - [2012-11-26 18:17:32 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4356fe490600dd3d31969f31f59a6892\System.Numerics.ni.dll MOD - [2012-11-26 18:17:31 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll MOD - [2012-04-03 14:47:08 | 000,272,384 | ---- | M] () -- C:\Program Files (x86)\Firetrust\MailWasher\FTClientNode.dll MOD - [2012-04-03 14:47:08 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Firetrust\MailWasher\MWPBridgeDLL.dll MOD - [2012-04-03 14:47:08 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Firetrust\MailWasher\FTBridge.dll MOD - [2012-01-30 14:23:02 | 004,637,184 | ---- | M] () -- C:\Program Files (x86)\Firetrust\MailWasher\MWPappDLL.dll MOD - [2011-10-05 02:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL MOD - [2011-09-05 16:57:34 | 000,366,136 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll MOD - [2011-07-22 00:44:14 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe MOD - [2011-06-22 10:46:12 | 000,434,016 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL MOD - [2011-05-26 19:18:44 | 000,136,536 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office12\OUTLCTL.DLL MOD - [2009-07-02 21:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe MOD - [2009-02-28 02:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe MOD - [2009-02-26 12:46:56 | 000,064,344 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL MOD - [2009-02-20 00:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL ========== Services (SafeList) ========== SRV:64bit: - [2012-09-12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012-09-12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011-09-14 12:18:34 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2011-09-14 12:17:26 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2011-08-24 21:53:50 | 000,486,224 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2011-07-22 00:19:58 | 001,318,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent) SRV:64bit: - [2010-10-11 09:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2009-07-14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009-07-14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012-12-17 13:48:57 | 000,894,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe -- (vToolbarUpdater13.3.2) SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-11-06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012-08-23 11:31:24 | 002,148,216 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012-04-04 05:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-09-10 00:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011-09-05 16:57:24 | 000,476,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK) SRV - [2011-08-26 20:35:08 | 000,322,048 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2011-08-12 16:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011-08-05 05:16:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011-08-03 14:55:11 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011-08-03 14:54:41 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011-08-01 21:43:36 | 000,195,320 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011-07-20 18:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011-02-24 07:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2010-11-21 03:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010-11-21 03:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010-11-21 03:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010-10-12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-09-20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009-06-10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-06-08 12:59:42 | 003,190,784 | ---- | M] (Siemens AG) [Auto | Running] -- C:\Program Files (x86)\Licensing\License Agent\bin\cla.exe -- (License Agent) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-12-17 13:48:58 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012-10-22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012-10-15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012-10-05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012-10-02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012-09-29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012-09-21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012-09-21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012-09-14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012-08-30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012-04-13 18:54:57 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv) DRV:64bit: - [2012-04-13 18:28:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012-04-13 18:28:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012-03-01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011-09-21 09:51:59 | 000,409,408 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci) DRV:64bit: - [2011-09-21 09:51:55 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3) DRV:64bit: - [2011-09-14 12:19:11 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011-09-14 10:35:45 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011-08-22 18:54:24 | 000,064,312 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv) DRV:64bit: - [2011-08-04 11:25:16 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011-08-03 14:51:56 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011-07-22 00:52:44 | 000,094,152 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal) DRV:64bit: - [2011-07-22 00:52:30 | 000,158,280 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc) DRV:64bit: - [2011-05-11 01:41:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010-11-21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-21 03:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010-11-21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009-07-14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009-06-10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012-07-04 15:26:12 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009-07-14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL/133 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPALL/133 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{CDA6B079-7153-4C3A-B1F8-F497EC2912FF}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL/133 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPALL/133 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{CDA6B079-7153-4C3A-B1F8-F497EC2912FF}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL/133 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{17E24411-BFE7-4301-8311-1A4D36FCD8F9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ARS&o=15084&src=kw&q={searchTerms}&locale=pt_EU&apn_ptnrs=^AG&apn_dtid=^zzz003^YY^PT&apn_uid=61497d81-9f5c-41a9-8bf5-a0383d44d949&apn_sauid=5CC5E53E-F77F-401F-96A4-9225E253AB42 IE - HKCU\..\SearchScopes\{CDA6B079-7153-4C3A-B1F8-F497EC2912FF}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012-04-13 18:40:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-04 15:26:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-04 15:26:32 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009-06-10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard ) O4:64bit: - HKLM..\Run: [Certificate Import] C:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe () O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe () O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard) O4 - HKLM..\Run: [EMET Notifier] C:\Program Files (x86)\EMET\EMET_notifier.exe (Microsoft Corporation) O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found F3:64bit: - HKCU WinNT: Load - (C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr) - File not found F3 - HKCU WinNT: Load - (C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr) - File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: millenniumbcp.pt ([corp] https in Trusted sites) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1587117-66AF-479C-BC1F-5A00125E6C76}: DhcpNameServer = 172.16.2.254 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-12-18 15:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS [2012-12-18 11:50:05 | 000,035,192 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe [2012-12-18 11:49:59 | 000,026,488 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll [2012-12-18 11:49:59 | 000,021,880 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll [2012-12-18 11:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp [2012-12-18 11:49:31 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\AVG [2012-12-18 11:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2012-12-18 11:48:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2012-12-17 16:29:22 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Malwarebytes [2012-12-17 16:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-12-17 16:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-12-17 16:29:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-12-17 16:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012-12-17 13:50:47 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\AVG2013 [2012-12-17 13:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012-12-17 13:49:20 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\TuneUp Software [2012-12-17 13:49:08 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012-12-17 13:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012-12-17 13:46:18 | 000,000,000 | -H-D | C] -- C:\$AVG [2012-12-17 13:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012-12-17 13:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012-12-17 13:42:59 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Local\MFAData [2012-12-17 13:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012-12-17 13:42:59 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Local\Avg2013 [2012-12-17 13:03:17 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\QuickScan [2012-12-17 11:42:50 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Obaqpu [2012-12-17 11:42:50 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Faes [2012-12-17 11:35:21 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\Local Settings [2012-12-14 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Wotyn [2012-12-14 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Ufsaox [2012-12-14 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Osqo [2012-12-13 15:59:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012-12-13 15:59:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012-12-13 15:59:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012-12-13 15:59:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012-12-13 15:59:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012-12-13 15:59:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012-12-13 15:59:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012-12-13 15:59:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012-12-13 15:59:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012-12-13 15:59:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012-12-13 15:59:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012-12-13 15:59:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012-12-13 15:59:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012-12-13 15:59:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012-12-13 15:59:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012-12-13 09:19:53 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012-12-13 09:19:52 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012-12-13 09:19:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012-12-13 09:19:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012-12-13 09:19:43 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012-12-13 09:19:42 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012-12-13 09:19:42 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012-12-13 09:19:42 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012-12-13 09:19:42 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012-12-13 09:19:42 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012-12-13 09:19:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012-12-13 09:19:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012-12-13 09:19:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012-12-13 09:19:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012-12-13 09:19:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012-12-13 09:19:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012-12-13 09:19:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012-12-13 09:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012-12-13 09:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012-12-13 09:19:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012-12-13 09:19:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012-12-13 09:19:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012-12-13 09:19:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012-12-13 09:19:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012-12-13 09:19:40 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012-12-13 09:19:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012-12-13 09:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012-12-13 09:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012-12-13 09:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012-12-13 09:19:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012-12-13 09:19:36 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012-12-13 09:19:36 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012-11-30 15:39:52 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\Documents\HP Photosmart Projects [2012-11-27 09:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012-11-27 09:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012-11-26 18:18:46 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012-11-26 18:18:46 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012-11-26 18:12:31 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012-11-26 18:12:30 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012-11-26 18:12:30 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012-11-26 18:12:30 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012-11-26 10:05:24 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012-11-26 10:05:24 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012-11-26 10:05:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012-11-26 10:05:15 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll [2012-11-26 10:05:15 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll [2012-11-26 10:05:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll [2012-11-26 10:05:14 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll [2012-11-26 10:05:13 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe [2012-11-26 10:05:12 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll [2012-11-26 10:05:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll [2012-11-26 10:05:12 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe [2012-11-26 10:05:12 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll [2012-11-26 10:05:12 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll [2012-11-26 10:05:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll [2012-11-26 10:05:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll [2012-11-26 10:05:00 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012-11-26 10:05:00 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012-11-26 10:05:00 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012-11-26 10:04:59 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012-11-26 10:04:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012-11-26 10:04:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012-11-26 10:03:19 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012-11-26 10:03:18 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012-12-18 17:01:38 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-12-18 17:01:38 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-12-18 16:53:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-12-18 16:53:38 | 3205,750,784 | -HS- | M] () -- C:\hiberfil.sys [2012-12-18 15:51:38 | 001,828,926 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-12-18 15:51:38 | 000,791,066 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2012-12-18 15:51:38 | 000,712,538 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-12-18 15:51:38 | 000,174,808 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2012-12-18 15:51:38 | 000,140,974 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-12-18 13:58:20 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJacinta Heidenreich.job [2012-12-18 11:49:43 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2012-12-18 11:49:43 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk [2012-12-18 11:41:52 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif [2012-12-17 16:29:18 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012-12-17 13:49:21 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012-12-17 13:48:58 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012-12-14 10:19:17 | 000,415,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-11-29 11:29:27 | 000,187,767 | ---- | M] () -- C:\Users\Jacinta Heidenreich\Documents\axa.jpg [2012-11-27 09:33:49 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012-11-27 