Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan Ransom

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.12.2012, 17:31   #1
Jacinta
 
Trojan Ransom - Standard

Trojan Ransom



bekomme PUM.UserWload und Trojan.Ransom nicht los, wer kann mir helfen?

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.18.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jacinta Heidenreich :: JACINTA [limitiert]

Schutz: Aktiviert

18-12-2012 11:15:02
mbam-log-2012-12-18 (11-15-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 266013
Laufzeit: 14 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr -> Löschen bei Neustart.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 18.12.2012, 17:32   #2
markusg
/// Malware-holic
 
Trojan Ransom - Standard

Trojan Ransom



Hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 18.12.2012, 18:13   #3
Jacinta
 
Trojan Ransom - Standard

Trojan Ransom



Hi Markus, ich bin nun wirklich kein PS Spezialist hier die daten:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18-12-2012 18:04:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jacinta Heidenreich\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy
 
3,98 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 46,08% Memory free
7,96 Gb Paging File | 5,34 Gb Available in Paging File | 67,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915,23 Gb Total Space | 738,44 Gb Free Space | 80,68% Space Free | Partition Type: NTFS
Drive D: | 16,18 Gb Total Space | 2,02 Gb Free Space | 12,48% Space Free | Partition Type: NTFS
 
Computer Name: JACINTA | User Name: Jacinta Heidenreich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012-12-18 18:03:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jacinta Heidenreich\Downloads\OTL.exe
PRC - [2012-12-17 13:48:57 | 000,894,920 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe
PRC - [2012-11-06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012-11-06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012-09-29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-05-24 01:41:20 | 001,576,080 | ---- | M] (QNAP Systems, Inc.) -- C:\Program Files\QNAP\NetBak\Enclosure.exe
PRC - [2012-04-13 18:46:17 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2012-04-04 14:04:58 | 005,515,088 | ---- | M] (Firetrust) -- C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
PRC - [2012-04-04 05:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-08-26 20:35:12 | 012,277,248 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2011-08-26 20:35:08 | 000,322,048 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2011-08-24 21:53:42 | 000,823,632 | R--- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2011-08-05 05:16:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-08-03 14:55:11 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011-08-03 14:54:41 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011-07-22 00:44:14 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
PRC - [2011-07-22 00:19:58 | 001,318,912 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
PRC - [2011-07-20 18:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011-02-24 07:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010-02-11 17:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
PRC - [2009-08-25 02:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009-07-02 21:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
PRC - [2009-06-08 12:59:42 | 003,190,784 | ---- | M] (Siemens AG) -- C:\Program Files (x86)\Licensing\License Agent\bin\cla.exe
PRC - [2009-05-08 23:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009-05-08 23:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009-02-28 02:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008-11-20 17:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012-11-27 10:41:54 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\1352c3e5dd49f3bf8c2f8e106ceb79fb\WindowsFormsIntegration.ni.dll
MOD - [2012-11-27 10:41:10 | 013,345,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\b44bc0f669f6a03f9662baf928987d10\System.Data.Entity.ni.dll
MOD - [2012-11-27 10:40:33 | 000,134,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\620ad622156f4a3f34a46248ec6a3a03\System.Data.DataSetExtensions.ni.dll
MOD - [2012-11-27 10:40:22 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ae40aeae573219a0439def61b1d48b49\UIAutomationTypes.ni.dll
MOD - [2012-11-27 10:40:21 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll
MOD - [2012-11-27 10:39:50 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll
MOD - [2012-11-27 10:39:45 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\5528d332c662a879514630cbee174ada\Accessibility.ni.dll
MOD - [2012-11-26 18:21:23 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll
MOD - [2012-11-26 18:21:15 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
MOD - [2012-11-26 18:21:09 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
MOD - [2012-11-26 18:21:07 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll
MOD - [2012-11-26 18:17:44 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\90f1acbd79e2a5fabfb8c516d6be36a3\System.Data.ni.dll
MOD - [2012-11-26 18:17:42 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012-11-26 18:17:40 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012-11-26 18:17:38 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012-11-26 18:17:36 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012-11-26 18:17:36 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012-11-26 18:17:35 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012-11-26 18:17:32 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4356fe490600dd3d31969f31f59a6892\System.Numerics.ni.dll
MOD - [2012-11-26 18:17:31 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012-04-03 14:47:08 | 000,272,384 | ---- | M] () -- C:\Program Files (x86)\Firetrust\MailWasher\FTClientNode.dll
MOD - [2012-04-03 14:47:08 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Firetrust\MailWasher\MWPBridgeDLL.dll
MOD - [2012-04-03 14:47:08 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Firetrust\MailWasher\FTBridge.dll
MOD - [2012-01-30 14:23:02 | 004,637,184 | ---- | M] () -- C:\Program Files (x86)\Firetrust\MailWasher\MWPappDLL.dll
MOD - [2011-10-05 02:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011-09-05 16:57:34 | 000,366,136 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2011-07-22 00:44:14 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
MOD - [2011-06-22 10:46:12 | 000,434,016 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL
MOD - [2011-05-26 19:18:44 | 000,136,536 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office12\OUTLCTL.DLL
MOD - [2009-07-02 21:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
MOD - [2009-02-28 02:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009-02-26 12:46:56 | 000,064,344 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL
MOD - [2009-02-20 00:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012-09-12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012-09-12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011-09-14 12:18:34 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2011-09-14 12:17:26 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011-08-24 21:53:50 | 000,486,224 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2011-07-22 00:19:58 | 001,318,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2010-10-11 09:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009-07-14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-12-17 13:48:57 | 000,894,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe -- (vToolbarUpdater13.3.2)
SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-11-06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-08-23 11:31:24 | 002,148,216 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012-04-04 05:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-09-10 00:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011-09-05 16:57:24 | 000,476,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2011-08-26 20:35:08 | 000,322,048 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2011-08-12 16:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011-08-05 05:16:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-08-03 14:55:11 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011-08-03 14:54:41 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011-08-01 21:43:36 | 000,195,320 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011-07-20 18:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011-02-24 07:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010-11-21 03:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010-11-21 03:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010-11-21 03:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010-10-12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-09-20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009-06-10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-06-08 12:59:42 | 003,190,784 | ---- | M] (Siemens AG) [Auto | Running] -- C:\Program Files (x86)\Licensing\License Agent\bin\cla.exe -- (License Agent)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012-12-17 13:48:58 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012-10-22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012-10-15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012-10-05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012-10-02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012-09-29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-09-21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012-09-21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012-09-14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012-08-30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012-04-13 18:54:57 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2012-04-13 18:28:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012-04-13 18:28:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012-03-01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-09-21 09:51:59 | 000,409,408 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011-09-21 09:51:55 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011-09-14 12:19:11 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011-09-14 10:35:45 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-08-22 18:54:24 | 000,064,312 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2011-08-04 11:25:16 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011-08-03 14:51:56 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011-07-22 00:52:44 | 000,094,152 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal)
DRV:64bit: - [2011-07-22 00:52:30 | 000,158,280 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2011-05-11 01:41:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010-11-21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 03:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010-11-21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009-07-14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009-06-10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012-07-04 15:26:12 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009-07-14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL/133
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPALL/133
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{CDA6B079-7153-4C3A-B1F8-F497EC2912FF}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL/133
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPALL/133
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{CDA6B079-7153-4C3A-B1F8-F497EC2912FF}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL/133
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{17E24411-BFE7-4301-8311-1A4D36FCD8F9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ARS&o=15084&src=kw&q={searchTerms}&locale=pt_EU&apn_ptnrs=^AG&apn_dtid=^zzz003^YY^PT&apn_uid=61497d81-9f5c-41a9-8bf5-a0383d44d949&apn_sauid=5CC5E53E-F77F-401F-96A4-9225E253AB42
IE - HKCU\..\SearchScopes\{CDA6B079-7153-4C3A-B1F8-F497EC2912FF}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012-04-13 18:40:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-04 15:26:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-04 15:26:32 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009-06-10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [Certificate Import] C:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe ()
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files (x86)\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
F3:64bit: - HKCU WinNT: Load - (C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr) -  File not found
F3 - HKCU WinNT: Load - (C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr) -  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: millenniumbcp.pt ([corp] https in Trusted sites)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1587117-66AF-479C-BC1F-5A00125E6C76}: DhcpNameServer = 172.16.2.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012-12-18 15:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS
[2012-12-18 11:50:05 | 000,035,192 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe
[2012-12-18 11:49:59 | 000,026,488 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll
[2012-12-18 11:49:59 | 000,021,880 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll
[2012-12-18 11:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
[2012-12-18 11:49:31 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\AVG
[2012-12-18 11:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2012-12-18 11:48:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2012-12-17 16:29:22 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Malwarebytes
[2012-12-17 16:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-12-17 16:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-12-17 16:29:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-12-17 16:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-12-17 13:50:47 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\AVG2013
[2012-12-17 13:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012-12-17 13:49:20 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\TuneUp Software
[2012-12-17 13:49:08 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012-12-17 13:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012-12-17 13:46:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012-12-17 13:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012-12-17 13:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012-12-17 13:42:59 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Local\MFAData
[2012-12-17 13:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012-12-17 13:42:59 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Local\Avg2013
[2012-12-17 13:03:17 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\QuickScan
[2012-12-17 11:42:50 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Obaqpu
[2012-12-17 11:42:50 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Faes
[2012-12-17 11:35:21 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\Local Settings
[2012-12-14 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Wotyn
[2012-12-14 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Ufsaox
[2012-12-14 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Osqo
[2012-12-13 15:59:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-12-13 15:59:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-12-13 15:59:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-12-13 15:59:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-12-13 15:59:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-12-13 15:59:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-12-13 15:59:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012-12-13 15:59:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012-12-13 15:59:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012-12-13 15:59:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012-12-13 15:59:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012-12-13 15:59:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012-12-13 15:59:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-12-13 15:59:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-12-13 15:59:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012-12-13 09:19:53 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012-12-13 09:19:52 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012-12-13 09:19:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012-12-13 09:19:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012-12-13 09:19:43 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012-12-13 09:19:42 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012-12-13 09:19:42 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012-12-13 09:19:42 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012-12-13 09:19:42 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012-12-13 09:19:42 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012-12-13 09:19:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012-12-13 09:19:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012-12-13 09:19:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012-12-13 09:19:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012-12-13 09:19:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012-12-13 09:19:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012-12-13 09:19:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012-12-13 09:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012-12-13 09:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012-12-13 09:19:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012-12-13 09:19:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012-12-13 09:19:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012-12-13 09:19:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012-12-13 09:19:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012-12-13 09:19:40 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012-12-13 09:19:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012-12-13 09:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012-12-13 09:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012-12-13 09:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012-12-13 09:19:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012-12-13 09:19:36 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012-12-13 09:19:36 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012-11-30 15:39:52 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\Documents\HP Photosmart Projects
[2012-11-27 09:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012-11-27 09:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012-11-26 18:18:46 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012-11-26 18:18:46 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012-11-26 18:12:31 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012-11-26 18:12:30 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012-11-26 18:12:30 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012-11-26 18:12:30 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012-11-26 10:05:24 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012-11-26 10:05:24 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012-11-26 10:05:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012-11-26 10:05:15 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2012-11-26 10:05:15 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2012-11-26 10:05:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2012-11-26 10:05:14 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2012-11-26 10:05:13 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2012-11-26 10:05:12 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2012-11-26 10:05:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2012-11-26 10:05:12 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2012-11-26 10:05:12 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2012-11-26 10:05:12 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2012-11-26 10:05:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2012-11-26 10:05:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2012-11-26 10:05:00 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012-11-26 10:05:00 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012-11-26 10:05:00 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012-11-26 10:04:59 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012-11-26 10:04:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012-11-26 10:04:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012-11-26 10:03:19 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012-11-26 10:03:18 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012-12-18 17:01:38 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-12-18 17:01:38 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-12-18 16:53:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-12-18 16:53:38 | 3205,750,784 | -HS- | M] () -- C:\hiberfil.sys
[2012-12-18 15:51:38 | 001,828,926 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-12-18 15:51:38 | 000,791,066 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012-12-18 15:51:38 | 000,712,538 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-12-18 15:51:38 | 000,174,808 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012-12-18 15:51:38 | 000,140,974 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-12-18 13:58:20 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJacinta Heidenreich.job
[2012-12-18 11:49:43 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
[2012-12-18 11:49:43 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2012-12-18 11:41:52 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-12-17 16:29:18 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012-12-17 13:49:21 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012-12-17 13:48:58 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012-12-14 10:19:17 | 000,415,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-11-29 11:29:27 | 000,187,767 | ---- | M] () -- C:\Users\Jacinta Heidenreich\Documents\axa.jpg
[2012-11-27 09:33:49 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012-11-27 09:33:17 | 000,001,135 | ---- | M] () -- C:\Users\Jacinta Heidenreich\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012-12-18 11:49:43 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
[2012-12-18 11:49:43 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2012-12-18 11:49:39 | 000,002,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
[2012-12-17 16:29:18 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012-12-17 13:49:21 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012-11-29 15:02:39 | 000,187,767 | ---- | C] () -- C:\Users\Jacinta Heidenreich\Documents\axa.jpg
[2012-11-26 18:18:49 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012-11-26 18:12:30 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012-06-25 14:44:21 | 000,228,903 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2012-06-25 14:39:53 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2012-06-04 16:22:05 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\U2lcalc750.dll
[2012-06-04 16:22:05 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\U2LDIVIS.dll
[2012-06-04 16:22:05 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\u2leuro.dll
[2012-06-04 16:22:05 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\u2lpri.dll
[2012-06-04 16:22:05 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\u2lloc.dll
[2012-06-04 16:22:05 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\prilog.dll
[2012-06-04 16:22:04 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\U2lcalc.dll
[2012-06-04 16:20:59 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\PRINTCHES.dll
[2012-06-04 16:20:59 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\cqdecl32.dll
[2012-06-04 16:20:54 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\ChartFX.ClientServer.Core.pt.dll
[2012-06-04 16:20:54 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\ChartFX.ClientServer.Core.es.dll
[2012-06-04 15:59:30 | 000,046,977 | ---- | C] () -- C:\Windows\uninstminilector.exe
[2012-06-04 15:22:54 | 000,228,903 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012-06-04 15:22:54 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012-01-23 16:25:18 | 000,055,656 | ---- | C] () -- C:\Windows\SysWow64\pteidlib_dotnet.dll
[2012-01-23 16:25:16 | 000,558,432 | ---- | C] () -- C:\Windows\SysWow64\pteiddlgsrv.exe
[2012-01-23 16:25:10 | 008,156,504 | ---- | C] () -- C:\Windows\SysWow64\QtGui4.dll
[2012-01-23 16:25:08 | 000,164,184 | ---- | C] () -- C:\Windows\SysWow64\pteidlib.dll
[2012-01-23 16:24:58 | 000,176,472 | ---- | C] () -- C:\Windows\SysWow64\pteiddlg.dll
[2012-01-23 16:24:54 | 000,045,920 | ---- | C] () -- C:\Windows\SysWow64\pteidlibj.dll
[2012-01-23 16:24:52 | 000,035,680 | ---- | C] () -- C:\Windows\SysWow64\pteidhttps.dll
[2012-01-23 16:24:50 | 002,283,352 | ---- | C] () -- C:\Windows\SysWow64\QtCore4.dll
[2011-10-12 22:33:22 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011-09-05 16:57:34 | 000,366,136 | ---- | C] () -- C:\Windows\SysWow64\flcdlmsg.dll
[2011-08-24 22:30:30 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPLic.dll.hpsign
[2011-08-24 21:55:46 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign
[2011-08-24 21:55:46 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign
[2011-08-24 21:55:30 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign
[2011-08-24 21:53:44 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPSCEL.dll.hpsign
[2011-08-24 21:53:44 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign
[2011-08-24 21:53:42 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign
[2011-08-05 05:16:42 | 000,305,256 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011-02-11 20:29:00 | 001,803,064 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009-07-14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---
__________________