09:33:17 | 000,001,135 | ---- | M] () -- C:\Users\Jacinta Heidenreich\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012-12-18 11:49:43 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2012-12-18 11:49:43 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk [2012-12-18 11:49:39 | 000,002,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk [2012-12-17 16:29:18 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012-12-17 13:49:21 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012-11-29 15:02:39 | 000,187,767 | ---- | C] () -- C:\Users\Jacinta Heidenreich\Documents\axa.jpg [2012-11-26 18:18:49 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012-11-26 18:12:30 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012-06-25 14:44:21 | 000,228,903 | ---- | C] () -- C:\Windows\hpoins19.dat.temp [2012-06-25 14:39:53 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp [2012-06-04 16:22:05 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\U2lcalc750.dll [2012-06-04 16:22:05 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\U2LDIVIS.dll [2012-06-04 16:22:05 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\u2leuro.dll [2012-06-04 16:22:05 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\u2lpri.dll [2012-06-04 16:22:05 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\u2lloc.dll [2012-06-04 16:22:05 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\prilog.dll [2012-06-04 16:22:04 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\U2lcalc.dll [2012-06-04 16:20:59 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\PRINTCHES.dll [2012-06-04 16:20:59 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\cqdecl32.dll [2012-06-04 16:20:54 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\ChartFX.ClientServer.Core.pt.dll [2012-06-04 16:20:54 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\ChartFX.ClientServer.Core.es.dll [2012-06-04 15:59:30 | 000,046,977 | ---- | C] () -- C:\Windows\uninstminilector.exe [2012-06-04 15:22:54 | 000,228,903 | ---- | C] () -- C:\Windows\hpoins19.dat [2012-06-04 15:22:54 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2012-01-23 16:25:18 | 000,055,656 | ---- | C] () -- C:\Windows\SysWow64\pteidlib_dotnet.dll [2012-01-23 16:25:16 | 000,558,432 | ---- | C] () -- C:\Windows\SysWow64\pteiddlgsrv.exe [2012-01-23 16:25:10 | 008,156,504 | ---- | C] () -- C:\Windows\SysWow64\QtGui4.dll [2012-01-23 16:25:08 | 000,164,184 | ---- | C] () -- C:\Windows\SysWow64\pteidlib.dll [2012-01-23 16:24:58 | 000,176,472 | ---- | C] () -- C:\Windows\SysWow64\pteiddlg.dll [2012-01-23 16:24:54 | 000,045,920 | ---- | C] () -- C:\Windows\SysWow64\pteidlibj.dll [2012-01-23 16:24:52 | 000,035,680 | ---- | C] () -- C:\Windows\SysWow64\pteidhttps.dll [2012-01-23 16:24:50 | 002,283,352 | ---- | C] () -- C:\Windows\SysWow64\QtCore4.dll [2011-10-12 22:33:22 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011-09-05 16:57:34 | 000,366,136 | ---- | C] () -- C:\Windows\SysWow64\flcdlmsg.dll [2011-08-24 22:30:30 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPLic.dll.hpsign [2011-08-24 21:55:46 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign [2011-08-24 21:55:46 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign [2011-08-24 21:55:30 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign [2011-08-24 21:53:44 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPSCEL.dll.hpsign [2011-08-24 21:53:44 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign [2011-08-24 21:53:42 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign [2011-08-05 05:16:42 | 000,305,256 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011-02-11 20:29:00 | 001,803,064 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009-07-14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
18.12.2012, 19:19
| #4 |
| | Trojan Ransom HI Markus, hier nun nochmals OTL diesesmal mit LOP un Purity checkOTL Logfile: Code:
ATTFilter OTL logfile created on: 18-12-2012 18:15:14 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jacinta Heidenreich\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy 3,98 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 42,37% Memory free 7,96 Gb Paging File | 5,33 Gb Available in Paging File | 66,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 915,23 Gb Total Space | 738,43 Gb Free Space | 80,68% Space Free | Partition Type: NTFS Drive D: | 16,18 Gb Total Space | 2,02 Gb Free Space | 12,48% Space Free | Partition Type: NTFS Computer Name: JACINTA | User Name: Jacinta Heidenreich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jacinta Heidenreich\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\QNAP\NetBak\Enclosure.exe (QNAP Systems, Inc.) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe (Firetrust) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) PRC - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) PRC - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe () PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe () PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe () PRC - C:\Program Files (x86)\Licensing\License Agent\bin\cla.exe (Siemens AG) PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\1352c3e5dd49f3bf8c2f8e106ceb79fb\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\b44bc0f669f6a03f9662baf928987d10\System.Data.Entity.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\620ad622156f4a3f34a46248ec6a3a03\System.Data.DataSetExtensions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ae40aeae573219a0439def61b1d48b49\UIAutomationTypes.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\5528d332c662a879514630cbee174ada\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\90f1acbd79e2a5fabfb8c516d6be36a3\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4356fe490600dd3d31969f31f59a6892\System.Numerics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Firetrust\MailWasher\FTClientNode.dll () MOD - C:\Program Files (x86)\Firetrust\MailWasher\MWPBridgeDLL.dll () MOD - C:\Program Files (x86)\Firetrust\MailWasher\FTBridge.dll () MOD - C:\Program Files (x86)\Firetrust\MailWasher\MWPappDLL.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () MOD - C:\Windows\SysWOW64\flcdlmsg.dll () MOD - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe () MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL () MOD - C:\PROGRA~2\MICROS~1\Office12\OUTLCTL.DLL () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe () MOD - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe () MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL () MOD - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL () ========== Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.) SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (DpHost) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV:64bit: - (McAfee Endpoint Encryption Agent) -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe () SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (vToolbarUpdater13.3.2) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (FLCDLOCK) -- c:\Windows\SysWOW64\flcdlock.exe (Hewlett-Packard Company) SRV - (HPFSService) -- c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (License Agent) -- C:\Program Files (x86)\Licensing\License Agent\bin\cla.exe (Siemens AG) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated) DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (DAMDrv) -- C:\Windows\SysNative\drivers\DAMDrv64.sys (Hewlett-Packard Company) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (MfeEpeOpal) -- C:\Windows\SysNative\drivers\MfeEpeOpal.sys (McAfee, Inc.) DRV:64bit: - (MfeEpePc) -- C:\Windows\SysNative\drivers\MfeEpePc.sys (McAfee, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL/133 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPALL/133 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{CDA6B079-7153-4C3A-B1F8-F497EC2912FF}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL/133 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPALL/133 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{CDA6B079-7153-4C3A-B1F8-F497EC2912FF}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL/133 IE - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\..\SearchScopes\{17E24411-BFE7-4301-8311-1A4D36FCD8F9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ARS&o=15084&src=kw&q={searchTerms}&locale=pt_EU&apn_ptnrs=^AG&apn_dtid=^zzz003^YY^PT&apn_uid=61497d81-9f5c-41a9-8bf5-a0383d44d949&apn_sauid=5CC5E53E-F77F-401F-96A4-9225E253AB42 IE - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\..\SearchScopes\{CDA6B079-7153-4C3A-B1F8-F497EC2912FF}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012-04-13 18:40:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-04 15:26:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-04 15:26:32 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009-06-10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard ) O4:64bit: - HKLM..\Run: [Certificate Import] C:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe () O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe () O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard) O4 - HKLM..\Run: [EMET Notifier] C:\Program Files (x86)\EMET\EMET_notifier.exe (Microsoft Corporation) O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found F3:64bit: - HKU\S-1-5-21-901881791-4019397399-1557841388-1001 WinNT: Load - (C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr) - File not found F3 - HKU\S-1-5-21-901881791-4019397399-1557841388-1001 WinNT: Load - (C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr) - File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\..Trusted Domains: millenniumbcp.pt ([corp] https in Trusted sites) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1587117-66AF-479C-BC1F-5A00125E6C76}: DhcpNameServer = 172.16.2.254 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-12-18 15:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS [2012-12-18 11:50:05 | 000,035,192 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe [2012-12-18 11:49:59 | 000,026,488 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll [2012-12-18 11:49:59 | 000,021,880 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll [2012-12-18 11:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp [2012-12-18 11:49:31 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\AVG [2012-12-18 11:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2012-12-18 11:48:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2012-12-17 16:29:22 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Malwarebytes [2012-12-17 16:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-12-17 16:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-12-17 16:29:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-12-17 16:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012-12-17 13:50:47 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\AVG2013 [2012-12-17 13:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012-12-17 13:49:20 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\TuneUp Software [2012-12-17 13:49:08 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012-12-17 13:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012-12-17 13:46:18 | 000,000,000 | -H-D | C] -- C:\$AVG [2012-12-17 13:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012-12-17 13:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012-12-17 13:42:59 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Local\MFAData [2012-12-17 13:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012-12-17 13:42:59 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Local\Avg2013 [2012-12-17 13:03:17 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\QuickScan [2012-12-17 11:42:50 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Obaqpu [2012-12-17 11:42:50 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Faes [2012-12-17 11:35:21 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\Local Settings [2012-12-14 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Wotyn [2012-12-14 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Ufsaox [2012-12-14 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Osqo [2012-12-13 15:59:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012-12-13 15:59:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012-12-13 15:59:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012-12-13 15:59:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012-12-13 15:59:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012-12-13 15:59:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012-12-13 15:59:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012-12-13 15:59:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012-12-13 15:59:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012-12-13 15:59:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012-12-13 15:59:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012-12-13 15:59:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012-12-13 15:59:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012-12-13 15:59:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012-12-13 15:59:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012-12-13 09:19:53 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012-12-13 09:19:52 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012-12-13 09:19:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012-12-13 09:19:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012-12-13 09:19:43 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012-12-13 09:19:42 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012-12-13 09:19:42 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012-12-13 09:19:42 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012-12-13 09:19:42 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012-12-13 09:19:42 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012-12-13 09:19:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012-12-13 09:19:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012-12-13 09:19:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012-12-13 09:19:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012-12-13 09:19:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012-12-13 09:19:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012-12-13 09:19:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012-12-13 09:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012-12-13 09:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012-12-13 09:19:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012-12-13 09:19:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012-12-13 09:19:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012-12-13 09:19:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012-12-13 09:19:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012-12-13 09:19:40 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012-12-13 09:19:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012-12-13 09:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012-12-13 09:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012-12-13 09:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012-12-13 09:19:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012-12-13 09:19:36 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012-12-13 09:19:36 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012-11-30 15:39:52 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\Documents\HP Photosmart Projects [2012-11-27 09:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012-11-27 09:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012-11-26 18:18:46 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012-11-26 18:18:46 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012-11-26 18:12:31 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012-11-26 18:12:30 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012-11-26 18:12:30 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012-11-26 18:12:30 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012-11-26 10:05:24 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012-11-26 10:05:24 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012-11-26 10:05:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012-11-26 10:05:15 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll [2012-11-26 10:05:15 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll [2012-11-26 10:05:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll [2012-11-26 10:05:14 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll [2012-11-26 10:05:13 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe [2012-11-26 10:05:12 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll [2012-11-26 10:05:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll [2012-11-26 10:05:12 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe [2012-11-26 10:05:12 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll [2012-11-26 10:05:12 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll [2012-11-26 10:05:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll [2012-11-26 10:05:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll [2012-11-26 10:05:00 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012-11-26 10:05:00 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012-11-26 10:05:00 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012-11-26 10:04:59 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012-11-26 10:04:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012-11-26 10:04:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012-11-26 10:03:19 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012-11-26 10:03:18 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012-12-18 17:01:38 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-12-18 17:01:38 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-12-18 16:53:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-12-18 16:53:38 | 3205,750,784 | -HS- | M] () -- C:\hiberfil.sys [2012-12-18 15:51:38 | 001,828,926 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-12-18 15:51:38 | 000,791,066 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2012-12-18 15:51:38 | 000,712,538 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-12-18 15:51:38 | 000,174,808 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2012-12-18 15:51:38 | 000,140,974 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-12-18 13:58:20 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJacinta Heidenreich.job [2012-12-18 11:49:43 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2012-12-18 11:49:43 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk [2012-12-18 11:41:52 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif [2012-12-17 16:29:18 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012-12-17 13:49:21 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012-12-17 13:48:58 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012-12-14 10:19:17 | 000,415,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-11-29 11:29:27 | 000,187,767 | ---- | M] () -- C:\Users\Jacinta Heidenreich\Documents\axa.jpg [2012-11-27 09:33:49 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012-11-27 09:33:17 | 000,001,135 | ---- | M] () -- C:\Users\Jacinta Heidenreich\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012-12-18 11:49:43 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2012-12-18 11:49:43 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk [2012-12-18 11:49:39 | 000,002,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk [2012-12-17 16:29:18 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012-12-17 13:49:21 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012-11-29 15:02:39 | 000,187,767 | ---- | C] () -- C:\Users\Jacinta Heidenreich\Documents\axa.jpg [2012-11-26 18:18:49 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012-11-26 18:12:30 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012-06-25 14:44:21 | 000,228,903 | ---- | C] () -- C:\Windows\hpoins19.dat.temp [2012-06-25 14:39:53 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp [2012-06-04 16:22:05 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\U2lcalc750.dll [2012-06-04 16:22:05 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\U2LDIVIS.dll [2012-06-04 16:22:05 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\u2leuro.dll [2012-06-04 16:22:05 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\u2lpri.dll [2012-06-04 16:22:05 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\u2lloc.dll [2012-06-04 16:22:05 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\prilog.dll [2012-06-04 16:22:04 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\U2lcalc.dll [2012-06-04 16:20:59 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\PRINTCHES.dll [2012-06-04 16:20:59 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\cqdecl32.dll [2012-06-04 16:20:54 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\ChartFX.ClientServer.Core.pt.dll [2012-06-04 16:20:54 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\ChartFX.ClientServer.Core.es.dll [2012-06-04 15:59:30 | 000,046,977 | ---- | C] () -- C:\Windows\uninstminilector.exe [2012-06-04 15:22:54 | 000,228,903 | ---- | C] () -- C:\Windows\hpoins19.dat [2012-06-04 15:22:54 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2012-01-23 16:25:18 | 000,055,656 | ---- | C] () -- C:\Windows\SysWow64\pteidlib_dotnet.dll [2012-01-23 16:25:16 | 000,558,432 | ---- | C] () -- C:\Windows\SysWow64\pteiddlgsrv.exe [2012-01-23 16:25:10 | 008,156,504 | ---- | C] () -- C:\Windows\SysWow64\QtGui4.dll [2012-01-23 16:25:08 | 000,164,184 | ---- | C] () -- C:\Windows\SysWow64\pteidlib.dll [2012-01-23 16:24:58 | 000,176,472 | ---- | C] () -- C:\Windows\SysWow64\pteiddlg.dll [2012-01-23 16:24:54 | 000,045,920 | ---- | C] () -- C:\Windows\SysWow64\pteidlibj.dll [2012-01-23 16:24:52 | 000,035,680 | ---- | C] () -- C:\Windows\SysWow64\pteidhttps.dll [2012-01-23 16:24:50 | 002,283,352 | ---- | C] () -- C:\Windows\SysWow64\QtCore4.dll [2011-10-12 22:33:22 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011-09-05 16:57:34 | 000,366,136 | ---- | C] () -- C:\Windows\SysWow64\flcdlmsg.dll [2011-08-24 22:30:30 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPLic.dll.hpsign [2011-08-24 21:55:46 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign [2011-08-24 21:55:46 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign [2011-08-24 21:55:30 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign [2011-08-24 21:53:44 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPSCEL.dll.hpsign [2011-08-24 21:53:44 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign [2011-08-24 21:53:42 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign [2011-08-05 05:16:42 | 000,305,256 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011-02-11 20:29:00 | 001,803,064 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009-07-14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012-10-15 09:49:30 | 000,000,000 | -H-D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\.pteid-ng [2012-12-18 11:49:31 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\AVG [2012-12-17 13:50:47 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\AVG2013 [2012-06-04 14:46:13 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\DigitalPersona [2012-12-17 13:55:36 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Faes [2012-06-05 10:50:42 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Firetrust [2012-12-17 11:43:25 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Obaqpu [2012-12-17 13:50:56 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Osqo [2012-07-13 15:06:50 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\pteid-cache [2012-12-17 13:03:28 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\QuickScan [2012-07-05 15:05:14 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\TeamViewer [2012-12-17 13:49:20 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\TuneUp Software [2012-12-14 17:16:26 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Ufsaox [2012-06-05 14:45:45 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\VEIT-PPL-Euro-2012 [2012-12-17 13:57:42 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Wotyn ========== Purity Check ========== < End of report > |
|
18.12.2012, 19:22
| #5 |
| /// Malware-holic | Trojan Ransom hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
F3:64bit: - HKCU WinNT: Load - (C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr) - File not found
F3 - HKCU WinNT: Load - (C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr) - File not found
O8:64bit: - Extra context menu item: Export to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Export to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. Öffne bitte Malwarebytes, Logdateien, poste weitere Logs, falls vor handen, aber nur die, mit Funden. Öffne AVG poste die Fundmeldungen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.12.2012, 19:33
| #6 |
| | Trojan Ransom Anweisungen befolgt , nach Neustart: All processes killed ========== OTL ========== 64bit-Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr scheduled to be deleted on reboot. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Export to Microsoft Excel\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Export to Microsoft Excel\ not found. ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: All Users User: Default ->Flash cache emptied: 56466 bytes User: Default User ->Flash cache emptied: 0 bytes User: DefaultAppPool ->Flash cache emptied: 56466 bytes User: Jacinta Heidenreich ->Flash cache emptied: 58134 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: DefaultAppPool ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Jacinta Heidenreich ->Temp folder emptied: 108382075 bytes ->Temporary Internet Files folder emptied: 292640588 bytes ->Java cache emptied: 13197016 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16415799 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50529 bytes RecycleBin emptied: 604543873 bytes Total Files Cleaned = 987,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12182012_182621 Files\Folders moved on Reboot... File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Temp1_00014093-DVI-POIGNEE - VVN - BEBE POCHETTE JONC MONOGRAM-01-Dossier Outil_-93837_DVI J0072Z 003 COR-pdf.zip\00014093-DVI-POIGNEE - VVN - BEBE POCHETTE JONC MONOGRAM-01-Dossier Outil-93837_DVI J0072Z 003 COR.pdf not found! File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SXE110ZM\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=2921511275236707[1].js not found! File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SXE110ZM\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=5098543390355654;[1].js not found! File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SXE110ZM\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=7827230535453045;[1].js not found! File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SXE110ZM\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=9959003025216666;[1].js not found! File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\LDEPEFA0\economia_noticias;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=ultimas;tile=3;dcopt=ist;sz=300x 100,300x250,300x600;ord=2042929642799565[1].js not found! File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\LDEPEFA0\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=5018395525313745;[1].js not found! File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\LDEPEFA0\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=7722581732869173;[1].js not found! File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\LDEPEFA0\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=929664275589912;[1].js not found! File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\IT17WLM1\nomia_noticias;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,30 0x250,300x600,300x800;ord=2042929642799565[1].js not found! File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3VG58IKR\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=227309627688962[1].js not found! File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3VG58IKR\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=305421382397357[1].js not found! File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3VG58IKR\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=6732338352584351;[1].js not found! C:\Users\Jacinta Heidenreich\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... 64bit-Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr deleted successfully. |
|
18.12.2012, 19:37
| #7 |
| /// Malware-holic | Trojan Ransom Nicht alle Anweisungen befolgt,lies bitte noch mal oben. Ich wollte alle Malwarebytes Logs mit Funden, und evtl. auch die von AVG, falls es welche gab
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.12.2012, 19:38
| #8 |
| | Trojan Ransom Markus, ich kann´s nicht glauben. Hier das Resultat nach nochmaligem durchkaufen von Malwarebytes: Vielen , Vielen Dank! Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.18.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jacinta Heidenreich :: JACINTA [limitiert] Schutz: Aktiviert 18-12-2012 18:33:24 mbam-log-2012-12-18 (18-33-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 252692 Laufzeit: 3 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) AVG laeuft noch , sende gleich den log. Frage: Ist mein PC denn nun sicher? |
|
18.12.2012, 19:46
| #9 |
| /// Malware-holic | Trojan Ransom ich will keine neuen Logs, ich habe nach alten Logs mit funden gefragt, poste diese bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.12.2012, 19:54
| #10 |
| | Trojan Ransom Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.18.03 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 Jacinta Heidenreich :: JACINTA [Administrator] Schutz: Deaktiviert 18-12-2012 15:40:20 mbam-log-2012-12-18 (15-40-20).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 251416 Laufzeit: 2 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr -> Löschen bei Neustart. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) so und dieser war von gestern: Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.17.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jacinta Heidenreich :: JACINTA [limitiert] Schutz: Aktiviert 17-12-2012 16:30:23 mbam-log-2012-12-17 (16-30-23).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 266222 Laufzeit: 13 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 3 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\System32\regedit.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
18.12.2012, 20:37
| #11 |
| /// Malware-holic | Trojan Ransom Hi sind das alle? was ist mit evtl. vorhandenen Meldungen von AVG?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.12.2012, 21:00
| #12 |
| | Trojan Ransom Markus, habe keine log s mehr gefunden. Wie gesagt ich kein spezialist und habe womoeglich dievlog s geloescht. Dennoch mache ich morgem weiter und werde mochmal mit avg etc den pc ueberpruefen. Melde mich dann. Danke nochmals fur deine hilfe |
|
18.12.2012, 21:04
| #13 |
| /// Malware-holic | Trojan Ransom Du sollst ihn nicht noch mal mit AVG überprüfen, bitte nur angeforderte Scans. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.12.2012, 11:07
| #14 |
| | Trojan Ransom Guten Morgen Markus, es wurden 9 Threats gefunden, schaffe es nicht den log zu posten  09:34:40.0375 2684 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 09:34:40.0687 2684 ============================================================ 09:34:40.0687 2684 Current date / time: 2012/12/19 09:34:40.0687 09:34:40.0687 2684 SystemInfo: 09:34:40.0687 2684 09:34:40.0687 2684 OS Version: 6.1.7601 ServicePack: 1.0 09:34:40.0687 2684 Product type: Workstation 09:34:40.0687 2684 ComputerName: JACINTA 09:34:40.0687 2684 UserName: Jacinta Heidenreich 09:34:40.0687 2684 Windows directory: C:\Windows 09:34:40.0687 2684 System windows directory: C:\Windows 09:34:40.0687 2684 Running under WOW64 09:34:40.0687 2684 Processor architecture: Intel x64 09:34:40.0687 2684 Number of processors: 4 09:34:40.0687 2684 Page size: 0x1000 09:34:40.0687 2684 Boot type: Normal boot 09:34:40.0687 2684 ============================================================ 09:34:41.0248 2684 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 09:34:41.0264 2684 ============================================================ 09:34:41.0264 2684 \Device\Harddisk0\DR0: 09:34:41.0264 2684 MBR partitions: 09:34:41.0264 2684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 09:34:41.0264 2684 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72678000 09:34:41.0264 2684 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x726AA800, BlocksNum 0x205B800 09:34:41.0264 2684 ============================================================ 09:34:41.0404 2684 C: <-> \Device\Harddisk0\DR0\Partition2 09:34:41.0576 2684 D: <-> \Device\Harddisk0\DR0\Partition3 09:34:41.0576 2684 ============================================================ 09:34:41.0576 2684 Initialize success 09:34:41.0576 2684 ============================================================ 09:35:20.0514 6704 ============================================================ 09:35:20.0514 6704 Scan started 09:35:20.0514 6704 Mode: Manual; SigCheck; TDLFS; 09:35:20.0514 6704 ============================================================ 09:35:21.0091 6704 ================ Scan system memory ======================== 09:35:21.0091 6704 System memory - ok 09:35:21.0091 6704 ================ Scan services ============================= 09:35:21.0263 6704 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 09:35:21.0465 6704 1394ohci - ok 09:35:21.0481 6704 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 09:35:21.0497 6704 ACPI - ok 09:35:21.0528 6704 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 09:35:21.0543 6704 AcpiPmi - ok 09:35:21.0637 6704 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 09:35:21.0684 6704 AdobeARMservice - ok 09:35:21.0731 6704 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 09:35:21.0746 6704 adp94xx - ok 09:35:21.0777 6704 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 09:35:21.0793 6704 adpahci - ok 09:35:21.0871 6704 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 09:35:21.0887 6704 adpu320 - ok 09:35:21.0918 6704 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 09:35:21.0949 6704 AeLookupSvc - ok 09:35:22.0058 6704 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters |
|
19.12.2012, 11:25
| #15 |