Alt 18.12.2012, 18:19   #4
Jacinta
 
Trojan Ransom - Standard

Trojan Ransom



HI Markus, hier nun nochmals OTL diesesmal mit LOP un Purity checkOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18-12-2012 18:15:14 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jacinta Heidenreich\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy
 
3,98 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 42,37% Memory free
7,96 Gb Paging File | 5,33 Gb Available in Paging File | 66,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915,23 Gb Total Space | 738,43 Gb Free Space | 80,68% Space Free | Partition Type: NTFS
Drive D: | 16,18 Gb Total Space | 2,02 Gb Free Space | 12,48% Space Free | Partition Type: NTFS
 
Computer Name: JACINTA | User Name: Jacinta Heidenreich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jacinta Heidenreich\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\QNAP\NetBak\Enclosure.exe (QNAP Systems, Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe (Firetrust)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
PRC - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe ()
PRC - C:\Program Files (x86)\Licensing\License Agent\bin\cla.exe (Siemens AG)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\1352c3e5dd49f3bf8c2f8e106ceb79fb\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\b44bc0f669f6a03f9662baf928987d10\System.Data.Entity.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\620ad622156f4a3f34a46248ec6a3a03\System.Data.DataSetExtensions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ae40aeae573219a0439def61b1d48b49\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\5528d332c662a879514630cbee174ada\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\90f1acbd79e2a5fabfb8c516d6be36a3\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4356fe490600dd3d31969f31f59a6892\System.Numerics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Firetrust\MailWasher\FTClientNode.dll ()
MOD - C:\Program Files (x86)\Firetrust\MailWasher\MWPBridgeDLL.dll ()
MOD - C:\Program Files (x86)\Firetrust\MailWasher\FTBridge.dll ()
MOD - C:\Program Files (x86)\Firetrust\MailWasher\MWPappDLL.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Windows\SysWOW64\flcdlmsg.dll ()
MOD - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL ()
MOD - C:\PROGRA~2\MICROS~1\Office12\OUTLCTL.DLL ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe ()
MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (DpHost) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (McAfee Endpoint Encryption Agent) -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe ()
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (vToolbarUpdater13.3.2) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (FLCDLOCK) -- c:\Windows\SysWOW64\flcdlock.exe (Hewlett-Packard Company)
SRV - (HPFSService) -- c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (License Agent) -- C:\Program Files (x86)\Licensing\License Agent\bin\cla.exe (Siemens AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated)
DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (DAMDrv) -- C:\Windows\SysNative\drivers\DAMDrv64.sys (Hewlett-Packard Company)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (MfeEpeOpal) -- C:\Windows\SysNative\drivers\MfeEpeOpal.sys (McAfee, Inc.)
DRV:64bit: - (MfeEpePc) -- C:\Windows\SysNative\drivers\MfeEpePc.sys (McAfee, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL/133
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPALL/133
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{CDA6B079-7153-4C3A-B1F8-F497EC2912FF}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL/133
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPALL/133
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{CDA6B079-7153-4C3A-B1F8-F497EC2912FF}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL/133
IE - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\..\SearchScopes\{17E24411-BFE7-4301-8311-1A4D36FCD8F9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ARS&o=15084&src=kw&q={searchTerms}&locale=pt_EU&apn_ptnrs=^AG&apn_dtid=^zzz003^YY^PT&apn_uid=61497d81-9f5c-41a9-8bf5-a0383d44d949&apn_sauid=5CC5E53E-F77F-401F-96A4-9225E253AB42
IE - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\..\SearchScopes\{CDA6B079-7153-4C3A-B1F8-F497EC2912FF}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012-04-13 18:40:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-04 15:26:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-04 15:26:32 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009-06-10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [Certificate Import] C:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe ()
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files (x86)\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
F3:64bit: - HKU\S-1-5-21-901881791-4019397399-1557841388-1001 WinNT: Load - (C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr) -  File not found
F3 - HKU\S-1-5-21-901881791-4019397399-1557841388-1001 WinNT: Load - (C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr) -  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-901881791-4019397399-1557841388-1001\..Trusted Domains: millenniumbcp.pt ([corp] https in Trusted sites)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1587117-66AF-479C-BC1F-5A00125E6C76}: DhcpNameServer = 172.16.2.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012-12-18 15:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS
[2012-12-18 11:50:05 | 000,035,192 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe
[2012-12-18 11:49:59 | 000,026,488 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll
[2012-12-18 11:49:59 | 000,021,880 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll
[2012-12-18 11:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
[2012-12-18 11:49:31 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\AVG
[2012-12-18 11:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2012-12-18 11:48:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2012-12-17 16:29:22 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Malwarebytes
[2012-12-17 16:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-12-17 16:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-12-17 16:29:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-12-17 16:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-12-17 13:50:47 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\AVG2013
[2012-12-17 13:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012-12-17 13:49:20 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\TuneUp Software
[2012-12-17 13:49:08 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012-12-17 13:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012-12-17 13:46:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012-12-17 13:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012-12-17 13:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012-12-17 13:42:59 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Local\MFAData
[2012-12-17 13:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012-12-17 13:42:59 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Local\Avg2013
[2012-12-17 13:03:17 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\QuickScan
[2012-12-17 11:42:50 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Obaqpu
[2012-12-17 11:42:50 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Faes
[2012-12-17 11:35:21 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\Local Settings
[2012-12-14 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Wotyn
[2012-12-14 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Ufsaox
[2012-12-14 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Osqo
[2012-12-13 15:59:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-12-13 15:59:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-12-13 15:59:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-12-13 15:59:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-12-13 15:59:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-12-13 15:59:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-12-13 15:59:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012-12-13 15:59:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012-12-13 15:59:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012-12-13 15:59:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012-12-13 15:59:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012-12-13 15:59:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012-12-13 15:59:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-12-13 15:59:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-12-13 15:59:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012-12-13 09:19:53 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012-12-13 09:19:52 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012-12-13 09:19:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012-12-13 09:19:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012-12-13 09:19:43 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012-12-13 09:19:42 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012-12-13 09:19:42 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012-12-13 09:19:42 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012-12-13 09:19:42 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012-12-13 09:19:42 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012-12-13 09:19:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012-12-13 09:19:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012-12-13 09:19:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012-12-13 09:19:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012-12-13 09:19:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012-12-13 09:19:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012-12-13 09:19:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012-12-13 09:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012-12-13 09:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012-12-13 09:19:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012-12-13 09:19:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012-12-13 09:19:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012-12-13 09:19:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012-12-13 09:19:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012-12-13 09:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012-12-13 09:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012-12-13 09:19:40 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012-12-13 09:19:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012-12-13 09:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012-12-13 09:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012-12-13 09:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012-12-13 09:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012-12-13 09:19:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012-12-13 09:19:36 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012-12-13 09:19:36 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012-11-30 15:39:52 | 000,000,000 | ---D | C] -- C:\Users\Jacinta Heidenreich\Documents\HP Photosmart Projects
[2012-11-27 09:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012-11-27 09:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012-11-26 18:18:46 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012-11-26 18:18:46 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012-11-26 18:12:31 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012-11-26 18:12:30 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012-11-26 18:12:30 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012-11-26 18:12:30 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012-11-26 10:05:24 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012-11-26 10:05:24 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012-11-26 10:05:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012-11-26 10:05:15 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2012-11-26 10:05:15 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2012-11-26 10:05:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2012-11-26 10:05:14 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2012-11-26 10:05:13 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2012-11-26 10:05:12 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2012-11-26 10:05:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2012-11-26 10:05:12 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2012-11-26 10:05:12 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2012-11-26 10:05:12 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2012-11-26 10:05:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2012-11-26 10:05:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2012-11-26 10:05:00 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012-11-26 10:05:00 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012-11-26 10:05:00 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012-11-26 10:04:59 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012-11-26 10:04:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012-11-26 10:04:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012-11-26 10:03:19 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012-11-26 10:03:18 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012-12-18 17:01:38 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-12-18 17:01:38 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-12-18 16:53:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-12-18 16:53:38 | 3205,750,784 | -HS- | M] () -- C:\hiberfil.sys
[2012-12-18 15:51:38 | 001,828,926 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-12-18 15:51:38 | 000,791,066 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012-12-18 15:51:38 | 000,712,538 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-12-18 15:51:38 | 000,174,808 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012-12-18 15:51:38 | 000,140,974 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-12-18 13:58:20 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJacinta Heidenreich.job
[2012-12-18 11:49:43 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
[2012-12-18 11:49:43 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2012-12-18 11:41:52 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-12-17 16:29:18 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012-12-17 13:49:21 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012-12-17 13:48:58 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012-12-14 10:19:17 | 000,415,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-11-29 11:29:27 | 000,187,767 | ---- | M] () -- C:\Users\Jacinta Heidenreich\Documents\axa.jpg
[2012-11-27 09:33:49 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012-11-27 09:33:17 | 000,001,135 | ---- | M] () -- C:\Users\Jacinta Heidenreich\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012-12-18 11:49:43 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
[2012-12-18 11:49:43 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2012-12-18 11:49:39 | 000,002,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
[2012-12-17 16:29:18 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012-12-17 13:49:21 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012-11-29 15:02:39 | 000,187,767 | ---- | C] () -- C:\Users\Jacinta Heidenreich\Documents\axa.jpg
[2012-11-26 18:18:49 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012-11-26 18:12:30 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012-06-25 14:44:21 | 000,228,903 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2012-06-25 14:39:53 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2012-06-04 16:22:05 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\U2lcalc750.dll
[2012-06-04 16:22:05 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\U2LDIVIS.dll
[2012-06-04 16:22:05 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\u2leuro.dll
[2012-06-04 16:22:05 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\u2lpri.dll
[2012-06-04 16:22:05 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\u2lloc.dll
[2012-06-04 16:22:05 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\prilog.dll
[2012-06-04 16:22:04 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\U2lcalc.dll
[2012-06-04 16:20:59 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\PRINTCHES.dll
[2012-06-04 16:20:59 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\cqdecl32.dll
[2012-06-04 16:20:54 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\ChartFX.ClientServer.Core.pt.dll
[2012-06-04 16:20:54 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\ChartFX.ClientServer.Core.es.dll
[2012-06-04 15:59:30 | 000,046,977 | ---- | C] () -- C:\Windows\uninstminilector.exe
[2012-06-04 15:22:54 | 000,228,903 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012-06-04 15:22:54 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012-01-23 16:25:18 | 000,055,656 | ---- | C] () -- C:\Windows\SysWow64\pteidlib_dotnet.dll
[2012-01-23 16:25:16 | 000,558,432 | ---- | C] () -- C:\Windows\SysWow64\pteiddlgsrv.exe
[2012-01-23 16:25:10 | 008,156,504 | ---- | C] () -- C:\Windows\SysWow64\QtGui4.dll
[2012-01-23 16:25:08 | 000,164,184 | ---- | C] () -- C:\Windows\SysWow64\pteidlib.dll
[2012-01-23 16:24:58 | 000,176,472 | ---- | C] () -- C:\Windows\SysWow64\pteiddlg.dll
[2012-01-23 16:24:54 | 000,045,920 | ---- | C] () -- C:\Windows\SysWow64\pteidlibj.dll
[2012-01-23 16:24:52 | 000,035,680 | ---- | C] () -- C:\Windows\SysWow64\pteidhttps.dll
[2012-01-23 16:24:50 | 002,283,352 | ---- | C] () -- C:\Windows\SysWow64\QtCore4.dll
[2011-10-12 22:33:22 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011-09-05 16:57:34 | 000,366,136 | ---- | C] () -- C:\Windows\SysWow64\flcdlmsg.dll
[2011-08-24 22:30:30 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPLic.dll.hpsign
[2011-08-24 21:55:46 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign
[2011-08-24 21:55:46 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign
[2011-08-24 21:55:30 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign
[2011-08-24 21:53:44 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPSCEL.dll.hpsign
[2011-08-24 21:53:44 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign
[2011-08-24 21:53:42 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign
[2011-08-05 05:16:42 | 000,305,256 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011-02-11 20:29:00 | 001,803,064 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009-07-14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012-10-15 09:49:30 | 000,000,000 | -H-D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\.pteid-ng
[2012-12-18 11:49:31 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\AVG
[2012-12-17 13:50:47 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\AVG2013
[2012-06-04 14:46:13 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\DigitalPersona
[2012-12-17 13:55:36 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Faes
[2012-06-05 10:50:42 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Firetrust
[2012-12-17 11:43:25 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Obaqpu
[2012-12-17 13:50:56 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Osqo
[2012-07-13 15:06:50 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\pteid-cache
[2012-12-17 13:03:28 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\QuickScan
[2012-07-05 15:05:14 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\TeamViewer
[2012-12-17 13:49:20 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\TuneUp Software
[2012-12-14 17:16:26 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Ufsaox
[2012-06-05 14:45:45 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\VEIT-PPL-Euro-2012
[2012-12-17 13:57:42 | 000,000,000 | ---D | M] -- C:\Users\Jacinta Heidenreich\AppData\Roaming\Wotyn
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 18.12.2012, 18:22   #5
markusg
/// Malware-holic
 