| | Trojan Ransom 09:35:22.0058 6704 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe 09:35:22.0105 6704 AESTFilters - ok 09:35:22.0323 6704 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 09:35:22.0370 6704 AFD - ok 09:35:22.0401 6704 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 09:35:22.0417 6704 agp440 - ok 09:35:22.0479 6704 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 09:35:22.0542 6704 ALG - ok 09:35:22.0589 6704 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 09:35:22.0604 6704 aliide - ok 09:35:22.0635 6704 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 09:35:22.0651 6704 amdide - ok 09:35:22.0698 6704 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 09:35:22.0713 6704 AmdK8 - ok 09:35:22.0760 6704 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 09:35:22.0838 6704 AmdPPM - ok 09:35:22.0869 6704 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 09:35:22.0885 6704 amdsata - ok 09:35:22.0916 6704 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 09:35:22.0932 6704 amdsbs - ok 09:35:22.0947 6704 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 09:35:22.0963 6704 amdxata - ok 09:35:23.0025 6704 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll 09:35:23.0072 6704 AppHostSvc - ok 09:35:23.0103 6704 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 09:35:23.0150 6704 AppID - ok 09:35:23.0197 6704 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 09:35:23.0228 6704 AppIDSvc - ok 09:35:23.0275 6704 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 09:35:23.0400 6704 Appinfo - ok 09:35:23.0415 6704 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 09:35:23.0447 6704 AppMgmt - ok 09:35:23.0493 6704 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 09:35:23.0493 6704 arc - ok 09:35:23.0525 6704 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 09:35:23.0525 6704 arcsas - ok 09:35:23.0603 6704 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 09:35:23.0681 6704 aspnet_state - ok 09:35:23.0712 6704 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 09:35:23.0759 6704 AsyncMac - ok 09:35:23.0805 6704 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 09:35:23.0805 6704 atapi - ok 09:35:23.0852 6704 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 09:35:23.0899 6704 AudioEndpointBuilder - ok 09:35:23.0899 6704 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 09:35:23.0930 6704 AudioSrv - ok 09:35:24.0102 6704 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe 09:35:24.0180 6704 AVGIDSAgent - ok 09:35:24.0227 6704 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys 09:35:24.0242 6704 AVGIDSDriver - ok 09:35:24.0258 6704 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys 09:35:24.0258 6704 AVGIDSHA - ok 09:35:24.0289 6704 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys 09:35:24.0289 6704 Avgldx64 - ok 09:35:24.0320 6704 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys 09:35:24.0336 6704 Avgloga - ok 09:35:24.0336 6704 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys 09:35:24.0351 6704 Avgmfx64 - ok 09:35:24.0383 6704 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys 09:35:24.0398 6704 Avgrkx64 - ok 09:35:24.0445 6704 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys 09:35:24.0461 6704 Avgtdia - ok 09:35:24.0476 6704 [ EFF8B98EA8A7FF52B8A7FD07FED7C6B6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys 09:35:24.0492 6704 avgtp - ok 09:35:24.0507 6704 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe 09:35:24.0523 6704 avgwd - ok 09:35:24.0585 6704 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 09:35:24.0632 6704 AxInstSV - ok 09:35:24.0679 6704 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 09:35:24.0695 6704 b06bdrv - ok 09:35:24.0726 6704 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 09:35:24.0757 6704 b57nd60a - ok 09:35:24.0804 6704 [ 28A4012E68BC9597BCB9B26B51AAC4B6 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 09:35:24.0819 6704 BBSvc - ok 09:35:24.0866 6704 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 09:35:24.0866 6704 BBUpdate - ok 09:35:24.0929 6704 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 09:35:24.0960 6704 BDESVC - ok 09:35:24.0991 6704 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 09:35:25.0022 6704 Beep - ok 09:35:25.0069 6704 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 09:35:25.0116 6704 BFE - ok 09:35:25.0163 6704 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 09:35:25.0225 6704 BITS - ok 09:35:25.0256 6704 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 09:35:25.0272 6704 blbdrive - ok 09:35:25.0319 6704 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 09:35:25.0334 6704 bowser - ok 09:35:25.0350 6704 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 09:35:25.0381 6704 BrFiltLo - ok 09:35:25.0381 6704 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 09:35:25.0397 6704 BrFiltUp - ok 09:35:25.0443 6704 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 09:35:25.0521 6704 Browser - ok 09:35:25.0537 6704 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 09:35:25.0568 6704 Brserid - ok 09:35:25.0584 6704 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 09:35:25.0631 6704 BrSerWdm - ok 09:35:25.0646 6704 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 09:35:25.0662 6704 BrUsbMdm - ok 09:35:25.0677 6704 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 09:35:25.0677 6704 BrUsbSer - ok 09:35:25.0693 6704 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 09:35:25.0724 6704 BTHMODEM - ok 09:35:25.0787 6704 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 09:35:25.0865 6704 bthserv - ok 09:35:25.0865 6704 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 09:35:25.0896 6704 cdfs - ok 09:35:25.0927 6704 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 09:35:25.0943 6704 cdrom - ok 09:35:25.0974 6704 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 09:35:26.0021 6704 CertPropSvc - ok 09:35:26.0052 6704 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 09:35:26.0052 6704 circlass - ok 09:35:26.0083 6704 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 09:35:26.0083 6704 CLFS - ok 09:35:26.0145 6704 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:35:26.0208 6704 clr_optimization_v2.0.50727_32 - ok 09:35:26.0239 6704 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 09:35:26.0255 6704 clr_optimization_v2.0.50727_64 - ok 09:35:26.0317 6704 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:35:26.0379 6704 clr_optimization_v4.0.30319_32 - ok 09:35:26.0395 6704 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 09:35:26.0411 6704 clr_optimization_v4.0.30319_64 - ok 09:35:26.0426 6704 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 09:35:26.0442 6704 CmBatt - ok 09:35:26.0457 6704 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 09:35:26.0473 6704 cmdide - ok 09:35:26.0504 6704 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 09:35:26.0535 6704 CNG - ok 09:35:26.0551 6704 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 09:35:26.0567 6704 Compbatt - ok 09:35:26.0613 6704 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 09:35:26.0676 6704 CompositeBus - ok 09:35:26.0676 6704 COMSysApp - ok 09:35:26.0707 6704 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 09:35:26.0723 6704 crcdisk - ok 09:35:26.0738 6704 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 09:35:26.0785 6704 CryptSvc - ok 09:35:26.0801 6704 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 09:35:26.0832 6704 CSC - ok 09:35:26.0863 6704 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 09:35:26.0894 6704 CscService - ok 09:35:26.0925 6704 [ B9AAC23BCC9326E5E50D937FECB7DCB5 ] DAMDrv C:\Windows\system32\DRIVERS\DAMDrv64.sys 09:35:26.0925 6704 DAMDrv - ok 09:35:26.0972 6704 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 09:35:27.0035 6704 DcomLaunch - ok 09:35:27.0066 6704 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 09:35:27.0097 6704 defragsvc - ok 09:35:27.0113 6704 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 09:35:27.0144 6704 DfsC - ok 09:35:27.0191 6704 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 09:35:27.0237 6704 Dhcp - ok 09:35:27.0440 6704 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 09:35:27.0503 6704 discache - ok 09:35:27.0581 6704 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 09:35:27.0596 6704 Disk - ok 09:35:27.0674 6704 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 09:35:27.0690 6704 dmvsc - ok 09:35:27.0721 6704 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 09:35:27.0737 6704 Dnscache - ok 09:35:27.0783 6704 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 09:35:27.0830 6704 dot3svc - ok 09:35:27.0893 6704 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 09:35:27.0939 6704 Dot4 - ok 09:35:27.0971 6704 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 09:35:28.0033 6704 Dot4Print - ok 09:35:28.0111 6704 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 09:35:28.0127 6704 dot4usb - ok 09:35:28.0205 6704 [ 0B9134A45E88DCF0657382F277242F62 ] DpHost c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe 09:35:28.0298 6704 DpHost - ok 09:35:28.0314 6704 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 09:35:28.0345 6704 DPS - ok 09:35:28.0376 6704 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 09:35:28.0407 6704 drmkaud - ok 09:35:28.0439 6704 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 09:35:28.0470 6704 DXGKrnl - ok 09:35:28.0501 6704 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 09:35:28.0579 6704 EapHost - ok 09:35:28.0688 6704 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 09:35:28.0751 6704 ebdrv - ok 09:35:28.0797 6704 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 09:35:28.0860 6704 EFS - ok 09:35:28.0985 6704 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 09:35:29.0016 6704 ehRecvr - ok 09:35:29.0047 6704 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 09:35:29.0094 6704 ehSched - ok 09:35:29.0125 6704 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 09:35:29.0156 6704 elxstor - ok 09:35:29.0172 6704 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 09:35:29.0187 6704 ErrDev - ok 09:35:29.0219 6704 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 09:35:29.0265 6704 EventSystem - ok 09:35:29.0281 6704 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 09:35:29.0328 6704 exfat - ok 09:35:29.0343 6704 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 09:35:29.0390 6704 fastfat - ok 09:35:29.0421 6704 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 09:35:29.0437 6704 Fax - ok 09:35:29.0515 6704 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 09:35:29.0531 6704 fdc - ok 09:35:29.0577 6704 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 09:35:29.0624 6704 fdPHost - ok 09:35:29.0671 6704 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 09:35:29.0733 6704 FDResPub - ok 09:35:29.0749 6704 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 09:35:29.0765 6704 FileInfo - ok 09:35:29.0796 6704 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 09:35:29.0858 6704 Filetrace - ok 09:35:29.0936 6704 [ A814979613C50457ED25FD60C872EBBC ] FLCDLOCK c:\Windows\SysWOW64\flcdlock.exe 09:35:29.0967 6704 FLCDLOCK - ok 09:35:29.0983 6704 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 09:35:30.0014 6704 flpydisk - ok 09:35:30.0045 6704 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 09:35:30.0061 6704 FltMgr - ok 09:35:30.0092 6704 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 09:35:30.0170 6704 FontCache - ok 09:35:30.0295 6704 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 09:35:30.0326 6704 FontCache3.0.0.0 - ok 09:35:30.0373 6704 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 09:35:30.0389 6704 FsDepends - ok 09:35:30.0467 6704 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 09:35:30.0482 6704 Fs_Rec - ok 09:35:30.0513 6704 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 09:35:30.0529 6704 fvevol - ok 09:35:30.0545 6704 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 09:35:30.0560 6704 gagp30kx - ok 09:35:30.0685 6704 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 09:35:30.0701 6704 GamesAppService - ok 09:35:30.0763 6704 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 09:35:30.0810 6704 gpsvc - ok 09:35:30.0841 6704 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 09:35:30.0872 6704 hcw85cir - ok 09:35:30.0903 6704 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 09:35:30.0935 6704 HdAudAddService - ok 09:35:30.0950 6704 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 09:35:30.0981 6704 HDAudBus - ok 09:35:30.0997 6704 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 09:35:31.0013 6704 HidBatt - ok 09:35:31.0028 6704 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 09:35:31.0059 6704 HidBth - ok 09:35:31.0075 6704 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 09:35:31.0091 6704 HidIr - ok 09:35:31.0137 6704 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 09:35:31.0215 6704 hidserv - ok 09:35:31.0247 6704 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 09:35:31.0262 6704 HidUsb - ok 09:35:31.0340 6704 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 09:35:31.0418 6704 hkmsvc - ok 09:35:31.0434 6704 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 09:35:31.0449 6704 HomeGroupListener - ok 09:35:31.0496 6704 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 09:35:31.0527 6704 HomeGroupProvider - ok 09:35:31.0590 6704 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 09:35:31.0605 6704 HP Support Assistant Service - ok 09:35:31.0652 6704 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 09:35:31.0683 6704 HPClientSvc - ok 09:35:31.0699 6704 [ 8B22BE650A1A32E9C7E224A9A73672E9 ] HPFSService c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe 09:35:31.0824 6704 HPFSService ( UnsignedFile.Multi.Generic ) - warning 09:35:31.0824 6704 HPFSService - detected UnsignedFile.Multi.Generic (1) 09:35:31.0886 6704 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 09:35:31.0902 6704 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 09:35:31.0902 6704 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 09:35:31.0917 6704 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 09:35:31.0933 6704 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 09:35:31.0933 6704 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 09:35:32.0105 6704 [ BEA91412B280171463864F682A1DB46E ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 09:35:32.0151 6704 hpqwmiex - ok 09:35:32.0245 6704 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 09:35:32.0245 6704 HpSAMD - ok 09:35:32.0573 6704 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 09:35:32.0666 6704 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning 09:35:32.0666 6704 HPSLPSVC - detected UnsignedFile.Multi.Generic (1) 09:35:32.0697 6704 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 09:35:32.0760 6704 HTTP - ok 09:35:32.0775 6704 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 09:35:32.0791 6704 hwpolicy - ok 09:35:32.0822 6704 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 09:35:32.0838 6704 i8042prt - ok 09:35:32.0853 6704 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys 09:35:32.0885 6704 iaStor - ok 09:35:32.0900 6704 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 09:35:32.0916 6704 iaStorV - ok 09:35:33.0103 6704 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 09:35:33.0134 6704 IDriverT ( UnsignedFile.Multi.Generic ) - warning 09:35:33.0134 6704 IDriverT - detected UnsignedFile.Multi.Generic (1) 09:35:33.0212 6704 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 09:35:33.0243 6704 idsvc - ok 09:35:33.0571 6704 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 09:35:33.0696 6704 igfx - ok 09:35:33.0743 6704 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 09:35:33.0774 6704 iirsp - ok 09:35:33.0805 6704 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 09:35:33.0852 6704 IKEEXT - ok 09:35:33.0899 6704 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 09:35:33.0914 6704 intelide - ok 09:35:33.0961 6704 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 09:35:34.0023 6704 intelppm - ok 09:35:34.0055 6704 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 09:35:34.0133 6704 IPBusEnum - ok 09:35:34.0148 6704 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 09:35:34.0179 6704 IpFilterDriver - ok 09:35:34.0211 6704 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 09:35:34.0242 6704 iphlpsvc - ok 09:35:34.0257 6704 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 09:35:34.0273 6704 IPMIDRV - ok 09:35:34.0289 6704 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 09:35:34.0320 6704 IPNAT - ok 09:35:34.0367 6704 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 09:35:34.0398 6704 IRENUM - ok 09:35:34.0445 6704 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 09:35:34.0460 6704 isapnp - ok 09:35:34.0491 6704 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 09:35:34.0507 6704 iScsiPrt - ok 09:35:34.0538 6704 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 09:35:34.0585 6704 jhi_service - ok 09:35:34.0632 6704 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 09:35:34.0647 6704 kbdclass - ok 09:35:34.0725 6704 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 09:35:34.0772 6704 kbdhid - ok 09:35:34.0835 6704 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 09:35:34.0850 6704 KeyIso - ok 09:35:34.0897 6704 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 09:35:34.0928 6704 KSecDD - ok 09:35:34.0959 6704 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 09:35:34.0975 6704 