Trojan Ransom - Standard

Trojan Ransom



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
F3:64bit: - HKCU WinNT: Load - (C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr) -  File not found
F3 - HKCU WinNT: Load - (C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr) -  File not found
O8:64bit: - Extra context menu item: Export to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Export to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
Öffne bitte Malwarebytes, Logdateien, poste weitere Logs, falls vor handen, aber nur die, mit Funden.
Öffne AVG poste die Fundmeldungen

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.12.2012, 18:33   #6
Jacinta
 
Trojan Ransom - Standard

Trojan Ransom



Anweisungen befolgt , nach Neustart:

All processes killed
========== OTL ==========
64bit-Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr scheduled to be deleted on reboot.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Export to Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Export to Microsoft Excel\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 56466 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Flash cache emptied: 56466 bytes

User: Jacinta Heidenreich
->Flash cache emptied: 58134 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jacinta Heidenreich
->Temp folder emptied: 108382075 bytes
->Temporary Internet Files folder emptied: 292640588 bytes
->Java cache emptied: 13197016 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16415799 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50529 bytes
RecycleBin emptied: 604543873 bytes

Total Files Cleaned = 987,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12182012_182621

Files\Folders moved on Reboot...
File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Temp1_00014093-DVI-POIGNEE - VVN - BEBE POCHETTE JONC MONOGRAM-01-Dossier Outil_-93837_DVI J0072Z 003 COR-pdf.zip\00014093-DVI-POIGNEE - VVN - BEBE POCHETTE JONC MONOGRAM-01-Dossier Outil-93837_DVI J0072Z 003 COR.pdf not found!
File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SXE110ZM\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=2921511275236707[1].js not found!
File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SXE110ZM\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=5098543390355654;[1].js not found!
File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SXE110ZM\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=7827230535453045;[1].js not found!
File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SXE110ZM\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=9959003025216666;[1].js not found!
File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\LDEPEFA0\economia_noticias;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=ultimas;tile=3;dcopt=ist;sz=300x 100,300x250,300x600;ord=2042929642799565[1].js not found!
File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\LDEPEFA0\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=5018395525313745;[1].js not found!
File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\LDEPEFA0\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=7722581732869173;[1].js not found!
File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\LDEPEFA0\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=929664275589912;[1].js not found!
File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\IT17WLM1\nomia_noticias;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,30 0x250,300x600,300x800;ord=2042929642799565[1].js not found!
File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3VG58IKR\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=227309627688962[1].js not found!
File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3VG58IKR\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=305421382397357[1].js not found!
File\Folder C:\Users\Jacinta Heidenreich\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3VG58IKR\homepage;rsi=D08736_10011;rsi=D08736_10030;rsi=D08736_10001;rsi=D08736_10036;;pos=topo;tile=1;dcopt=ist;sz=300x100,300x250, 300x600,300x800;ord=6732338352584351;[1].js not found!
C:\Users\Jacinta Heidenreich\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
64bit-Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr deleted successfully.

Alt 18.12.2012, 18:37   #7
markusg
/// Malware-holic
 
Trojan Ransom - Standard

Trojan Ransom



Nicht alle Anweisungen befolgt,lies bitte noch mal oben.
Ich wollte alle Malwarebytes Logs mit Funden, und evtl. auch die von AVG, falls es welche gab
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.12.2012, 18:38   #8
Jacinta
 
Trojan Ransom - Standard

Trojan Ransom



Markus, ich kann´s nicht glauben. Hier das Resultat nach nochmaligem durchkaufen von Malwarebytes:


Vielen , Vielen Dank!


Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.18.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jacinta Heidenreich :: JACINTA [limitiert]

Schutz: Aktiviert

18-12-2012 18:33:24
mbam-log-2012-12-18 (18-33-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 252692
Laufzeit: 3 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

AVG laeuft noch , sende gleich den log. Frage: Ist mein PC denn nun sicher?

Alt 18.12.2012, 18:46   #9
markusg
/// Malware-holic
 
Trojan Ransom - Standard

Trojan Ransom



ich will keine neuen Logs, ich habe nach alten Logs mit funden gefragt, poste diese bitte.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.12.2012, 18:54   #10
Jacinta
 
Trojan Ransom - Standard

Trojan Ransom



Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.18.03

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Jacinta Heidenreich :: JACINTA [Administrator]

Schutz: Deaktiviert

18-12-2012 15:40:20
mbam-log-2012-12-18 (15-40-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 251416
Laufzeit: 2 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr -> Löschen bei Neustart.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

so und dieser war von gestern:


Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.17.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jacinta Heidenreich :: JACINTA [limitiert]

Schutz: Aktiviert

17-12-2012 16:30:23
mbam-log-2012-12-17 (16-30-23).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 266222
Laufzeit: 13 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\JACINT~1\LOCALS~1\Temp\msjiwpzo.scr -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\System32\regedit.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 18.12.2012, 19:37   #11
markusg
/// Malware-holic
 
Trojan Ransom - Standard

Trojan Ransom



Hi
sind das alle? was ist mit evtl. vorhandenen Meldungen von AVG?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.12.2012, 20:00   #12
Jacinta
 
Trojan Ransom - Standard

Trojan Ransom



Markus, habe keine log s mehr gefunden. Wie gesagt ich kein spezialist und habe womoeglich dievlog s geloescht. Dennoch mache ich morgem weiter und werde mochmal mit avg etc den pc ueberpruefen. Melde mich dann. Danke nochmals fur deine hilfe

Alt 18.12.2012, 20:04   #13
markusg
/// Malware-holic
 
Trojan Ransom - Standard

Trojan Ransom



Du sollst ihn nicht noch mal mit AVG überprüfen, bitte nur angeforderte Scans.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.12.2012, 10:07   #14
Jacinta
 
Trojan Ransom - Standard

Trojan Ransom



Guten Morgen Markus,

es wurden 9 Threats gefunden, schaffe es nicht den log zu posten

09:34:40.0375 2684 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:34:40.0687 2684 ============================================================
09:34:40.0687 2684 Current date / time: 2012/12/19 09:34:40.0687
09:34:40.0687 2684 SystemInfo:
09:34:40.0687 2684
09:34:40.0687 2684 OS Version: 6.1.7601 ServicePack: 1.0
09:34:40.0687 2684 Product type: Workstation
09:34:40.0687 2684 ComputerName: JACINTA
09:34:40.0687 2684 UserName: Jacinta Heidenreich
09:34:40.0687 2684 Windows directory: C:\Windows
09:34:40.0687 2684 System windows directory: C:\Windows
09:34:40.0687 2684 Running under WOW64
09:34:40.0687 2684 Processor architecture: Intel x64
09:34:40.0687 2684 Number of processors: 4
09:34:40.0687 2684 Page size: 0x1000
09:34:40.0687 2684 Boot type: Normal boot
09:34:40.0687 2684 ============================================================
09:34:41.0248 2684 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:34:41.0264 2684 ============================================================
09:34:41.0264 2684 \Device\Harddisk0\DR0:
09:34:41.0264 2684 MBR partitions:
09:34:41.0264 2684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:34:41.0264 2684 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72678000
09:34:41.0264 2684 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x726AA800, BlocksNum 0x205B800
09:34:41.0264 2684 ============================================================
09:34:41.0404 2684 C: <-> \Device\Harddisk0\DR0\Partition2
09:34:41.0576 2684 D: <-> \Device\Harddisk0\DR0\Partition3
09:34:41.0576 2684 ============================================================
09:34:41.0576 2684 Initialize success
09:34:41.0576 2684 ============================================================
09:35:20.0514 6704 ============================================================
09:35:20.0514 6704 Scan started
09:35:20.0514 6704 Mode: Manual; SigCheck; TDLFS;
09:35:20.0514 6704 ============================================================
09:35:21.0091 6704 ================ Scan system memory ========================
09:35:21.0091 6704 System memory - ok
09:35:21.0091 6704 ================ Scan services =============================
09:35:21.0263 6704 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:35:21.0465 6704 1394ohci - ok
09:35:21.0481 6704 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:35:21.0497 6704 ACPI - ok
09:35:21.0528 6704 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:35:21.0543 6704 AcpiPmi - ok
09:35:21.0637 6704 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:35:21.0684 6704 AdobeARMservice - ok
09:35:21.0731 6704 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:35:21.0746 6704 adp94xx - ok
09:35:21.0777 6704 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:35:21.0793 6704 adpahci - ok
09:35:21.0871 6704 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:35:21.0887 6704 adpu320 - ok
09:35:21.0918 6704 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:35:21.0949 6704 AeLookupSvc - ok
09:35:22.0058 6704 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters

Alt 19.12.2012, 10:25   #15
Jacinta
 
Trojan Ransom - Standard

Trojan Ransom



09:35:22.0058 6704 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
09:35:22.0105 6704 AESTFilters - ok
09:35:22.0323 6704 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:35:22.0370 6704 AFD - ok
09:35:22.0401 6704 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:35:22.0417 6704 agp440 - ok
09:35:22.0479 6704 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:35:22.0542 6704 ALG - ok
09:35:22.0589 6704 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:35:22.0604 6704 aliide - ok
09:35:22.0635 6704 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:35:22.0651 6704 amdide - ok
09:35:22.0698 6704 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:35:22.0713 6704 AmdK8 - ok
09:35:22.0760 6704 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
09:35:22.0838 6704 AmdPPM - ok
09:35:22.0869 6704 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:35:22.0885 6704 amdsata - ok
09:35:22.0916 6704 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:35:22.0932 6704 amdsbs - ok
09:35:22.0947 6704 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:35:22.0963 6704 amdxata - ok
09:35:23.0025 6704 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
09:35:23.0072 6704 AppHostSvc - ok
09:35:23.0103 6704 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:35:23.0150 6704 AppID - ok
09:35:23.0197 6704 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:35:23.0228 6704 AppIDSvc - ok
09:35:23.0275 6704 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:35:23.0400 6704 Appinfo - ok
09:35:23.0415 6704 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:35:23.0447 6704 AppMgmt - ok
09:35:23.0493 6704 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
09:35:23.0493 6704 arc - ok
09:35:23.0525 6704 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:35:23.0525 6704 arcsas - ok
09:35:23.0603 6704 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:35:23.0681 6704 aspnet_state - ok
09:35:23.0712 6704 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:35:23.0759 6704 AsyncMac - ok
09:35:23.0805 6704 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:35:23.0805 6704 atapi - ok
09:35:23.0852 6704 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:35:23.0899 6704 AudioEndpointBuilder - ok
09:35:23.0899 6704 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:35:23.0930 6704 AudioSrv - ok
09:35:24.0102 6704 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
09:35:24.0180 6704 AVGIDSAgent - ok
09:35:24.0227 6704 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
09:35:24.0242 6704 AVGIDSDriver - ok
09:35:24.0258 6704 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
09:35:24.0258 6704 AVGIDSHA - ok
09:35:24.0289 6704 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
09:35:24.0289 6704 Avgldx64 - ok
09:35:24.0320 6704 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
09:35:24.0336 6704 Avgloga - ok
09:35:24.0336 6704 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
09:35:24.0351 6704 Avgmfx64 - ok
09:35:24.0383 6704 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
09:35:24.0398 6704 Avgrkx64 - ok
09:35:24.0445 6704 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
09:35:24.0461 6704 Avgtdia - ok
09:35:24.0476 6704 [ EFF8B98EA8A7FF52B8A7FD07FED7C6B6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
09:35:24.0492 6704 avgtp - ok
09:35:24.0507 6704 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
09:35:24.0523 6704 avgwd - ok
09:35:24.0585 6704 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:35:24.0632 6704 AxInstSV - ok
09:35:24.0679 6704 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:35:24.0695 6704 b06bdrv - ok
09:35:24.0726 6704 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:35:24.0757 6704 b57nd60a - ok
09:35:24.0804 6704 [ 28A4012E68BC9597BCB9B26B51AAC4B6 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
09:35:24.0819 6704 BBSvc - ok
09:35:24.0866 6704 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
09:35:24.0866 6704 BBUpdate - ok
09:35:24.0929 6704 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:35:24.0960 6704 BDESVC - ok
09:35:24.0991 6704 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:35:25.0022 6704 Beep - ok
09:35:25.0069 6704 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:35:25.0116 6704 BFE - ok
09:35:25.0163 6704 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:35:25.0225 6704 BITS - ok
09:35:25.0256 6704 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
09:35:25.0272 6704 blbdrive - ok
09:35:25.0319 6704 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:35:25.0334 6704 bowser - ok
09:35:25.0350 6704 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:35:25.0381 6704 BrFiltLo - ok
09:35:25.0381 6704 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:35:25.0397 6704 BrFiltUp - ok
09:35:25.0443 6704 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:35:25.0521 6704 Browser - ok
09:35:25.0537 6704 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:35:25.0568 6704 Brserid - ok
09:35:25.0584 6704 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:35:25.0631 6704 BrSerWdm - ok
09:35:25.0646 6704 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:35:25.0662 6704 BrUsbMdm - ok
09:35:25.0677 6704 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:35:25.0677 6704 BrUsbSer - ok
09:35:25.0693 6704 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:35:25.0724 6704 BTHMODEM - ok
09:35:25.0787 6704 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:35:25.0865 6704 bthserv - ok
09:35:25.0865 6704 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:35:25.0896 6704 cdfs - ok
09:35:25.0927 6704 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:35:25.0943 6704 cdrom - ok
09:35:25.0974 6704 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:35:26.0021 6704 CertPropSvc - ok
09:35:26.0052 6704 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
09:35:26.0052 6704 circlass - ok
09:35:26.0083 6704 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:35:26.0083 6704 CLFS - ok
09:35:26.0145 6704 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:35:26.0208 6704 clr_optimization_v2.0.50727_32 - ok
09:35:26.0239 6704 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:35:26.0255 6704 clr_optimization_v2.0.50727_64 - ok
09:35:26.0317 6704 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:35:26.0379 6704 clr_optimization_v4.0.30319_32 - ok
09:35:26.0395 6704 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:35:26.0411 6704 clr_optimization_v4.0.30319_64 - ok
09:35:26.0426 6704 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
09:35:26.0442 6704 CmBatt - ok
09:35:26.0457 6704 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:35:26.0473 6704 cmdide - ok
09:35:26.0504 6704 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:35:26.0535 6704 CNG - ok
09:35:26.0551 6704 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:35:26.0567 6704 Compbatt - ok
09:35:26.0613 6704 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:35:26.0676 6704 CompositeBus - ok
09:35:26.0676 6704 COMSysApp - ok
09:35:26.0707 6704 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:35:26.0723 6704 crcdisk - ok
09:35:26.0738 6704 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:35:26.0785 6704 CryptSvc - ok
09:35:26.0801 6704 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
09:35:26.0832 6704 CSC - ok
09:35:26.0863 6704 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
09:35:26.0894 6704 CscService - ok
09:35:26.0925 6704 [ B9AAC23BCC9326E5E50D937FECB7DCB5 ] DAMDrv C:\Windows\system32\DRIVERS\DAMDrv64.sys
09:35:26.0925 6704 DAMDrv - ok
09:35:26.0972 6704 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:35:27.0035 6704 DcomLaunch - ok
09:35:27.0066 6704 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:35:27.0097 6704 defragsvc - ok
09:35:27.0113 6704 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:35:27.0144 6704 DfsC - ok
09:35:27.0191 6704 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:35:27.0237 6704 Dhcp - ok
09:35:27.0440 6704 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:35:27.0503 6704 discache - ok
09:35:27.0581 6704 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
09:35:27.0596 6704 Disk - ok
09:35:27.0674 6704 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
09:35:27.0690 6704 dmvsc - ok
09:35:27.0721 6704 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:35:27.0737 6704 Dnscache - ok
09:35:27.0783 6704 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:35:27.0830 6704 dot3svc - ok
09:35:27.0893 6704 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
09:35:27.0939 6704 Dot4 - ok
09:35:27.0971 6704 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:35:28.0033 6704 Dot4Print - ok
09:35:28.0111 6704 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
09:35:28.0127 6704 dot4usb - ok
09:35:28.0205 6704 [ 0B9134A45E88DCF0657382F277242F62 ] DpHost c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
09:35:28.0298 6704 DpHost - ok
09:35:28.0314 6704 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:35:28.0345 6704 DPS - ok
09:35:28.0376 6704 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:35:28.0407 6704 drmkaud - ok
09:35:28.0439 6704 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:35:28.0470 6704 DXGKrnl - ok
09:35:28.0501 6704 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:35:28.0579 6704 EapHost - ok
09:35:28.0688 6704 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:35:28.0751 6704 ebdrv - ok
09:35:28.0797 6704 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:35:28.0860 6704 EFS - ok
09:35:28.0985 6704 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:35:29.0016 6704 ehRecvr - ok
09:35:29.0047 6704 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:35:29.0094 6704 ehSched - ok
09:35:29.0125 6704 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:35:29.0156 6704 elxstor - ok
09:35:29.0172 6704 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:35:29.0187 6704 ErrDev - ok
09:35:29.0219 6704 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:35:29.0265 6704 EventSystem - ok
09:35:29.0281 6704 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:35:29.0328 6704 exfat - ok
09:35:29.0343 6704 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:35:29.0390 6704 fastfat - ok
09:35:29.0421 6704 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:35:29.0437 6704 Fax - ok
09:35:29.0515 6704 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
09:35:29.0531 6704 fdc - ok
09:35:29.0577 6704 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:35:29.0624 6704 fdPHost - ok
09:35:29.0671 6704 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:35:29.0733 6704 FDResPub - ok
09:35:29.0749 6704 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:35:29.0765 6704 FileInfo - ok
09:35:29.0796 6704 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:35:29.0858 6704 Filetrace - ok
09:35:29.0936 6704 [ A814979613C50457ED25FD60C872EBBC ] FLCDLOCK c:\Windows\SysWOW64\flcdlock.exe
09:35:29.0967 6704 FLCDLOCK - ok
09:35:29.0983 6704 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:35:30.0014 6704 flpydisk - ok
09:35:30.0045 6704 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:35:30.0061 6704 FltMgr - ok
09:35:30.0092 6704 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:35:30.0170 6704 FontCache - ok
09:35:30.0295 6704 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:35:30.0326 6704 FontCache3.0.0.0 - ok
09:35:30.0373 6704 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:35:30.0389 6704 FsDepends - ok
09:35:30.0467 6704 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:35:30.0482 6704 Fs_Rec - ok
09:35:30.0513 6704 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:35:30.0529 6704 fvevol - ok
09:35:30.0545 6704 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:35:30.0560 6704 gagp30kx - ok
09:35:30.0685 6704 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
09:35:30.0701 6704 GamesAppService - ok
09:35:30.0763 6704 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:35:30.0810 6704 gpsvc - ok
09:35:30.0841 6704 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:35:30.0872 6704 hcw85cir - ok
09:35:30.0903 6704 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:35:30.0935 6704 HdAudAddService - ok
09:35:30.0950 6704 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:35:30.0981 6704 HDAudBus - ok
09:35:30.0997 6704 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:35:31.0013 6704 HidBatt - ok
09:35:31.0028 6704 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:35:31.0059 6704 HidBth - ok
09:35:31.0075 6704 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
09:35:31.0091 6704 HidIr - ok
09:35:31.0137 6704 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:35:31.0215 6704 hidserv - ok
09:35:31.0247 6704 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:35:31.0262 6704 HidUsb - ok
09:35:31.0340 6704 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:35:31.0418 6704 hkmsvc - ok
09:35:31.0434 6704 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:35:31.0449 6704 HomeGroupListener - ok
09:35:31.0496 6704 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:35:31.0527 6704 HomeGroupProvider - ok
09:35:31.0590 6704 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
09:35:31.0605 6704 HP Support Assistant Service - ok
09:35:31.0652 6704 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
09:35:31.0683 6704 HPClientSvc - ok
09:35:31.0699 6704 [ 8B22BE650A1A32E9C7E224A9A73672E9 ] HPFSService c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
09:35:31.0824 6704 HPFSService ( UnsignedFile.Multi.Generic ) - warning
09:35:31.0824 6704 HPFSService - detected UnsignedFile.Multi.Generic (1)
09:35:31.0886 6704 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
09:35:31.0902 6704 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
09:35:31.0902 6704 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
09:35:31.0917 6704 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
09:35:31.0933 6704 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
09:35:31.0933 6704 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
09:35:32.0105 6704 [ BEA91412B280171463864F682A1DB46E ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
09:35:32.0151 6704 hpqwmiex - ok
09:35:32.0245 6704 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:35:32.0245 6704 HpSAMD - ok
09:35:32.0573 6704 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
09:35:32.0666 6704 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
09:35:32.0666 6704 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
09:35:32.0697 6704 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:35:32.0760 6704 HTTP - ok
09:35:32.0775 6704 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:35:32.0791 6704 hwpolicy - ok
09:35:32.0822 6704 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:35:32.0838 6704 i8042prt - ok
09:35:32.0853 6704 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys
09:35:32.0885 6704 iaStor - ok
09:35:32.0900 6704 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:35:32.0916 6704 iaStorV - ok
09:35:33.0103 6704 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:35:33.0134 6704 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:35:33.0134 6704 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:35:33.0212 6704 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:35:33.0243 6704 idsvc - ok
09:35:33.0571 6704 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:35:33.0696 6704 igfx - ok
09:35:33.0743 6704 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:35:33.0774 6704 iirsp - ok
09:35:33.0805 6704 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:35:33.0852 6704 IKEEXT - ok
09:35:33.0899 6704 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:35:33.0914 6704 intelide - ok
09:35:33.0961 6704 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
09:35:34.0023 6704 intelppm - ok
09:35:34.0055 6704 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:35:34.0133 6704 IPBusEnum - ok
09:35:34.0148 6704 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:35:34.0179 6704 IpFilterDriver - ok
09:35:34.0211 6704 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:35:34.0242 6704 iphlpsvc - ok
09:35:34.0257 6704 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:35:34.0273 6704 IPMIDRV - ok