KSecPkg - ok 09:35:35.0006 6704 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 09:35:35.0069 6704 ksthunk - ok 09:35:35.0100 6704 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 09:35:35.0147 6704 KtmRm - ok 09:35:35.0162 6704 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 09:35:35.0209 6704 LanmanServer - ok 09:35:35.0225 6704 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 09:35:35.0256 6704 LanmanWorkstation - ok 09:35:35.0349 6704 [ 5EE0BC76EC1157FB5FB2DD82F27D4313 ] License Agent C:\Program Files (x86)\Licensing\License Agent\bin\cla.exe 09:35:36.0566 6704 License Agent ( UnsignedFile.Multi.Generic ) - warning 09:35:36.0566 6704 License Agent - detected UnsignedFile.Multi.Generic (1) 09:35:36.0613 6704 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 09:35:36.0675 6704 lltdio - ok 09:35:36.0722 6704 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 09:35:36.0769 6704 lltdsvc - ok 09:35:36.0800 6704 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 09:35:36.0878 6704 lmhosts - ok 09:35:36.0909 6704 [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 09:35:36.0909 6704 LMS - ok 09:35:36.0941 6704 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 09:35:36.0956 6704 LSI_FC - ok 09:35:36.0972 6704 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 09:35:36.0987 6704 LSI_SAS - ok 09:35:36.0987 6704 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 09:35:37.0003 6704 LSI_SAS2 - ok 09:35:37.0003 6704 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 09:35:37.0019 6704 LSI_SCSI - ok 09:35:37.0034 6704 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 09:35:37.0065 6704 luafv - ok 09:35:37.0097 6704 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 09:35:37.0097 6704 MBAMProtector - ok 09:35:37.0206 6704 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 09:35:37.0221 6704 MBAMScheduler - ok 09:35:37.0237 6704 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 09:35:37.0253 6704 MBAMService - ok 09:35:37.0315 6704 [ CC80431BDA1DE950260E0B267D5D497F ] McAfee Endpoint Encryption Agent C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe 09:35:37.0580 6704 McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - warning 09:35:37.0580 6704 McAfee Endpoint Encryption Agent - detected UnsignedFile.Multi.Generic (1) 09:35:37.0689 6704 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 09:35:37.0736 6704 Mcx2Svc - ok 09:35:37.0767 6704 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 09:35:37.0783 6704 megasas - ok 09:35:37.0877 6704 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 09:35:37.0892 6704 MegaSR - ok 09:35:37.0923 6704 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys 09:35:37.0939 6704 MEIx64 - ok 09:35:38.0001 6704 [ 7478099ADB87A3E4716FFD6B6E4DB68F ] MfeEpeOpal C:\Windows\system32\drivers\MfeEpeOpal.sys 09:35:38.0048 6704 MfeEpeOpal - ok 09:35:38.0048 6704 [ 534A8C42CB84E626F797D04852F6ED01 ] MfeEpePc C:\Windows\system32\drivers\MfeEpePc.sys 09:35:38.0064 6704 MfeEpePc - ok 09:35:38.0251 6704 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 09:35:38.0267 6704 Microsoft Office Groove Audit Service - ok 09:35:38.0313 6704 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 09:35:38.0407 6704 MMCSS - ok 09:35:38.0423 6704 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 09:35:38.0469 6704 Modem - ok 09:35:38.0516 6704 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 09:35:38.0547 6704 monitor - ok 09:35:38.0594 6704 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 09:35:38.0641 6704 mouclass - ok 09:35:38.0688 6704 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 09:35:38.0750 6704 mouhid - ok 09:35:38.0766 6704 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 09:35:38.0781 6704 mountmgr - ok 09:35:38.0813 6704 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 09:35:38.0828 6704 MpFilter - ok 09:35:38.0844 6704 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 09:35:38.0844 6704 mpio - ok 09:35:38.0891 6704 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 09:35:38.0922 6704 mpsdrv - ok 09:35:38.0953 6704 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 09:35:39.0000 6704 MpsSvc - ok 09:35:39.0031 6704 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 09:35:39.0047 6704 MRxDAV - ok 09:35:39.0062 6704 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 09:35:39.0078 6704 mrxsmb - ok 09:35:39.0109 6704 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 09:35:39.0125 6704 mrxsmb10 - ok 09:35:39.0125 6704 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 09:35:39.0140 6704 mrxsmb20 - ok 09:35:39.0156 6704 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 09:35:39.0156 6704 msahci - ok 09:35:39.0171 6704 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 09:35:39.0187 6704 msdsm - ok 09:35:39.0249 6704 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 09:35:39.0296 6704 MSDTC - ok 09:35:39.0327 6704 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 09:35:39.0374 6704 Msfs - ok 09:35:39.0421 6704 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 09:35:39.0452 6704 mshidkmdf - ok 09:35:39.0483 6704 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 09:35:39.0499 6704 msisadrv - ok 09:35:39.0530 6704 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 09:35:39.0577 6704 MSiSCSI - ok 09:35:39.0577 6704 msiserver - ok 09:35:39.0608 6704 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 09:35:39.0639 6704 MSKSSRV - ok 09:35:39.0686 6704 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 09:35:39.0702 6704 MsMpSvc - ok 09:35:39.0702 6704 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 09:35:39.0749 6704 MSPCLOCK - ok 09:35:39.0764 6704 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 09:35:39.0795 6704 MSPQM - ok 09:35:39.0811 6704 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 09:35:39.0827 6704 MsRPC - ok 09:35:39.0858 6704 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 09:35:39.0858 6704 mssmbios - ok 09:35:39.0873 6704 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 09:35:39.0905 6704 MSTEE - ok 09:35:39.0920 6704 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 09:35:39.0936 6704 MTConfig - ok 09:35:39.0951 6704 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 09:35:39.0951 6704 Mup - ok 09:35:39.0983 6704 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 09:35:40.0014 6704 napagent - ok 09:35:40.0045 6704 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 09:35:40.0076 6704 NativeWifiP - ok 09:35:40.0123 6704 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 09:35:40.0154 6704 NDIS - ok 09:35:40.0170 6704 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 09:35:40.0185 6704 NdisCap - ok 09:35:40.0217 6704 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 09:35:40.0263 6704 NdisTapi - ok 09:35:40.0263 6704 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 09:35:40.0295 6704 Ndisuio - ok 09:35:40.0310 6704 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 09:35:40.0341 6704 NdisWan - ok 09:35:40.0388 6704 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 09:35:40.0419 6704 NDProxy - ok 09:35:40.0482 6704 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 09:35:40.0529 6704 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 09:35:40.0529 6704 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 09:35:40.0544 6704 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 09:35:40.0575 6704 NetBIOS - ok 09:35:40.0591 6704 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 09:35:40.0622 6704 NetBT - ok 09:35:40.0669 6704 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 09:35:40.0669 6704 Netlogon - ok 09:35:40.0731 6704 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 09:35:40.0809 6704 Netman - ok 09:35:40.0856 6704 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 09:35:40.0872 6704 NetMsmqActivator - ok 09:35:40.0887 6704 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 09:35:40.0887 6704 NetPipeActivator - ok 09:35:40.0903 6704 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 09:35:40.0950 6704 netprofm - ok 09:35:40.0950 6704 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 09:35:40.0950 6704 NetTcpActivator - ok 09:35:40.0950 6704 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 09:35:40.0965 6704 NetTcpPortSharing - ok 09:35:40.0981 6704 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 09:35:40.0997 6704 nfrd960 - ok 09:35:41.0028 6704 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 09:35:41.0028 6704 NisDrv - ok 09:35:41.0059 6704 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 09:35:41.0075 6704 NisSrv - ok 09:35:41.0106 6704 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 09:35:41.0137 6704 NlaSvc - ok 09:35:41.0153 6704 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 09:35:41.0199 6704 Npfs - ok 09:35:41.0246 6704 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 09:35:41.0293 6704 nsi - ok 09:35:41.0309 6704 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 09:35:41.0340 6704 nsiproxy - ok 09:35:41.0387 6704 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 09:35:41.0418 6704 Ntfs - ok 09:35:41.0433 6704 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 09:35:41.0465 6704 Null - ok 09:35:41.0496 6704 [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 09:35:41.0511 6704 NVHDA - ok 09:35:41.0777 6704 [ CD90D63B7161CE9F5A3066F320999AB8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 09:35:42.0057 6704 nvlddmkm - ok 09:35:42.0089 6704 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 09:35:42.0089 6704 nvraid - ok 09:35:42.0135 6704 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 09:35:42.0135 6704 nvstor - ok 09:35:42.0167 6704 [ B014B7050A2BEAE115BFCB3A91803D73 ] nvsvc C:\Windows\system32\nvvsvc.exe 09:35:42.0198 6704 nvsvc - ok 09:35:42.0276 6704 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 09:35:42.0276 6704 nv_agp - ok 09:35:42.0416 6704 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 09:35:42.0463 6704 odserv - ok 09:35:42.0479 6704 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 09:35:42.0494 6704 ohci1394 - ok 09:35:42.0525 6704 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 09:35:42.0541 6704 ose - ok 09:35:42.0572 6704 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 09:35:42.0588 6704 p2pimsvc - ok 09:35:42.0666 6704 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 09:35:42.0681 6704 p2psvc - ok 09:35:42.0728 6704 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 09:35:42.0744 6704 Parport - ok 09:35:42.0775 6704 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 09:35:42.0822 6704 partmgr - ok 09:35:42.0915 6704 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 09:35:42.0947 6704 PcaSvc - ok 09:35:42.0962 6704 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 09:35:42.0962 6704 pci - ok 09:35:42.0993 6704 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 09:35:42.0993 6704 pciide - ok 09:35:43.0025 6704 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 09:35:43.0040 6704 pcmcia - ok 09:35:43.0040 6704 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 09:35:43.0056 6704 pcw - ok 09:35:43.0087 6704 pdfcDispatcher - ok 09:35:43.0103 6704 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 09:35:43.0134 6704 PEAUTH - ok 09:35:43.0165 6704 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 09:35:43.0196 6704 PeerDistSvc - ok 09:35:43.0305 6704 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 09:35:43.0337 6704 PerfHost - ok 09:35:43.0383 6704 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 09:35:43.0430 6704 pla - ok 09:35:43.0477 6704 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 09:35:43.0508 6704 PlugPlay - ok 09:35:43.0555 6704 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 09:35:43.0617 6704 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 09:35:43.0617 6704 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 09:35:43.0633 6704 [ 0BEE791C7C7ACE453C134E73633C497D ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys 09:35:43.0680 6704 pmxdrv - ok 09:35:43.0727 6704 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 09:35:43.0789 6704 PNRPAutoReg - ok 09:35:43.0820 6704 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 09:35:43.0836 6704 PNRPsvc - ok 09:35:43.0867 6704 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 09:35:43.0929 6704 PolicyAgent - ok 09:35:43.0961 6704 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 09:35:43.0992 6704 Power - ok 09:35:44.0023 6704 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 09:35:44.0101 6704 PptpMiniport - ok 09:35:44.0132 6704 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 09:35:44.0148 6704 Processor - ok 09:35:44.0179 6704 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 09:35:44.0195 6704 ProfSvc - ok 09:35:44.0241 6704 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 09:35:44.0241 6704 ProtectedStorage - ok 09:35:44.0288 6704 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 09:35:44.0335 6704 Psched - ok 09:35:44.0382 6704 QDrive - ok 09:35:44.0491 6704 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 09:35:44.0522 6704 ql2300 - ok 09:35:44.0553 6704 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 09:35:44.0553 6704 ql40xx - ok 09:35:44.0600 6704 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 09:35:44.0616 6704 QWAVE - ok 09:35:44.0663 6704 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 09:35:44.0725 6704 QWAVEdrv - ok 09:35:44.0725 6704 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 09:35:44.0772 6704 RasAcd - ok 09:35:44.0803 6704 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 09:35:44.0881 6704 RasAgileVpn - ok 09:35:44.0928 6704 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 09:35:45.0006 6704 RasAuto - ok 09:35:45.0021 6704 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 09:35:45.0053 6704 Rasl2tp - ok 09:35:45.0115 6704 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 09:35:45.0162 6704 RasMan - ok 09:35:45.0193 6704 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 09:35:45.0271 6704 RasPppoe - ok 09:35:45.0302 6704 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 09:35:45.0396 6704 RasSstp - ok 09:35:45.0411 6704 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 09:35:45.0443 6704 rdbss - ok 09:35:45.0474 6704 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 09:35:45.0536 6704 rdpbus - ok 09:35:45.0552 6704 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 09:35:45.0599 6704 RDPCDD - ok 09:35:45.0630 6704 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 09:35:45.0645 6704 RDPDR - ok 09:35:45.0645 6704 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 09:35:45.0677 6704 RDPENCDD - ok 09:35:45.0692 6704 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 09:35:45.0708 6704 RDPREFMP - ok 09:35:45.0755 6704 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 09:35:45.0786 6704 RDPWD - ok 09:35:45.0801 6704 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 09:35:45.0801 6704 rdyboost - ok 09:35:45.0817 6704 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 09:35:45.0848 6704 RemoteAccess - ok 09:35:45.0879 6704 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 09:35:45.0926 6704 RemoteRegistry - ok 09:35:45.0957 6704 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 09:35:46.0035 6704 RpcEptMapper - ok 09:35:46.0082 6704 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 09:35:46.0098 6704 RpcLocator - ok 09:35:46.0176 6704 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 09:35:46.0223 6704 RpcSs - ok 09:35:46.0269 6704 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 09:35:46.0316 6704 rspndr - ok 09:35:46.0347 6704 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 09:35:46.0363 6704 RTL8167 - ok 09:35:46.0379 6704 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 09:35:46.0425 6704 s3cap - ok 09:35:46.0457 6704 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 09:35:46.0472 6704 SamSs - ok 09:35:46.0503 6704 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 09:35:46.0519 6704 sbp2port - ok 09:35:46.0535 6704 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 09:35:46.0597 6704 SCardSvr - ok 09:35:46.0644 6704 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 09:35:46.0722 6704 scfilter - ok 09:35:46.0753 6704 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 09:35:46.0831 6704 Schedule - ok 09:35:46.0862 6704 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 09:35:46.0878 6704 SCPolicySvc - ok 09:35:46.0893 6704 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 09:35:46.0909 6704 SDRSVC - ok 09:35:46.0956 6704 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 09:35:47.0034 6704 secdrv - ok 09:35:47.0081 6704 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 09:35:47.0127 6704 seclogon - ok 09:35:47.0127 6704 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 09:35:47.0221 6704 SENS - ok 09:35:47.0221 6704 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 09:35:47.0237 6704 SensrSvc - ok 09:35:47.0268 6704 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 09:35:47.0283 6704 Serenum - ok 09:35:47.0283 6704 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 09:35:47.0299 6704 Serial - ok 09:35:47.0330 6704 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 09:35:47.0346 6704 sermouse - ok 09:35:47.0361 6704 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 09:35:47.0408 