09:35:34.0289 6704 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:35:34.0320 6704 IPNAT - ok
09:35:34.0367 6704 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:35:34.0398 6704 IRENUM - ok
09:35:34.0445 6704 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:35:34.0460 6704 isapnp - ok
09:35:34.0491 6704 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:35:34.0507 6704 iScsiPrt - ok
09:35:34.0538 6704 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
09:35:34.0585 6704 jhi_service - ok
09:35:34.0632 6704 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:35:34.0647 6704 kbdclass - ok
09:35:34.0725 6704 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:35:34.0772 6704 kbdhid - ok
09:35:34.0835 6704 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:35:34.0850 6704 KeyIso - ok
09:35:34.0897 6704 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:35:34.0928 6704 KSecDD - ok
09:35:34.0959 6704 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:35:34.0975 6704 KSecPkg - ok
09:35:35.0006 6704 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:35:35.0069 6704 ksthunk - ok
09:35:35.0100 6704 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:35:35.0147 6704 KtmRm - ok
09:35:35.0162 6704 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:35:35.0209 6704 LanmanServer - ok
09:35:35.0225 6704 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:35:35.0256 6704 LanmanWorkstation - ok
09:35:35.0349 6704 [ 5EE0BC76EC1157FB5FB2DD82F27D4313 ] License Agent C:\Program Files (x86)\Licensing\License Agent\bin\cla.exe
09:35:36.0566 6704 License Agent ( UnsignedFile.Multi.Generic ) - warning
09:35:36.0566 6704 License Agent - detected UnsignedFile.Multi.Generic (1)
09:35:36.0613 6704 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:35:36.0675 6704 lltdio - ok
09:35:36.0722 6704 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:35:36.0769 6704 lltdsvc - ok
09:35:36.0800 6704 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:35:36.0878 6704 lmhosts - ok
09:35:36.0909 6704 [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:35:36.0909 6704 LMS - ok
09:35:36.0941 6704 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:35:36.0956 6704 LSI_FC - ok
09:35:36.0972 6704 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:35:36.0987 6704 LSI_SAS - ok
09:35:36.0987 6704 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:35:37.0003 6704 LSI_SAS2 - ok
09:35:37.0003 6704 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:35:37.0019 6704 LSI_SCSI - ok
09:35:37.0034 6704 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:35:37.0065 6704 luafv - ok
09:35:37.0097 6704 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:35:37.0097 6704 MBAMProtector - ok
09:35:37.0206 6704 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:35:37.0221 6704 MBAMScheduler - ok
09:35:37.0237 6704 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:35:37.0253 6704 MBAMService - ok
09:35:37.0315 6704 [ CC80431BDA1DE950260E0B267D5D497F ] McAfee Endpoint Encryption Agent C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
09:35:37.0580 6704 McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - warning
09:35:37.0580 6704 McAfee Endpoint Encryption Agent - detected UnsignedFile.Multi.Generic (1)
09:35:37.0689 6704 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:35:37.0736 6704 Mcx2Svc - ok
09:35:37.0767 6704 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
09:35:37.0783 6704 megasas - ok
09:35:37.0877 6704 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:35:37.0892 6704 MegaSR - ok
09:35:37.0923 6704 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
09:35:37.0939 6704 MEIx64 - ok
09:35:38.0001 6704 [ 7478099ADB87A3E4716FFD6B6E4DB68F ] MfeEpeOpal C:\Windows\system32\drivers\MfeEpeOpal.sys
09:35:38.0048 6704 MfeEpeOpal - ok
09:35:38.0048 6704 [ 534A8C42CB84E626F797D04852F6ED01 ] MfeEpePc C:\Windows\system32\drivers\MfeEpePc.sys
09:35:38.0064 6704 MfeEpePc - ok
09:35:38.0251 6704 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
09:35:38.0267 6704 Microsoft Office Groove Audit Service - ok
09:35:38.0313 6704 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:35:38.0407 6704 MMCSS - ok
09:35:38.0423 6704 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:35:38.0469 6704 Modem - ok
09:35:38.0516 6704 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:35:38.0547 6704 monitor - ok
09:35:38.0594 6704 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:35:38.0641 6704 mouclass - ok
09:35:38.0688 6704 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:35:38.0750 6704 mouhid - ok
09:35:38.0766 6704 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:35:38.0781 6704 mountmgr - ok
09:35:38.0813 6704 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:35:38.0828 6704 MpFilter - ok
09:35:38.0844 6704 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:35:38.0844 6704 mpio - ok
09:35:38.0891 6704 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:35:38.0922 6704 mpsdrv - ok
09:35:38.0953 6704 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:35:39.0000 6704 MpsSvc - ok
09:35:39.0031 6704 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:35:39.0047 6704 MRxDAV - ok
09:35:39.0062 6704 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:35:39.0078 6704 mrxsmb - ok
09:35:39.0109 6704 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:35:39.0125 6704 mrxsmb10 - ok
09:35:39.0125 6704 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:35:39.0140 6704 mrxsmb20 - ok
09:35:39.0156 6704 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:35:39.0156 6704 msahci - ok
09:35:39.0171 6704 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:35:39.0187 6704 msdsm - ok
09:35:39.0249 6704 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:35:39.0296 6704 MSDTC - ok
09:35:39.0327 6704 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:35:39.0374 6704 Msfs - ok
09:35:39.0421 6704 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:35:39.0452 6704 mshidkmdf - ok
09:35:39.0483 6704 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:35:39.0499 6704 msisadrv - ok
09:35:39.0530 6704 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:35:39.0577 6704 MSiSCSI - ok
09:35:39.0577 6704 msiserver - ok
09:35:39.0608 6704 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:35:39.0639 6704 MSKSSRV - ok
09:35:39.0686 6704 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:35:39.0702 6704 MsMpSvc - ok
09:35:39.0702 6704 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:35:39.0749 6704 MSPCLOCK - ok
09:35:39.0764 6704 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:35:39.0795 6704 MSPQM - ok
09:35:39.0811 6704 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:35:39.0827 6704 MsRPC - ok
09:35:39.0858 6704 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:35:39.0858 6704 mssmbios - ok
09:35:39.0873 6704 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:35:39.0905 6704 MSTEE - ok
09:35:39.0920 6704 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:35:39.0936 6704 MTConfig - ok
09:35:39.0951 6704 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:35:39.0951 6704 Mup - ok
09:35:39.0983 6704 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:35:40.0014 6704 napagent - ok
09:35:40.0045 6704 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:35:40.0076 6704 NativeWifiP - ok
09:35:40.0123 6704 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:35:40.0154 6704 NDIS - ok
09:35:40.0170 6704 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:35:40.0185 6704 NdisCap - ok
09:35:40.0217 6704 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:35:40.0263 6704 NdisTapi - ok
09:35:40.0263 6704 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:35:40.0295 6704 Ndisuio - ok
09:35:40.0310 6704 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:35:40.0341 6704 NdisWan - ok
09:35:40.0388 6704 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:35:40.0419 6704 NDProxy - ok
09:35:40.0482 6704 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:35:40.0529 6704 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:35:40.0529 6704 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:35:40.0544 6704 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:35:40.0575 6704 NetBIOS - ok
09:35:40.0591 6704 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:35:40.0622 6704 NetBT - ok
09:35:40.0669 6704 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:35:40.0669 6704 Netlogon - ok
09:35:40.0731 6704 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:35:40.0809 6704 Netman - ok
09:35:40.0856 6704 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:35:40.0872 6704 NetMsmqActivator - ok
09:35:40.0887 6704 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:35:40.0887 6704 NetPipeActivator - ok
09:35:40.0903 6704 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:35:40.0950 6704 netprofm - ok
09:35:40.0950 6704 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:35:40.0950 6704 NetTcpActivator - ok
09:35:40.0950 6704 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:35:40.0965 6704 NetTcpPortSharing - ok
09:35:40.0981 6704 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:35:40.0997 6704 nfrd960 - ok
09:35:41.0028 6704 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:35:41.0028 6704 NisDrv - ok
09:35:41.0059 6704 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
09:35:41.0075 6704 NisSrv - ok
09:35:41.0106 6704 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:35:41.0137 6704 NlaSvc - ok
09:35:41.0153 6704 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:35:41.0199 6704 Npfs - ok
09:35:41.0246 6704 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:35:41.0293 6704 nsi - ok
09:35:41.0309 6704 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:35:41.0340 6704 nsiproxy - ok
09:35:41.0387 6704 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:35:41.0418 6704 Ntfs - ok
09:35:41.0433 6704 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:35:41.0465 6704 Null - ok
09:35:41.0496 6704 [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
09:35:41.0511 6704 NVHDA - ok
09:35:41.0777 6704 [ CD90D63B7161CE9F5A3066F320999AB8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:35:42.0057 6704 nvlddmkm - ok
09:35:42.0089 6704 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:35:42.0089 6704 nvraid - ok
09:35:42.0135 6704 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:35:42.0135 6704 nvstor - ok
09:35:42.0167 6704 [ B014B7050A2BEAE115BFCB3A91803D73 ] nvsvc C:\Windows\system32\nvvsvc.exe
09:35:42.0198 6704 nvsvc - ok
09:35:42.0276 6704 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:35:42.0276 6704 nv_agp - ok
09:35:42.0416 6704 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:35:42.0463 6704 odserv - ok
09:35:42.0479 6704 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:35:42.0494 6704 ohci1394 - ok
09:35:42.0525 6704 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:35:42.0541 6704 ose - ok
09:35:42.0572 6704 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:35:42.0588 6704 p2pimsvc - ok
09:35:42.0666 6704 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:35:42.0681 6704 p2psvc - ok
09:35:42.0728 6704 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
09:35:42.0744 6704 Parport - ok
09:35:42.0775 6704 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:35:42.0822 6704 partmgr - ok
09:35:42.0915 6704 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:35:42.0947 6704 PcaSvc - ok
09:35:42.0962 6704 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:35:42.0962 6704 pci - ok
09:35:42.0993 6704 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:35:42.0993 6704 pciide - ok
09:35:43.0025 6704 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:35:43.0040 6704 pcmcia - ok
09:35:43.0040 6704 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:35:43.0056 6704 pcw - ok
09:35:43.0087 6704 pdfcDispatcher - ok
09:35:43.0103 6704 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:35:43.0134 6704 PEAUTH - ok
09:35:43.0165 6704 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:35:43.0196 6704 PeerDistSvc - ok
09:35:43.0305 6704 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:35:43.0337 6704 PerfHost - ok
09:35:43.0383 6704 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:35:43.0430 6704 pla - ok
09:35:43.0477 6704 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:35:43.0508 6704 PlugPlay - ok
09:35:43.0555 6704 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:35:43.0617 6704 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:35:43.0617 6704 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:35:43.0633 6704 [ 0BEE791C7C7ACE453C134E73633C497D ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys
09:35:43.0680 6704 pmxdrv - ok
09:35:43.0727 6704 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:35:43.0789 6704 PNRPAutoReg - ok
09:35:43.0820 6704 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:35:43.0836 6704 PNRPsvc - ok
09:35:43.0867 6704 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:35:43.0929 6704 PolicyAgent - ok
09:35:43.0961 6704 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:35:43.0992 6704 Power - ok
09:35:44.0023 6704 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:35:44.0101 6704 PptpMiniport - ok
09:35:44.0132 6704 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
09:35:44.0148 6704 Processor - ok
09:35:44.0179 6704 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:35:44.0195 6704 ProfSvc - ok
09:35:44.0241 6704 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:35:44.0241 6704 ProtectedStorage - ok
09:35:44.0288 6704 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:35:44.0335 6704 Psched - ok
09:35:44.0382 6704 QDrive - ok
09:35:44.0491 6704 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:35:44.0522 6704 ql2300 - ok
09:35:44.0553 6704 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:35:44.0553 6704 ql40xx - ok
09:35:44.0600 6704 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:35:44.0616 6704 QWAVE - ok
09:35:44.0663 6704 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:35:44.0725 6704 QWAVEdrv - ok
09:35:44.0725 6704 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:35:44.0772 6704 RasAcd - ok
09:35:44.0803 6704 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:35:44.0881 6704 RasAgileVpn - ok
09:35:44.0928 6704 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:35:45.0006 6704 RasAuto - ok
09:35:45.0021 6704 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:35:45.0053 6704 Rasl2tp - ok
09:35:45.0115 6704 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:35:45.0162 6704 RasMan - ok
09:35:45.0193 6704 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:35:45.0271 6704 RasPppoe - ok
09:35:45.0302 6704 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:35:45.0396 6704 RasSstp - ok
09:35:45.0411 6704 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:35:45.0443 6704 rdbss - ok
09:35:45.0474 6704 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
09:35:45.0536 6704 rdpbus - ok
09:35:45.0552 6704 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:35:45.0599 6704 RDPCDD - ok
09:35:45.0630 6704 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:35:45.0645 6704 RDPDR - ok
09:35:45.0645 6704 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:35:45.0677 6704 RDPENCDD - ok
09:35:45.0692 6704 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:35:45.0708 6704 RDPREFMP - ok
09:35:45.0755 6704 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:35:45.0786 6704 RDPWD - ok
09:35:45.0801 6704 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:35:45.0801 6704 rdyboost - ok
09:35:45.0817 6704 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:35:45.0848 6704 RemoteAccess - ok
09:35:45.0879 6704 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:35:45.0926 6704 RemoteRegistry - ok
09:35:45.0957 6704 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:35:46.0035 6704 RpcEptMapper - ok
09:35:46.0082 6704 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:35:46.0098 6704 RpcLocator - ok
09:35:46.0176 6704 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:35:46.0223 6704 RpcSs - ok
09:35:46.0269 6704 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:35:46.0316 6704 rspndr - ok
09:35:46.0347 6704 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