6704 SessionEnv - ok 09:35:47.0424 6704 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 09:35:47.0455 6704 sffdisk - ok 09:35:47.0471 6704 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 09:35:47.0486 6704 sffp_mmc - ok 09:35:47.0486 6704 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 09:35:47.0502 6704 sffp_sd - ok 09:35:47.0502 6704 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 09:35:47.0533 6704 sfloppy - ok 09:35:47.0549 6704 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 09:35:47.0580 6704 SharedAccess - ok 09:35:47.0689 6704 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 09:35:47.0751 6704 ShellHWDetection - ok 09:35:47.0767 6704 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 09:35:47.0783 6704 SiSRaid2 - ok 09:35:47.0814 6704 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 09:35:47.0814 6704 SiSRaid4 - ok 09:35:47.0985 6704 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 09:35:48.0048 6704 Skype C2C Service - ok 09:35:48.0173 6704 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 09:35:48.0219 6704 SkypeUpdate - ok 09:35:48.0251 6704 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 09:35:48.0266 6704 Smb - ok 09:35:48.0360 6704 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 09:35:48.0422 6704 SNMPTRAP - ok 09:35:48.0422 6704 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 09:35:48.0438 6704 spldr - ok 09:35:48.0469 6704 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 09:35:48.0500 6704 Spooler - ok 09:35:48.0750 6704 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 09:35:48.0890 6704 sppsvc - ok 09:35:48.0921 6704 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 09:35:48.0968 6704 sppuinotify - ok 09:35:48.0984 6704 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 09:35:49.0015 6704 srv - ok 09:35:49.0031 6704 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 09:35:49.0046 6704 srv2 - ok 09:35:49.0046 6704 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 09:35:49.0062 6704 srvnet - ok 09:35:49.0093 6704 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 09:35:49.0140 6704 SSDPSRV - ok 09:35:49.0155 6704 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 09:35:49.0187 6704 SstpSvc - ok 09:35:49.0280 6704 [ E942412186178B1331F8335E30FA076F ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe 09:35:49.0358 6704 STacSV - ok 09:35:49.0389 6704 [ 218D527116A4DC9EBAE3B1832DA01C54 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 09:35:49.0389 6704 Stereo Service - ok 09:35:49.0405 6704 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 09:35:49.0421 6704 stexstor - ok 09:35:49.0436 6704 [ DCC8845692DEA3477BCF6CE9D06C711F ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 09:35:49.0452 6704 STHDA - ok 09:35:49.0514 6704 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 09:35:49.0561 6704 stisvc - ok 09:35:49.0592 6704 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 09:35:49.0592 6704 storflt - ok 09:35:49.0623 6704 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 09:35:49.0686 6704 StorSvc - ok 09:35:49.0733 6704 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 09:35:49.0748 6704 storvsc - ok 09:35:49.0795 6704 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 09:35:49.0842 6704 swenum - ok 09:35:49.0842 6704 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 09:35:49.0889 6704 swprv - ok 09:35:49.0935 6704 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 09:35:49.0967 6704 SysMain - ok 09:35:50.0029 6704 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 09:35:50.0076 6704 TabletInputService - ok 09:35:50.0091 6704 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 09:35:50.0138 6704 TapiSrv - ok 09:35:50.0169 6704 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 09:35:50.0232 6704 TBS - ok 09:35:50.0279 6704 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 09:35:50.0325 6704 Tcpip - ok 09:35:50.0357 6704 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 09:35:50.0388 6704 TCPIP6 - ok 09:35:50.0435 6704 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 09:35:50.0466 6704 tcpipreg - ok 09:35:50.0513 6704 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 09:35:50.0559 6704 TDPIPE - ok 09:35:50.0591 6704 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 09:35:50.0653 6704 TDTCP - ok 09:35:50.0669 6704 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 09:35:50.0684 6704 tdx - ok 09:35:50.0700 6704 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 09:35:50.0700 6704 TermDD - ok 09:35:50.0731 6704 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 09:35:50.0778 6704 TermService - ok 09:35:50.0809 6704 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 09:35:50.0856 6704 Themes - ok 09:35:50.0903 6704 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 09:35:50.0949 6704 THREADORDER - ok 09:35:50.0996 6704 [ DA632FAE7B5629032B2C24E1BE29168B ] tihub3 C:\Windows\system32\drivers\tihub3.sys 09:35:51.0012 6704 tihub3 - ok 09:35:51.0074 6704 [ E2083499BD967396B3449C56EC8CFA70 ] tixhci C:\Windows\system32\drivers\tixhci.sys 09:35:51.0090 6704 tixhci - ok 09:35:51.0121 6704 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 09:35:51.0152 6704 TrkWks - ok 09:35:51.0261 6704 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 09:35:51.0324 6704 TrustedInstaller - ok 09:35:51.0355 6704 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 09:35:51.0449 6704 tssecsrv - ok 09:35:51.0495 6704 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 09:35:51.0511 6704 TsUsbFlt - ok 09:35:51.0527 6704 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 09:35:51.0542 6704 TsUsbGD - ok 09:35:51.0948 6704 [ DD296C78B0D2C3F5E42DC0D2972CD992 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe 09:35:51.0995 6704 TuneUp.UtilitiesSvc - ok 09:35:52.0026 6704 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys 09:35:52.0026 6704 TuneUpUtilitiesDrv - ok 09:35:52.0057 6704 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 09:35:52.0104 6704 tunnel - ok 09:35:52.0119 6704 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 09:35:52.0119 6704 uagp35 - ok 09:35:52.0166 6704 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 09:35:52.0197 6704 udfs - ok 09:35:52.0244 6704 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 09:35:52.0291 6704 UI0Detect - ok 09:35:52.0322 6704 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 09:35:52.0338 6704 uliagpkx - ok 09:35:52.0369 6704 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 09:35:52.0416 6704 umbus - ok 09:35:52.0431 6704 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 09:35:52.0463 6704 UmPass - ok 09:35:52.0478 6704 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 09:35:52.0509 6704 UmRdpService - ok 09:35:52.0759 6704 [ DB641944F7E4B14C13C3FEFC89843F69 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 09:35:52.0806 6704 UNS - ok 09:35:52.0853 6704 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 09:35:52.0884 6704 upnphost - ok 09:35:52.0931 6704 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 09:35:52.0962 6704 usbaudio - ok 09:35:52.0993 6704 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 09:35:53.0009 6704 usbccgp - ok 09:35:53.0040 6704 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 09:35:53.0055 6704 usbcir - ok 09:35:53.0087 6704 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 09:35:53.0133 6704 usbehci - ok 09:35:53.0165 6704 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys 09:35:53.0196 6704 usbhub - ok 09:35:53.0211 6704 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 09:35:53.0227 6704 usbohci - ok 09:35:53.0258 6704 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 09:35:53.0274 6704 usbprint - ok 09:35:53.0289 6704 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 09:35:53.0305 6704 usbscan - ok 09:35:53.0321 6704 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 09:35:53.0352 6704 USBSTOR - ok 09:35:53.0430 6704 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 09:35:53.0461 6704 usbuhci - ok 09:35:53.0508 6704 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 09:35:53.0586 6704 UxSms - ok 09:35:53.0617 6704 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 09:35:53.0633 6704 VaultSvc - ok 09:35:53.0742 6704 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 09:35:53.0757 6704 vdrvroot - ok 09:35:53.0867 6704 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 09:35:53.0913 6704 vds - ok 09:35:53.0929 6704 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 09:35:53.0945 6704 vga - ok 09:35:53.0960 6704 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 09:35:53.0991 6704 VgaSave - ok 09:35:54.0007 6704 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 09:35:54.0023 6704 vhdmp - ok 09:35:54.0054 6704 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 09:35:54.0054 6704 viaide - ok 09:35:54.0069 6704 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 09:35:54.0085 6704 vmbus - ok 09:35:54.0101 6704 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 09:35:54.0116 6704 VMBusHID - ok 09:35:54.0116 6704 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 09:35:54.0116 6704 volmgr - ok 09:35:54.0132 6704 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 09:35:54.0132 6704 volmgrx - ok 09:35:54.0147 6704 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys 09:35:54.0163 6704 volsnap - ok 09:35:54.0179 6704 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 09:35:54.0179 6704 vsmraid - ok 09:35:54.0225 6704 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 09:35:54.0303 6704 VSS - ok 09:35:54.0428 6704 [ EF11725916A69DFAF82AB26EC219F088 ] vToolbarUpdater13.3.2 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe 09:35:54.0459 6704 vToolbarUpdater13.3.2 - ok 09:35:54.0506 6704 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 09:35:54.0569 6704 vwifibus - ok 09:35:54.0647 6704 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 09:35:54.0678 6704 W32Time - ok 09:35:54.0771 6704 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll 09:35:54.0803 6704 W3SVC - ok 09:35:54.0834 6704 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 09:35:54.0849 6704 WacomPen - ok 09:35:54.0881 6704 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 09:35:54.0927 6704 WANARP - ok 09:35:54.0927 6704 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 09:35:54.0959 6704 Wanarpv6 - ok 09:35:54.0974 6704 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll 09:35:54.0990 6704 WAS - ok 09:35:55.0068 6704 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 09:35:55.0115 6704 WatAdminSvc - ok 09:35:55.0208 6704 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 09:35:55.0255 6704 wbengine - ok 09:35:55.0302 6704 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 09:35:55.0317 6704 WbioSrvc - ok 09:35:55.0364 6704 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 09:35:55.0395 6704 wcncsvc - ok 09:35:55.0427 6704 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 09:35:55.0442 6704 WcsPlugInService - ok 09:35:55.0505 6704 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 09:35:55.0520 6704 Wd - ok 09:35:55.0567 6704 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 09:35:55.0583 6704 Wdf01000 - ok 09:35:55.0645 6704 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 09:35:55.0739 6704 WdiServiceHost - ok 09:35:55.0739 6704 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 09:35:55.0754 6704 WdiSystemHost - ok 09:35:55.0770 6704 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 09:35:55.0817 6704 WebClient - ok 09:35:55.0832 6704 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 09:35:55.0863 6704 Wecsvc - ok 09:35:55.0895 6704 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 09:35:55.0941 6704 wercplsupport - ok 09:35:56.0004 6704 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 09:35:56.0066 6704 WerSvc - ok 09:35:56.0097 6704 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 09:35:56.0113 6704 WfpLwf - ok 09:35:56.0144 6704 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 09:35:56.0144 6704 WIMMount - ok 09:35:56.0191 6704 WinDefend - ok 09:35:56.0191 6704 WinHttpAutoProxySvc - ok 09:35:56.0316 6704 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 09:35:56.0394 6704 Winmgmt - ok 09:35:56.0441 6704 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 09:35:56.0487 6704 WinRM - ok 09:35:56.0550 6704 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 09:35:56.0565 6704 WinUsb - ok 09:35:56.0597 6704 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 09:35:56.0628 6704 Wlansvc - ok 09:35:56.0706 6704 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 09:35:56.0753 6704 WmiAcpi - ok 09:35:56.0799 6704 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 09:35:56.0831 6704 wmiApSrv - ok 09:35:56.0893 6704 WMPNetworkSvc - ok 09:35:56.0971 6704 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 09:35:56.0987 6704 WPCSvc - ok 09:35:57.0033 6704 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 09:35:57.0065 6704 WPDBusEnum - ok 09:35:57.0111 6704 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 09:35:57.0158 6704 ws2ifsl - ok 09:35:57.0205 6704 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 09:35:57.0236 6704 wscsvc - ok 09:35:57.0236 6704 WSearch - ok 09:35:57.0299 6704 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 09:35:57.0345 6704 wuauserv - ok 09:35:57.0377 6704 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 09:35:57.0392 6704 WudfPf - ok 09:35:57.0486 6704 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 09:35:57.0564 6704 WUDFRd - ok 09:35:57.0611 6704 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 09:35:57.0657 6704 wudfsvc - ok 09:35:57.0689 6704 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 09:35:57.0720 6704 WwanSvc - ok 09:35:57.0751 6704 ================ Scan global =============================== 09:35:57.0813 6704 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 09:35:57.0845 6704 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 09:35:57.0860 6704 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 09:35:57.0923 6704 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 09:35:57.0985 6704 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 09:35:58.0016 6704 [Global] - ok 09:35:58.0016 6704 ================ Scan MBR ================================== 09:35:58.0016 6704 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 09:35:58.0734 6704 \Device\Harddisk0\DR0 - ok 09:35:58.0734 6704 ================ Scan VBR ================================== 09:35:58.0781 6704 [ F3AC84F83B92B260B8D6BCA095888F04 ] \Device\Harddisk0\DR0\Partition1 09:35:58.0781 6704 \Device\Harddisk0\DR0\Partition1 - ok 09:35:58.0812 6704 [ F8CD18AAFBB4EF76DC2A345ADF64B58B ] \Device\Harddisk0\DR0\Partition2 09:35:58.0812 6704 \Device\Harddisk0\DR0\Partition2 - ok 09:35:58.0843 6704 [ EB2A03E25EFF45670B0A309DB4DDA91E ] \Device\Harddisk0\DR0\Partition3 09:35:58.0843 6704 \Device\Harddisk0\DR0\Partition3 - ok 09:35:58.0843 6704 ============================================================ 09:35:58.0843 6704 Scan finished 09:35:58.0843 6704 ============================================================ 09:35:58.0859 6064 Detected object count: 9 09:35:58.0859 6064 Actual detected object count: 9 09:36:47.0344 6064 HPFSService ( UnsignedFile.Multi.Generic ) - skipped by user 09:36:47.0344 6064 HPFSService ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:36:47.0344 6064 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 09:36:47.0344 6064 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:36:47.0344 6064 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 09:36:47.0344 6064 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:36:47.0344 6064 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user 09:36:47.0344 6064 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:36:47.0359 6064 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 09:36:47.0359 6064 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:36:47.0359 6064 License Agent ( UnsignedFile.Multi.Generic ) - skipped by user 09:36:47.0359 6064 License Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:36:47.0359 6064 McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - skipped by user 09:36:47.0359 6064 McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:36:47.0359 6064 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 09:36:47.0359 6064 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:36:47.0359 6064 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 09:36:47.0359 6064 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:41:58.0757 3488 ============================================================ 09:41:58.0757 3488 Scan started 09:41:58.0757 3488 Mode: Manual; SigCheck; TDLFS; 09:41:58.0757 3488 ============================================================ 09:41:59.0162 3488 ================ Scan system memory ======================== 09:41:59.0162 3488 System memory - ok 09:41:59.0162 3488 ================ Scan services ============================= 09:41:59.0287 3488 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 09:41:59.0318 3488 1394ohci - ok 09:41:59.0334 3488 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 09:41:59.0334 3488 ACPI - ok 09:41:59.0350 3488 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 09:41:59.0365 3488 AcpiPmi - ok 09:41:59.0428 3488 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 09:41:59.0428 3488 AdobeARMservice - ok 09:41:59.0474 3488 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 09:41:59.0490 3488 adp94xx - ok 09:41:59.0521 3488 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 09:41:59.0537 3488 adpahci - ok 09:41:59.0568 3488 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 09:41:59.0568 3488 adpu320 - ok 09:41:59.0599 3488 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 09:41:59.0630 3488 AeLookupSvc - ok 09:41:59.0708 3488 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe 09:41:59.0724 3488 AESTFilters - ok 09:41:59.0755 3488 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 09:41:59.0771 3488 AFD - ok 09:41:59.0786 3488 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 09:41:59.0802 3488 agp440 - ok 09:41:59.0833 3488 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 09:41:59.0833 3488 ALG - ok 09:41:59.0880 3488 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 09:41:59.0880 3488 aliide - ok 09:41:59.0896 3488 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 09:41:59.0896 3488 amdide - ok 09:41:59.0911 3488 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 09:41:59.0927 3488 AmdK8 - ok 09:41:59.0942 3488 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 09:41:59.0958 3488 AmdPPM - ok 09:41:59.0974 3488 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 09:41:59.0989 3488 amdsata - ok 09:42:00.0020 3488 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 09:42:00.0036 3488 amdsbs - ok 09:42:00.0067 3488 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 09:42:00.0083 3488 amdxata - ok 09:42:00.0161 3488 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll 09:42:00.0176 3488 AppHostSvc - ok 09:42:00.0223 3488 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 09:42:00.0270 3488 AppID - ok 09:42:00.0317 3488 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 09:42:00.0348 3488 AppIDSvc - ok 09:42:00.0348 3488 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 09:42:00.0379 3488 Appinfo - ok 09:42:00.0410 3488 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 09:42:00.0426 3488 AppMgmt - ok 09:42:00.0442 3488 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 09:42:00.0457 3488 arc - ok 09:42:00.0473 3488 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 09:42:00.0488 3488 arcsas - ok 09:42:00.0551 3488 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 09:42:00.0566 3488 aspnet_state - ok 09:42:00.0598 3488 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 09:42:00.0644 3488 AsyncMac - ok 09:42:00.0644 3488 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 09:42:00.0660 3488 atapi - ok 09:42:00.0676 3488 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 09:42:00.0707 3488 AudioEndpointBuilder - ok 09:42:00.0722 3488 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 09:42:00.0738 3488 AudioSrv - ok 09:42:00.0847 3488 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe 09:42:00.0925 3488 AVGIDSAgent - ok 09:42:00.0941 3488 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys 09:42:00.0956 3488 AVGIDSDriver - ok 09:42:00.0972 3488 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys 09:42:00.0972 3488 AVGIDSHA - ok 09:42:01.0003 3488 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys 09:42:01.0003 3488 Avgldx64 - ok 09:42:01.0003 3488 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys 09:42:01.0019 3488 Avgloga - ok 09:42:01.0019 3488 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys 09:42:01.0034 3488 Avgmfx64 - ok 09:42:01.0066 3488 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys 09:42:01.0066 3488 Avgrkx64 - ok 09:42:01.0112 3488 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys 09:42:01.0112 3488 Avgtdia - ok 09:42:01.0144 3488 [ EFF8B98EA8A7FF52B8A7FD07FED7C6B6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys 09:42:01.0159 3488 avgtp - ok 09:42:01.0175 3488 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe 09:42:01.0190 3488 avgwd - ok 09:42:01.0222 3488 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 09:42:01.0237 3488 AxInstSV - ok 09:42:01.0284 3488 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 09:42:01.0315 3488 b06bdrv - ok 09:42:01.0331 3488 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 09:42:01.0346 3488 b57nd60a - ok 09:42:01.0362 3488 [ 28A4012E68BC9597BCB9B26B51AAC4B6 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 09:42:01.0378 3488 BBSvc - ok 09:42:01.0393 3488 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 09:42:01.0409 3488 BBUpdate - ok 09:42:01.0456 3488 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 09:42:01.0502 3488 BDESVC - ok 09:42:01.0502 3488 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 09:42:01.0534 3488 Beep - ok 09:42:01.0549 3488 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 09:42:01.0565 3488 BFE - ok 09:42:01.0596 3488 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 09:42:01.0627 3488 BITS - ok 09:42:01.0627 3488 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 09:42:01.0643 3488 blbdrive - ok 09:42:01.0674 3488 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 09:42:01.0690 3488 bowser - ok 09:42:01.0705 3488 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 09:42:01.0721 3488 BrFiltLo - ok 09:42:01.0736 3488 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 09:42:01.0736 3488 BrFiltUp - ok 09:42:01.0783 3488 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 09:42:01.0814 3488 Browser - ok 09:42:01.0846 3488 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 09:42:01.0861 3488 Brserid - ok 09:42:01.0861 3488 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 09:42:01.0877 3488 BrSerWdm - ok 09:42:01.0892 3488 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 09:42:01.0908 3488 BrUsbMdm - ok 09:42:01.0924 3488 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 09:42:01.0924 3488 BrUsbSer - ok 09:42:01.0939 3488 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 09:42:01.0955 3488 BTHMODEM - ok 09:42:02.0017 3488 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 09:42:02.0064 3488 bthserv - ok 09:42:02.0095 3488 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 09:42:02.0126 3488 cdfs - ok 09:42:02.0142 3488 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 09:42:02.0158 3488 cdrom - ok 09:42:02.0158 3488 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 09:42:02.0189 3488 CertPropSvc - ok 09:42:02.0189 3488 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 09:42:02.0204 3488 circlass - ok 09:42:02.0220 3488 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 09:42:02.0236 3488 CLFS - ok 09:42:02.0282 3488 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:42:02.0298 3488 clr_optimization_v2.0.50727_32 - ok 09:42:02.0376 3488 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 09:42:02.0392 3488 clr_optimization_v2.0.50727_64 - ok 09:42:02.0438 3488 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:42:02.0454 3488 clr_optimization_v4.0.30319_32 - ok 09:42:02.0470 3488 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 09:42:02.0485 3488 clr_optimization_v4.0.30319_64 - ok 09:42:02.0501 3488 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 09:42:02.0501 3488 CmBatt - ok 09:42:02.0516 3488 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 09:42:02.0532 3488 cmdide - ok 09:42:02.0548 3488 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 09:42:02.0563 3488 CNG - ok 09:42:02.0579 3488 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 09:42:02.0594 3488 Compbatt - ok 09:42:02.0641 3488 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 09:42:02.0657 3488 CompositeBus - ok 09:42:02.0657 3488 COMSysApp - ok 09:42:02.0704 3488 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 09:42:02.0719 3488 crcdisk - ok 09:42:02.0735 3488 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 09:42:02.0750 3488 CryptSvc - ok 09:42:02.0782 3488 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 09:42:02.0797 3488 CSC - ok 09:42:02.0875 3488 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 09:42:02.0891 3488 CscService - ok 09:42:02.0906 3488 [ B9AAC23BCC9326E5E50D937FECB7DCB5 ] DAMDrv C:\Windows\system32\DRIVERS\DAMDrv64.sys 09:42:02.0906 3488 DAMDrv - ok 09:42:02.0938 3488 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 09:42:02.0969 3488 DcomLaunch - ok 09:42:02.0984 3488 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 09:42:03.0000 3488 defragsvc - ok 09:42:03.0031 3488 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 09:42:03.0047 3488 DfsC - ok 09:42:03.0078 3488 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 09:42:03.0094 3488 Dhcp - ok 09:42:03.0109 3488 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 09:42:03.0125 3488 discache - ok 09:42:03.0125 3488 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 09:42:03.0140 3488 Disk - ok 09:42:03.0156 3488 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 09:42:03.0172 3488 dmvsc - ok 09:42:03.0187 3488 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 09:42:03.0203 3488 Dnscache - ok 09:42:03.0218 3488 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 09:42:03.0250 3488 dot3svc - ok 09:42:03.0265 3488 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 09:42:03.0281 3488 Dot4 - ok 09:42:03.0296 3488 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 09:42:03.0296 3488 Dot4Print - ok 09:42:03.0312 3488 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 09:42:03.0328 3488 dot4usb - ok 09:42:03.0374 3488 [ 0B9134A45E88DCF0657382F277242F62 ] DpHost c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe 09:42:03.0374 3488 DpHost - ok 09:42:03.0406 3488 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 09:42:03.0421 3488 DPS - ok 09:42:03.0515 3488 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 09:42:03.0530 3488 drmkaud - ok 09:42:03.0546 3488 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 09:42:03.0562 3488 DXGKrnl - ok 09:42:03.0608 3488 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 09:42:03.0640 3488 EapHost - ok 09:42:03.0733 3488 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 09:42:03.0764 3488 ebdrv - ok 09:42:03.0780 3488 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 09:42:03.0796 3488 EFS - ok 09:42:03.0889 3488 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 09:42:03.0905 3488 ehRecvr - ok 09:42:03.0936 3488 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 09:42:03.0952 3488 ehSched - ok 09:42:03.0998 3488 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 09:42:04.0014 3488 elxstor - ok 09:42:04.0030 3488 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 09:42:04.0045 3488 ErrDev - ok 09:42:04.0061 3488 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 09:42:04.0092 3488 EventSystem - ok 09:42:04.0108 3488 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 09:42:04.0139 3488 exfat - ok 09:42:04.0139 3488 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 09:42:04.0170 3488 fastfat - ok 09:42:04.0186 3488 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 09:42:04.0217 3488 Fax - ok 09:42:04.0232 3488 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 09:42:04.0232 3488 fdc - ok 09:42:04.0279 3488 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 09:42:04.0326 3488 fdPHost - ok 09:42:04.0326 3488 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 09:42:04.0357 3488 FDResPub - ok 09:42:04.0388 3488 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 09:42:04.0404 3488 FileInfo - ok 09:42:04.0435 3488 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 09:42:04.0466 3488 Filetrace - ok 09:42:04.0544 3488 [ A814979613C50457ED25FD60C872EBBC ] FLCDLOCK c:\Windows\SysWOW64\flcdlock.exe 09:42:04.0576 3488 FLCDLOCK - ok 09:42:04.0607 3488 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 09:42:04.0607 3488 flpydisk - ok 09:42:04.0622 3488 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 09:42:04.0638 3488 FltMgr - ok 09:42:04.0669 3488 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 09:42:04.0716 3488 FontCache - ok 09:42:04.0856 3488 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 09:42:04.0856 3488 FontCache3.0.0.0 - ok 09:42:04.0872 3488 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 09:42:04.0888 3488 FsDepends - ok 09:42:04.0950 3488 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 09:42:04.0966 3488 Fs_Rec - ok 09:42:05.0012 3488 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 09:42:05.0028 3488 fvevol - ok 09:42:05.0059 3488 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 09:42:05.0059 3488 gagp30kx - ok 09:42:05.0153 3488 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 09:42:05.0168 3488 GamesAppService - ok 09:42:05.0200 3488 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 09:42:05.0231 3488 gpsvc - ok 09:42:05.0246 3488 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 09:42:05.0262 3488 hcw85cir - ok 09:42:05.0262 3488 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 09:42:05.0278 3488 HdAudAddService - ok 09:42:05.0293 3488 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 09:42:05.0309 3488 HDAudBus - ok 09:42:05.0309 3488 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 09:42:05.0324 3488 HidBatt - ok 09:42:05.0340 3488 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 09:42:05.0340 3488 HidBth - ok 09:42:05.0356 3488 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 09:42:05.0371 3488 HidIr - ok 09:42:05.0418 3488 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 09:42:05.0434 3488 hidserv - ok 09:42:05.0512 3488 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 09:42:05.0527 3488 HidUsb - ok 09:42:05.0590 3488 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 09:42:05.0636 3488 hkmsvc - ok 09:42:05.0668 3488 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 09:42:05.0683 3488 HomeGroupListener - ok 09:42:05.0714 3488 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 09:42:05.0714 3488 HomeGroupProvider - ok 09:42:05.0777 3488 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 09:42:05.0792 3488 HP Support Assistant Service - ok 09:42:05.0839 3488 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 09:42:05.0870 3488 HPClientSvc - ok 09:42:05.0886 3488 [ 8B22BE650A1A32E9C7E224A9A73672E9 ] HPFSService c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe 09:42:05.0902 3488 HPFSService ( UnsignedFile.Multi.Generic ) - warning 09:42:05.0902 3488 HPFSService - detected UnsignedFile.Multi.Generic (1) 09:42:05.0948 3488 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 09:42:05.0948 3488 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 09:42:05.0948 3488 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 09:42:05.0964 3488 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 09:42:05.0964 3488 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 09:42:05.0964 3488 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 09:42:06.0042 3488 [ BEA91412B280171463864F682A1DB46E ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 09:42:06.0058 3488 hpqwmiex - ok 09:42:06.0104 3488 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 09:42:06.0104 3488 HpSAMD - ok 09:42:06.0151 3488 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 09:42:06.0167 3488 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning 09:42:06.0167 3488 HPSLPSVC - detected UnsignedFile.Multi.Generic (1) 09:42:06.0214 3488 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 09:42:06.0245 3488 HTTP - ok 09:42:06.0245 3488 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 09:42:06.0260 3488 hwpolicy - ok 09:42:06.0276 3488 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 09:42:06.0276 3488 i8042prt - ok 09:42:06.0292 3488 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys 09:42:06.0307 3488 iaStor - ok 09:42:06.0307 3488 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 09:42:06.0323 3488 iaStorV - ok 09:42:06.0479 3488 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 09:42:06.0494 3488 IDriverT ( UnsignedFile.Multi.Generic ) - warning 09:42:06.0494 3488 IDriverT - detected UnsignedFile.Multi.Generic (1) 09:42:06.0541 3488 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 09:42:06.0557 3488 idsvc - ok 09:42:06.0650 3488 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 09:42:06.0728 3488 igfx - ok 09:42:06.0744 3488 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 09:42:06.0744 3488 iirsp - ok 09:42:06.0775 3488 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 09:42:06.0806 3488 IKEEXT - ok 09:42:06.0822 3488 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 09:42:06.0838 3488 intelide - ok 09:42:06.0869 3488 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 09:42:06.0884 3488 intelppm - ok 09:42:06.0900 3488 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 09:42:06.0916 3488 IPBusEnum - ok 09:42:06.0947 3488 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 09:42:06.0994 3488 IpFilterDriver - ok 09:42:07.0009 3488 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 09:42:07.0025 3488 iphlpsvc - ok 09:42:07.0056 3488 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 09:42:07.0056 3488 IPMIDRV - ok 09:42:07.0072 3488 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 09:42:07.0103 3488 IPNAT - ok 09:42:07.0150 3488 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 09:42:07.0165 3488 IRENUM - ok 09:42:07.0212 3488 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 09:42:07.0228 3488 isapnp - ok 09:42:07.0243 