09:35:46.0363 6704 RTL8167 - ok
09:35:46.0379 6704 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:35:46.0425 6704 s3cap - ok
09:35:46.0457 6704 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:35:46.0472 6704 SamSs - ok
09:35:46.0503 6704 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:35:46.0519 6704 sbp2port - ok
09:35:46.0535 6704 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:35:46.0597 6704 SCardSvr - ok
09:35:46.0644 6704 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:35:46.0722 6704 scfilter - ok
09:35:46.0753 6704 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:35:46.0831 6704 Schedule - ok
09:35:46.0862 6704 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:35:46.0878 6704 SCPolicySvc - ok
09:35:46.0893 6704 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:35:46.0909 6704 SDRSVC - ok
09:35:46.0956 6704 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:35:47.0034 6704 secdrv - ok
09:35:47.0081 6704 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:35:47.0127 6704 seclogon - ok
09:35:47.0127 6704 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:35:47.0221 6704 SENS - ok
09:35:47.0221 6704 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:35:47.0237 6704 SensrSvc - ok
09:35:47.0268 6704 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
09:35:47.0283 6704 Serenum - ok
09:35:47.0283 6704 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
09:35:47.0299 6704 Serial - ok
09:35:47.0330 6704 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:35:47.0346 6704 sermouse - ok
09:35:47.0361 6704 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:35:47.0408 6704 SessionEnv - ok
09:35:47.0424 6704 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:35:47.0455 6704 sffdisk - ok
09:35:47.0471 6704 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:35:47.0486 6704 sffp_mmc - ok
09:35:47.0486 6704 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:35:47.0502 6704 sffp_sd - ok
09:35:47.0502 6704 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:35:47.0533 6704 sfloppy - ok
09:35:47.0549 6704 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:35:47.0580 6704 SharedAccess - ok
09:35:47.0689 6704 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:35:47.0751 6704 ShellHWDetection - ok
09:35:47.0767 6704 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:35:47.0783 6704 SiSRaid2 - ok
09:35:47.0814 6704 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:35:47.0814 6704 SiSRaid4 - ok
09:35:47.0985 6704 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
09:35:48.0048 6704 Skype C2C Service - ok
09:35:48.0173 6704 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:35:48.0219 6704 SkypeUpdate - ok
09:35:48.0251 6704 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:35:48.0266 6704 Smb - ok
09:35:48.0360 6704 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:35:48.0422 6704 SNMPTRAP - ok
09:35:48.0422 6704 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:35:48.0438 6704 spldr - ok
09:35:48.0469 6704 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:35:48.0500 6704 Spooler - ok
09:35:48.0750 6704 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:35:48.0890 6704 sppsvc - ok
09:35:48.0921 6704 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:35:48.0968 6704 sppuinotify - ok
09:35:48.0984 6704 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:35:49.0015 6704 srv - ok
09:35:49.0031 6704 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:35:49.0046 6704 srv2 - ok
09:35:49.0046 6704 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:35:49.0062 6704 srvnet - ok
09:35:49.0093 6704 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:35:49.0140 6704 SSDPSRV - ok
09:35:49.0155 6704 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:35:49.0187 6704 SstpSvc - ok
09:35:49.0280 6704 [ E942412186178B1331F8335E30FA076F ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
09:35:49.0358 6704 STacSV - ok
09:35:49.0389 6704 [ 218D527116A4DC9EBAE3B1832DA01C54 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:35:49.0389 6704 Stereo Service - ok
09:35:49.0405 6704 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:35:49.0421 6704 stexstor - ok
09:35:49.0436 6704 [ DCC8845692DEA3477BCF6CE9D06C711F ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
09:35:49.0452 6704 STHDA - ok
09:35:49.0514 6704 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:35:49.0561 6704 stisvc - ok
09:35:49.0592 6704 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:35:49.0592 6704 storflt - ok
09:35:49.0623 6704 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
09:35:49.0686 6704 StorSvc - ok
09:35:49.0733 6704 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:35:49.0748 6704 storvsc - ok
09:35:49.0795 6704 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:35:49.0842 6704 swenum - ok
09:35:49.0842 6704 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:35:49.0889 6704 swprv - ok
09:35:49.0935 6704 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:35:49.0967 6704 SysMain - ok
09:35:50.0029 6704 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:35:50.0076 6704 TabletInputService - ok
09:35:50.0091 6704 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:35:50.0138 6704 TapiSrv - ok
09:35:50.0169 6704 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:35:50.0232 6704 TBS - ok
09:35:50.0279 6704 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:35:50.0325 6704 Tcpip - ok
09:35:50.0357 6704 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:35:50.0388 6704 TCPIP6 - ok
09:35:50.0435 6704 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:35:50.0466 6704 tcpipreg - ok
09:35:50.0513 6704 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:35:50.0559 6704 TDPIPE - ok
09:35:50.0591 6704 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:35:50.0653 6704 TDTCP - ok
09:35:50.0669 6704 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:35:50.0684 6704 tdx - ok
09:35:50.0700 6704 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:35:50.0700 6704 TermDD - ok
09:35:50.0731 6704 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:35:50.0778 6704 TermService - ok
09:35:50.0809 6704 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:35:50.0856 6704 Themes - ok
09:35:50.0903 6704 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:35:50.0949 6704 THREADORDER - ok
09:35:50.0996 6704 [ DA632FAE7B5629032B2C24E1BE29168B ] tihub3 C:\Windows\system32\drivers\tihub3.sys
09:35:51.0012 6704 tihub3 - ok
09:35:51.0074 6704 [ E2083499BD967396B3449C56EC8CFA70 ] tixhci C:\Windows\system32\drivers\tixhci.sys
09:35:51.0090 6704 tixhci - ok
09:35:51.0121 6704 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:35:51.0152 6704 TrkWks - ok
09:35:51.0261 6704 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:35:51.0324 6704 TrustedInstaller - ok
09:35:51.0355 6704 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:35:51.0449 6704 tssecsrv - ok
09:35:51.0495 6704 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:35:51.0511 6704 TsUsbFlt - ok
09:35:51.0527 6704 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:35:51.0542 6704 TsUsbGD - ok
09:35:51.0948 6704 [ DD296C78B0D2C3F5E42DC0D2972CD992 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
09:35:51.0995 6704 TuneUp.UtilitiesSvc - ok
09:35:52.0026 6704 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys
09:35:52.0026 6704 TuneUpUtilitiesDrv - ok
09:35:52.0057 6704 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:35:52.0104 6704 tunnel - ok
09:35:52.0119 6704 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:35:52.0119 6704 uagp35 - ok
09:35:52.0166 6704 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:35:52.0197 6704 udfs - ok
09:35:52.0244 6704 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:35:52.0291 6704 UI0Detect - ok
09:35:52.0322 6704 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:35:52.0338 6704 uliagpkx - ok
09:35:52.0369 6704 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:35:52.0416 6704 umbus - ok
09:35:52.0431 6704 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:35:52.0463 6704 UmPass - ok
09:35:52.0478 6704 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
09:35:52.0509 6704 UmRdpService - ok
09:35:52.0759 6704 [ DB641944F7E4B14C13C3FEFC89843F69 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:35:52.0806 6704 UNS - ok
09:35:52.0853 6704 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:35:52.0884 6704 upnphost - ok
09:35:52.0931 6704 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:35:52.0962 6704 usbaudio - ok
09:35:52.0993 6704 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:35:53.0009 6704 usbccgp - ok
09:35:53.0040 6704 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:35:53.0055 6704 usbcir - ok
09:35:53.0087 6704 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:35:53.0133 6704 usbehci - ok
09:35:53.0165 6704 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
09:35:53.0196 6704 usbhub - ok
09:35:53.0211 6704 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:35:53.0227 6704 usbohci - ok
09:35:53.0258 6704 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:35:53.0274 6704 usbprint - ok
09:35:53.0289 6704 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:35:53.0305 6704 usbscan - ok
09:35:53.0321 6704 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:35:53.0352 6704 USBSTOR - ok
09:35:53.0430 6704 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:35:53.0461 6704 usbuhci - ok
09:35:53.0508 6704 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:35:53.0586 6704 UxSms - ok
09:35:53.0617 6704 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:35:53.0633 6704 VaultSvc - ok
09:35:53.0742 6704 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:35:53.0757 6704 vdrvroot - ok
09:35:53.0867 6704 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:35:53.0913 6704 vds - ok
09:35:53.0929 6704 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:35:53.0945 6704 vga - ok
09:35:53.0960 6704 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:35:53.0991 6704 VgaSave - ok
09:35:54.0007 6704 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:35:54.0023 6704 vhdmp - ok
09:35:54.0054 6704 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:35:54.0054 6704 viaide - ok
09:35:54.0069 6704 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:35:54.0085 6704 vmbus - ok
09:35:54.0101 6704 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:35:54.0116 6704 VMBusHID - ok
09:35:54.0116 6704 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:35:54.0116 6704 volmgr - ok
09:35:54.0132 6704 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:35:54.0132 6704 volmgrx - ok
09:35:54.0147 6704 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:35:54.0163 6704 volsnap - ok
09:35:54.0179 6704 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:35:54.0179 6704 vsmraid - ok
09:35:54.0225 6704 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:35:54.0303 6704 VSS - ok
09:35:54.0428 6704 [ EF11725916A69DFAF82AB26EC219F088 ] vToolbarUpdater13.3.2 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe
09:35:54.0459 6704 vToolbarUpdater13.3.2 - ok
09:35:54.0506 6704 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:35:54.0569 6704 vwifibus - ok
09:35:54.0647 6704 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:35:54.0678 6704 W32Time - ok
09:35:54.0771 6704 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
09:35:54.0803 6704 W3SVC - ok
09:35:54.0834 6704 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:35:54.0849 6704 WacomPen - ok
09:35:54.0881 6704 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:35:54.0927 6704 WANARP - ok
09:35:54.0927 6704 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:35:54.0959 6704 Wanarpv6 - ok
09:35:54.0974 6704 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
09:35:54.0990 6704 WAS - ok
09:35:55.0068 6704 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:35:55.0115 6704 WatAdminSvc - ok
09:35:55.0208 6704 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:35:55.0255 6704 wbengine - ok
09:35:55.0302 6704 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:35:55.0317 6704 WbioSrvc - ok
09:35:55.0364 6704 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:35:55.0395 6704 wcncsvc - ok
09:35:55.0427 6704 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:35:55.0442 6704 WcsPlugInService - ok
09:35:55.0505 6704 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
09:35:55.0520 6704 Wd - ok
09:35:55.0567 6704 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:35:55.0583 6704 Wdf01000 - ok
09:35:55.0645 6704 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:35:55.0739 6704 WdiServiceHost - ok
09:35:55.0739 6704 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:35:55.0754 6704 WdiSystemHost - ok
09:35:55.0770 6704 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:35:55.0817 6704 WebClient - ok
09:35:55.0832 6704 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:35:55.0863 6704 Wecsvc - ok
09:35:55.0895 6704 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:35:55.0941 6704 wercplsupport - ok
09:35:56.0004 6704 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:35:56.0066 6704 WerSvc - ok
09:35:56.0097 6704 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:35:56.0113 6704 WfpLwf - ok
09:35:56.0144 6704 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:35:56.0144 6704 WIMMount - ok
09:35:56.0191 6704 WinDefend - ok
09:35:56.0191 6704 WinHttpAutoProxySvc - ok
09:35:56.0316 6704 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:35:56.0394 6704 Winmgmt - ok
09:35:56.0441 6704 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:35:56.0487 6704 WinRM - ok
09:35:56.0550 6704 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
09:35:56.0565 6704 WinUsb - ok
09:35:56.0597 6704 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:35:56.0628 6704 Wlansvc - ok
09:35:56.0706 6704 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:35:56.0753 6704 WmiAcpi - ok
09:35:56.0799 6704 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:35:56.0831 6704 wmiApSrv - ok
09:35:56.0893 6704 WMPNetworkSvc - ok
09:35:56.0971 6704 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:35:56.0987 6704 WPCSvc - ok
09:35:57.0033 6704 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:35:57.0065 6704 WPDBusEnum - ok
09:35:57.0111 6704 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:35:57.0158 6704 ws2ifsl - ok
09:35:57.0205 6704 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:35:57.0236 6704 wscsvc - ok
09:35:57.0236 6704 WSearch - ok
09:35:57.0299 6704 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:35:57.0345 6704 wuauserv - ok
09:35:57.0377 6704 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:35:57.0392 6704 WudfPf - ok
09:35:57.0486 6704 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:35:57.0564 6704 WUDFRd - ok
09:35:57.0611 6704 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:35:57.0657 6704 wudfsvc - ok
09:35:57.0689 6704 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:35:57.0720 6704 WwanSvc - ok
09:35:57.0751 6704 ================ Scan global ===============================
09:35:57.0813 6704 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:35:57.0845 6704 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
09:35:57.0860 6704 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
09:35:57.0923 6704 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:35:57.0985 6704 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:35:58.0016 6704 [Global] - ok
09:35:58.0016 6704 ================ Scan MBR ==================================
09:35:58.0016 6704 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:35:58.0734 6704 \Device\Harddisk0\DR0 - ok
09:35:58.0734 6704 ================ Scan VBR ==================================
09:35:58.0781 6704 [ F3AC84F83B92B260B8D6BCA095888F04 ] \Device\Harddisk0\DR0\Partition1
09:35:58.0781 6704 \Device\Harddisk0\DR0\Partition1 - ok
09:35:58.0812 6704 [ F8CD18AAFBB4EF76DC2A345ADF64B58B ] \Device\Harddisk0\DR0\Partition2
09:35:58.0812 6704 \Device\Harddisk0\DR0\Partition2 - ok
09:35:58.0843 6704 [ EB2A03E25EFF45670B0A309DB4DDA91E ] \Device\Harddisk0\DR0\Partition3
09:35:58.0843 6704 \Device\Harddisk0\DR0\Partition3 - ok
09:35:58.0843 6704 ============================================================
09:35:58.0843 6704 Scan finished