3488 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 09:42:07.0259 3488 iScsiPrt - ok 09:42:07.0274 3488 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 09:42:07.0290 3488 jhi_service - ok 09:42:07.0337 3488 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 09:42:07.0337 3488 kbdclass - ok 09:42:07.0415 3488 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 09:42:07.0430 3488 kbdhid - ok 09:42:07.0508 3488 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 09:42:07.0524 3488 KeyIso - ok 09:42:07.0586 3488 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 09:42:07.0602 3488 KSecDD - ok 09:42:07.0602 3488 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 09:42:07.0618 3488 KSecPkg - ok 09:42:07.0633 3488 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 09:42:07.0649 3488 ksthunk - ok 09:42:07.0664 3488 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 09:42:07.0696 3488 KtmRm - ok 09:42:07.0711 3488 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 09:42:07.0742 3488 LanmanServer - ok 09:42:07.0758 3488 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 09:42:07.0789 3488 LanmanWorkstation - ok 09:42:07.0867 3488 [ 5EE0BC76EC1157FB5FB2DD82F27D4313 ] License Agent C:\Program Files (x86)\Licensing\License Agent\bin\cla.exe 09:42:07.0914 3488 License Agent ( UnsignedFile.Multi.Generic ) - warning 09:42:07.0914 3488 License Agent - detected UnsignedFile.Multi.Generic (1) 09:42:07.0961 3488 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 09:42:07.0976 3488 lltdio - ok 09:42:08.0023 3488 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 09:42:08.0054 3488 lltdsvc - ok 09:42:08.0086 3488 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 09:42:08.0117 3488 lmhosts - ok 09:42:08.0148 3488 [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 09:42:08.0164 3488 LMS - ok 09:42:08.0179 3488 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 09:42:08.0195 3488 LSI_FC - ok 09:42:08.0210 3488 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 09:42:08.0226 3488 LSI_SAS - ok 09:42:08.0226 3488 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 09:42:08.0242 3488 LSI_SAS2 - ok 09:42:08.0257 3488 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 09:42:08.0257 3488 LSI_SCSI - ok 09:42:08.0288 3488 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 09:42:08.0304 3488 luafv - ok 09:42:08.0320 3488 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 09:42:08.0335 3488 MBAMProtector - ok 09:42:08.0398 3488 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 09:42:08.0413 3488 MBAMScheduler - ok 09:42:08.0444 3488 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 09:42:08.0444 3488 MBAMService - ok 09:42:08.0507 3488 [ CC80431BDA1DE950260E0B267D5D497F ] McAfee Endpoint Encryption Agent C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe 09:42:08.0522 3488 McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - warning 09:42:08.0522 3488 McAfee Endpoint Encryption Agent - detected UnsignedFile.Multi.Generic (1) 09:42:08.0538 3488 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 09:42:08.0554 3488 Mcx2Svc - ok 09:42:08.0569 3488 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 09:42:08.0569 3488 megasas - ok 09:42:08.0585 3488 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 09:42:08.0600 3488 MegaSR - ok 09:42:08.0647 3488 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys 09:42:08.0663 3488 MEIx64 - ok 09:42:08.0694 3488 [ 7478099ADB87A3E4716FFD6B6E4DB68F ] MfeEpeOpal C:\Windows\system32\drivers\MfeEpeOpal.sys 09:42:08.0710 3488 MfeEpeOpal - ok 09:42:08.0710 3488 [ 534A8C42CB84E626F797D04852F6ED01 ] MfeEpePc C:\Windows\system32\drivers\MfeEpePc.sys 09:42:08.0710 3488 MfeEpePc - ok 09:42:08.0772 3488 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 09:42:08.0772 3488 Microsoft Office Groove Audit Service - ok 09:42:08.0819 3488 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 09:42:08.0850 3488 MMCSS - ok 09:42:08.0881 3488 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 09:42:08.0912 3488 Modem - ok 09:42:08.0944 3488 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 09:42:08.0959 3488 monitor - ok 09:42:08.0959 3488 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 09:42:08.0975 3488 mouclass - ok 09:42:09.0037 3488 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 09:42:09.0053 3488 mouhid - ok 09:42:09.0084 3488 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 09:42:09.0084 3488 mountmgr - ok 09:42:09.0100 3488 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 09:42:09.0115 3488 MpFilter - ok 09:42:09.0131 3488 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 09:42:09.0131 3488 mpio - ok 09:42:09.0178 3488 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 09:42:09.0193 3488 mpsdrv - ok 09:42:09.0256 3488 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 09:42:09.0287 3488 MpsSvc - ok 09:42:09.0302 3488 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 09:42:09.0318 3488 MRxDAV - ok 09:42:09.0334 3488 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 09:42:09.0349 3488 mrxsmb - ok 09:42:09.0396 3488 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 09:42:09.0412 3488 mrxsmb10 - ok 09:42:09.0412 3488 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 09:42:09.0427 3488 mrxsmb20 - ok 09:42:09.0443 3488 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 09:42:09.0443 3488 msahci - ok 09:42:09.0458 3488 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 09:42:09.0474 3488 msdsm - ok 09:42:09.0490 3488 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 09:42:09.0521 3488 MSDTC - ok 09:42:09.0536 3488 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 09:42:09.0568 3488 Msfs - ok 09:42:09.0599 3488 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 09:42:09.0630 3488 mshidkmdf - ok 09:42:09.0646 3488 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 09:42:09.0646 3488 msisadrv - ok 09:42:09.0692 3488 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 09:42:09.0724 3488 MSiSCSI - ok 09:42:09.0724 3488 msiserver - ok 09:42:09.0739 3488 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 09:42:09.0770 3488 MSKSSRV - ok 09:42:09.0802 3488 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 09:42:09.0802 3488 MsMpSvc - ok 09:42:09.0817 3488 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 09:42:09.0848 3488 MSPCLOCK - ok 09:42:09.0848 3488 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 09:42:09.0864 3488 MSPQM - ok 09:42:09.0895 3488 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 09:42:09.0911 3488 MsRPC - ok 09:42:09.0942 3488 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 09:42:09.0942 3488 mssmbios - ok 09:42:09.0958 3488 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 09:42:09.0989 3488 MSTEE - ok 09:42:09.0989 3488 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 09:42:10.0004 3488 MTConfig - ok 09:42:10.0020 3488 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 09:42:10.0036 3488 Mup - ok 09:42:10.0067 3488 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 09:42:10.0082 3488 napagent - ok 09:42:10.0098 3488 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 09:42:10.0114 3488 NativeWifiP - ok 09:42:10.0145 3488 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 09:42:10.0160 3488 NDIS - ok 09:42:10.0176 3488 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 09:42:10.0192 3488 NdisCap - ok 09:42:10.0254 3488 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 09:42:10.0285 3488 NdisTapi - ok 09:42:10.0332 3488 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 09:42:10.0348 3488 Ndisuio - ok 09:42:10.0379 3488 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 09:42:10.0394 3488 NdisWan - ok 09:42:10.0441 3488 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 09:42:10.0488 3488 NDProxy - ok 09:42:10.0550 3488 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 09:42:10.0550 3488 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 09:42:10.0550 3488 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 09:42:10.0582 3488 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 09:42:10.0628 3488 NetBIOS - ok 09:42:10.0644 3488 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 09:42:10.0660 3488 NetBT - ok 09:42:10.0706 3488 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 09:42:10.0722 3488 Netlogon - ok 09:42:10.0769 3488 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 09:42:10.0800 3488 Netman - ok 09:42:10.0862 3488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 09:42:10.0878 3488 NetMsmqActivator - ok 09:42:10.0894 3488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 09:42:10.0894 3488 NetPipeActivator - ok 09:42:10.0909 3488 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 09:42:10.0940 3488 netprofm - ok 09:42:10.0940 3488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 09:42:10.0956 3488 NetTcpActivator - ok 09:42:10.0956 3488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 09:42:10.0956 3488 NetTcpPortSharing - ok 09:42:10.0987 3488 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 09:42:10.0987 3488 nfrd960 - ok 09:42:11.0003 3488 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 09:42:11.0018 3488 NisDrv - ok 09:42:11.0034 3488 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 09:42:11.0050 3488 NisSrv - ok 09:42:11.0065 3488 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 09:42:11.0081 3488 NlaSvc - ok 09:42:11.0096 3488 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 09:42:11.0128 3488 Npfs - ok 09:42:11.0174 3488 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 09:42:11.0221 3488 nsi - ok 09:42:11.0252 3488 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 09:42:11.0284 3488 nsiproxy - ok 09:42:11.0315 3488 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 09:42:11.0346 3488 Ntfs - ok 09:42:11.0362 3488 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 09:42:11.0393 3488 Null - ok 09:42:11.0408 3488 [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 09:42:11.0408 3488 NVHDA - ok 09:42:11.0564 3488 [ CD90D63B7161CE9F5A3066F320999AB8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 09:42:11.0830 3488 nvlddmkm - ok 09:42:11.0845 3488 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 09:42:11.0845 3488 nvraid - ok 09:42:11.0876 3488 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 09:42:11.0876 3488 nvstor - ok 09:42:11.0908 3488 [ B014B7050A2BEAE115BFCB3A91803D73 ] nvsvc C:\Windows\system32\nvvsvc.exe 09:42:11.0923 3488 nvsvc - ok 09:42:11.0954 3488 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 09:42:11.0970 3488 nv_agp - ok 09:42:12.0064 3488 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 09:42:12.0095 3488 odserv - ok 09:42:12.0110 3488 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 09:42:12.0110 3488 ohci1394 - ok 09:42:12.0126 3488 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 09:42:12.0142 3488 ose - ok 09:42:12.0157 3488 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 09:42:12.0188 3488 p2pimsvc - ok 09:42:12.0204 3488 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 09:42:12.0204 3488 p2psvc - ok 09:42:12.0235 3488 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 09:42:12.0251 3488 Parport - ok 09:42:12.0266 3488 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 09:42:12.0282 3488 partmgr - ok 09:42:12.0298 3488 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 09:42:12.0298 3488 PcaSvc - ok 09:42:12.0313 3488 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 09:42:12.0313 3488 pci - ok 09:42:12.0329 3488 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 09:42:12.0344 3488 pciide - ok 09:42:12.0360 3488 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 09:42:12.0360 3488 pcmcia - ok 09:42:12.0360 3488 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 09:42:12.0376 3488 pcw - ok 09:42:12.0391 3488 pdfcDispatcher - ok 09:42:12.0407 3488 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 09:42:12.0438 3488 PEAUTH - ok 09:42:12.0469 3488 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 09:42:12.0485 3488 PeerDistSvc - ok 09:42:12.0563 3488 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 09:42:12.0578 3488 PerfHost - ok 09:42:12.0641 3488 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 09:42:12.0672 3488 pla - ok 09:42:12.0703 3488 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 09:42:12.0719 3488 PlugPlay - ok 09:42:12.0750 3488 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 09:42:12.0750 3488 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 09:42:12.0750 3488 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 09:42:12.0797 3488 [ 0BEE791C7C7ACE453C134E73633C497D ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys 09:42:12.0812 3488 pmxdrv - ok 09:42:12.0859 3488 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 09:42:12.0875 3488 PNRPAutoReg - ok 09:42:12.0922 3488 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 09:42:12.0937 3488 PNRPsvc - ok 09:42:12.0953 3488 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 09:42:12.0984 3488 PolicyAgent - ok 09:42:13.0015 3488 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 09:42:13.0046 3488 Power - ok 09:42:13.0078 3488 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 09:42:13.0109 3488 PptpMiniport - ok 09:42:13.0156 3488 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 09:42:13.0156 3488 Processor - ok 09:42:13.0171 3488 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 09:42:13.0187 3488 ProfSvc - ok 09:42:13.0218 3488 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 09:42:13.0234 3488 ProtectedStorage - ok 09:42:13.0280 3488 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 09:42:13.0312 3488 Psched - ok 09:42:13.0343 3488 QDrive - ok 09:42:13.0390 3488 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 09:42:13.0421 3488 ql2300 - ok 09:42:13.0436 3488 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 09:42:13.0452 3488 ql40xx - ok 09:42:13.0483 3488 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 09:42:13.0499 3488 QWAVE - ok 09:42:13.0530 3488 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 09:42:13.0546 3488 QWAVEdrv - ok 09:42:13.0577 3488 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 09:42:13.0624 3488 RasAcd - ok 09:42:13.0670 3488 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 09:42:13.0686 3488 RasAgileVpn - ok 09:42:13.0702 3488 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 09:42:13.0733 3488 RasAuto - ok 09:42:13.0764 3488 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 09:42:13.0795 3488 Rasl2tp - ok 09:42:13.0826 3488 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 09:42:13.0842 3488 RasMan - ok 09:42:13.0889 3488 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 09:42:13.0920 3488 RasPppoe - ok 09:42:13.0998 3488 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 09:42:14.0029 3488 RasSstp - ok 09:42:14.0076 3488 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 09:42:14.0107 3488 rdbss - ok 09:42:14.0107 3488 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 09:42:14.0123 3488 rdpbus - ok 09:42:14.0138 3488 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 09:42:14.0154 3488 RDPCDD - ok 09:42:14.0170 3488 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 09:42:14.0201 3488 RDPDR - ok 09:42:14.0216 3488 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 09:42:14.0232 3488 RDPENCDD - ok 09:42:14.0232 3488 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 09:42:14.0263 3488 RDPREFMP - ok 09:42:14.0310 3488 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 09:42:14.0326 3488 RDPWD - ok 09:42:14.0341 3488 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 09:42:14.0357 3488 rdyboost - ok 09:42:14.0372 3488 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 09:42:14.0404 3488 RemoteAccess - ok 09:42:14.0419 3488 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 09:42:14.0450 3488 RemoteRegistry - ok 09:42:14.0482 3488 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 09:42:14.0528 3488 RpcEptMapper - ok 09:42:14.0591 3488 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 09:42:14.0606 3488 RpcLocator - ok 09:42:14.0653 3488 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 09:42:14.0700 3488 RpcSs - ok 09:42:14.0716 3488 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 09:42:14.0747 3488 rspndr - ok 09:42:14.0762 3488 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 09:42:14.0778 3488 RTL8167 - ok 09:42:14.0794 3488 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 09:42:14.0809 3488 s3cap - ok 09:42:14.0840 3488 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 09:42:14.0856 3488 SamSs - ok 09:42:14.0887 3488 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 09:42:14.0887 3488 sbp2port - ok 09:42:14.0903 3488 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 09:42:14.0934 3488 SCardSvr - ok 09:42:14.0981 3488 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 09:42:15.0028 3488 scfilter - ok 09:42:15.0074 3488 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 09:42:15.0106 3488 Schedule - ok Markus soll ich noch was machen? |
|
| Themen zu Trojan Ransom |
| anti-malware, autostart, bösartige, dateien, explorer, gefunde, gen, löschen, microsoft, minute, objekte, ransom, registrierung, reich, service, service pack 1, software, speicher, temp, test, troja, trojan, users, version, verzeichnisse |
Linear-Darstellung