09:35:58.0843 6704 ============================================================
09:35:58.0859 6064 Detected object count: 9
09:35:58.0859 6064 Actual detected object count: 9
09:36:47.0344 6064 HPFSService ( UnsignedFile.Multi.Generic ) - skipped by user
09:36:47.0344 6064 HPFSService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:36:47.0344 6064 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
09:36:47.0344 6064 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:36:47.0344 6064 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:36:47.0344 6064 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:36:47.0344 6064 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
09:36:47.0344 6064 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:36:47.0359 6064 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:36:47.0359 6064 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:36:47.0359 6064 License Agent ( UnsignedFile.Multi.Generic ) - skipped by user
09:36:47.0359 6064 License Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:36:47.0359 6064 McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - skipped by user
09:36:47.0359 6064 McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:36:47.0359 6064 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:36:47.0359 6064 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:36:47.0359 6064 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:36:47.0359 6064 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:41:58.0757 3488 ============================================================
09:41:58.0757 3488 Scan started
09:41:58.0757 3488 Mode: Manual; SigCheck; TDLFS;
09:41:58.0757 3488 ============================================================
09:41:59.0162 3488 ================ Scan system memory ========================
09:41:59.0162 3488 System memory - ok
09:41:59.0162 3488 ================ Scan services =============================
09:41:59.0287 3488 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:41:59.0318 3488 1394ohci - ok
09:41:59.0334 3488 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:41:59.0334 3488 ACPI - ok
09:41:59.0350 3488 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:41:59.0365 3488 AcpiPmi - ok
09:41:59.0428 3488 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:41:59.0428 3488 AdobeARMservice - ok
09:41:59.0474 3488 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:41:59.0490 3488 adp94xx - ok
09:41:59.0521 3488 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:41:59.0537 3488 adpahci - ok
09:41:59.0568 3488 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:41:59.0568 3488 adpu320 - ok
09:41:59.0599 3488 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:41:59.0630 3488 AeLookupSvc - ok
09:41:59.0708 3488 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
09:41:59.0724 3488 AESTFilters - ok
09:41:59.0755 3488 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:41:59.0771 3488 AFD - ok
09:41:59.0786 3488 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:41:59.0802 3488 agp440 - ok
09:41:59.0833 3488 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:41:59.0833 3488 ALG - ok
09:41:59.0880 3488 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:41:59.0880 3488 aliide - ok
09:41:59.0896 3488 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:41:59.0896 3488 amdide - ok
09:41:59.0911 3488 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:41:59.0927 3488 AmdK8 - ok
09:41:59.0942 3488 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
09:41:59.0958 3488 AmdPPM - ok
09:41:59.0974 3488 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:41:59.0989 3488 amdsata - ok
09:42:00.0020 3488 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:42:00.0036 3488 amdsbs - ok
09:42:00.0067 3488 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:42:00.0083 3488 amdxata - ok
09:42:00.0161 3488 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
09:42:00.0176 3488 AppHostSvc - ok
09:42:00.0223 3488 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:42:00.0270 3488 AppID - ok
09:42:00.0317 3488 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:42:00.0348 3488 AppIDSvc - ok
09:42:00.0348 3488 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:42:00.0379 3488 Appinfo - ok
09:42:00.0410 3488 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:42:00.0426 3488 AppMgmt - ok
09:42:00.0442 3488 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
09:42:00.0457 3488 arc - ok
09:42:00.0473 3488 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:42:00.0488 3488 arcsas - ok
09:42:00.0551 3488 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:42:00.0566 3488 aspnet_state - ok
09:42:00.0598 3488 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:42:00.0644 3488 AsyncMac - ok
09:42:00.0644 3488 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:42:00.0660 3488 atapi - ok
09:42:00.0676 3488 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:42:00.0707 3488 AudioEndpointBuilder - ok
09:42:00.0722 3488 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:42:00.0738 3488 AudioSrv - ok
09:42:00.0847 3488 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
09:42:00.0925 3488 AVGIDSAgent - ok
09:42:00.0941 3488 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
09:42:00.0956 3488 AVGIDSDriver - ok
09:42:00.0972 3488 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
09:42:00.0972 3488 AVGIDSHA - ok
09:42:01.0003 3488 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
09:42:01.0003 3488 Avgldx64 - ok
09:42:01.0003 3488 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
09:42:01.0019 3488 Avgloga - ok
09:42:01.0019 3488 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
09:42:01.0034 3488 Avgmfx64 - ok
09:42:01.0066 3488 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
09:42:01.0066 3488 Avgrkx64 - ok
09:42:01.0112 3488 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
09:42:01.0112 3488 Avgtdia - ok
09:42:01.0144 3488 [ EFF8B98EA8A7FF52B8A7FD07FED7C6B6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
09:42:01.0159 3488 avgtp - ok
09:42:01.0175 3488 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
09:42:01.0190 3488 avgwd - ok
09:42:01.0222 3488 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:42:01.0237 3488 AxInstSV - ok
09:42:01.0284 3488 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:42:01.0315 3488 b06bdrv - ok
09:42:01.0331 3488 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:42:01.0346 3488 b57nd60a - ok
09:42:01.0362 3488 [ 28A4012E68BC9597BCB9B26B51AAC4B6 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
09:42:01.0378 3488 BBSvc - ok
09:42:01.0393 3488 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
09:42:01.0409 3488 BBUpdate - ok
09:42:01.0456 3488 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:42:01.0502 3488 BDESVC - ok
09:42:01.0502 3488 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:42:01.0534 3488 Beep - ok
09:42:01.0549 3488 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:42:01.0565 3488 BFE - ok
09:42:01.0596 3488 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:42:01.0627 3488 BITS - ok
09:42:01.0627 3488 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
09:42:01.0643 3488 blbdrive - ok
09:42:01.0674 3488 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:42:01.0690 3488 bowser - ok
09:42:01.0705 3488 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:42:01.0721 3488 BrFiltLo - ok
09:42:01.0736 3488 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:42:01.0736 3488 BrFiltUp - ok
09:42:01.0783 3488 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:42:01.0814 3488 Browser - ok
09:42:01.0846 3488 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:42:01.0861 3488 Brserid - ok
09:42:01.0861 3488 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:42:01.0877 3488 BrSerWdm - ok
09:42:01.0892 3488 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:42:01.0908 3488 BrUsbMdm - ok
09:42:01.0924 3488 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:42:01.0924 3488 BrUsbSer - ok
09:42:01.0939 3488 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:42:01.0955 3488 BTHMODEM - ok
09:42:02.0017 3488 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:42:02.0064 3488 bthserv - ok
09:42:02.0095 3488 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:42:02.0126 3488 cdfs - ok
09:42:02.0142 3488 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:42:02.0158 3488 cdrom - ok
09:42:02.0158 3488 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:42:02.0189 3488 CertPropSvc - ok
09:42:02.0189 3488 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
09:42:02.0204 3488 circlass - ok
09:42:02.0220 3488 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:42:02.0236 3488 CLFS - ok
09:42:02.0282 3488 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:42:02.0298 3488 clr_optimization_v2.0.50727_32 - ok
09:42:02.0376 3488 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:42:02.0392 3488 clr_optimization_v2.0.50727_64 - ok
09:42:02.0438 3488 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:42:02.0454 3488 clr_optimization_v4.0.30319_32 - ok
09:42:02.0470 3488 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:42:02.0485 3488 clr_optimization_v4.0.30319_64 - ok
09:42:02.0501 3488 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
09:42:02.0501 3488 CmBatt - ok
09:42:02.0516 3488 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:42:02.0532 3488 cmdide - ok
09:42:02.0548 3488 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:42:02.0563 3488 CNG - ok
09:42:02.0579 3488 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:42:02.0594 3488 Compbatt - ok
09:42:02.0641 3488 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:42:02.0657 3488 CompositeBus - ok
09:42:02.0657 3488 COMSysApp - ok
09:42:02.0704 3488 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:42:02.0719 3488 crcdisk - ok
09:42:02.0735 3488 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:42:02.0750 3488 CryptSvc - ok
09:42:02.0782 3488 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
09:42:02.0797 3488 CSC - ok
09:42:02.0875 3488 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
09:42:02.0891 3488 CscService - ok
09:42:02.0906 3488 [ B9AAC23BCC9326E5E50D937FECB7DCB5 ] DAMDrv C:\Windows\system32\DRIVERS\DAMDrv64.sys
09:42:02.0906 3488 DAMDrv - ok
09:42:02.0938 3488 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:42:02.0969 3488 DcomLaunch - ok
09:42:02.0984 3488 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:42:03.0000 3488 defragsvc - ok
09:42:03.0031 3488 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:42:03.0047 3488 DfsC - ok
09:42:03.0078 3488 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:42:03.0094 3488 Dhcp - ok
09:42:03.0109 3488 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:42:03.0125 3488 discache - ok
09:42:03.0125 3488 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
09:42:03.0140 3488 Disk - ok
09:42:03.0156 3488 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
09:42:03.0172 3488 dmvsc - ok
09:42:03.0187 3488 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:42:03.0203 3488 Dnscache - ok
09:42:03.0218 3488 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:42:03.0250 3488 dot3svc - ok
09:42:03.0265 3488 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
09:42:03.0281 3488 Dot4 - ok
09:42:03.0296 3488 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:42:03.0296 3488 Dot4Print - ok
09:42:03.0312 3488 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
09:42:03.0328 3488 dot4usb - ok
09:42:03.0374 3488 [ 0B9134A45E88DCF0657382F277242F62 ] DpHost c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
09:42:03.0374 3488 DpHost - ok
09:42:03.0406 3488 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:42:03.0421 3488 DPS - ok
09:42:03.0515 3488 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:42:03.0530 3488 drmkaud - ok
09:42:03.0546 3488 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:42:03.0562 3488 DXGKrnl - ok
09:42:03.0608 3488 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:42:03.0640 3488 EapHost - ok
09:42:03.0733 3488 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:42:03.0764 3488 ebdrv - ok
09:42:03.0780 3488 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:42:03.0796 3488 EFS - ok
09:42:03.0889 3488 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:42:03.0905 3488 ehRecvr - ok
09:42:03.0936 3488 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:42:03.0952 3488 ehSched - ok
09:42:03.0998 3488 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:42:04.0014 3488 elxstor - ok
09:42:04.0030 3488 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:42:04.0045 3488 ErrDev - ok
09:42:04.0061 3488 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:42:04.0092 3488 EventSystem - ok
09:42:04.0108 3488 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:42:04.0139 3488 exfat - ok
09:42:04.0139 3488 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:42:04.0170 3488 fastfat - ok
09:42:04.0186 3488 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:42:04.0217 3488 Fax - ok
09:42:04.0232 3488 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
09:42:04.0232 3488 fdc - ok
09:42:04.0279 3488 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:42:04.0326 3488 fdPHost - ok
09:42:04.0326 3488 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:42:04.0357 3488 FDResPub - ok
09:42:04.0388 3488 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:42:04.0404 3488 FileInfo - ok
09:42:04.0435 3488 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:42:04.0466 3488 Filetrace - ok
09:42:04.0544 3488 [ A814979613C50457ED25FD60C872EBBC ] FLCDLOCK c:\Windows\SysWOW64\flcdlock.exe
09:42:04.0576 3488 FLCDLOCK - ok
09:42:04.0607 3488 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:42:04.0607 3488 flpydisk - ok
09:42:04.0622 3488 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:42:04.0638 3488 FltMgr - ok
09:42:04.0669 3488 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:42:04.0716 3488 FontCache - ok
09:42:04.0856 3488 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:42:04.0856 3488 FontCache3.0.0.0 - ok
09:42:04.0872 3488 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:42:04.0888 3488 FsDepends - ok
09:42:04.0950 3488 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:42:04.0966 3488 Fs_Rec - ok
09:42:05.0012 3488 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:42:05.0028 3488 fvevol - ok
09:42:05.0059 3488 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:42:05.0059 3488 gagp30kx - ok
09:42:05.0153 3488 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
09:42:05.0168 3488 GamesAppService - ok
09:42:05.0200 3488 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:42:05.0231 3488 gpsvc - ok
09:42:05.0246 3488 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:42:05.0262 3488 hcw85cir - ok
09:42:05.0262 3488 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:42:05.0278 3488 HdAudAddService - ok
09:42:05.0293 3488 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:42:05.0309 3488 HDAudBus - ok
09:42:05.0309 3488 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:42:05.0324 3488 HidBatt - ok
09:42:05.0340 3488 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:42:05.0340 3488 HidBth - ok
09:42:05.0356 3488 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
09:42:05.0371 3488 HidIr - ok
09:42:05.0418 3488 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:42:05.0434 3488 hidserv - ok
09:42:05.0512 3488 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:42:05.0527 3488 HidUsb - ok
09:42:05.0590 3488 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:42:05.0636 3488 hkmsvc - ok
09:42:05.0668 3488 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:42:05.0683 3488 HomeGroupListener - ok
09:42:05.0714 3488 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:42:05.0714 3488 HomeGroupProvider - ok
09:42:05.0777 3488 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
09:42:05.0792 3488 HP Support Assistant Service - ok
09:42:05.0839 3488 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
09:42:05.0870 3488 HPClientSvc - ok
09:42:05.0886 3488 [ 8B22BE650A1A32E9C7E224A9A73672E9 ] HPFSService c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
09:42:05.0902 3488 HPFSService ( UnsignedFile.Multi.Generic ) - warning
09:42:05.0902 3488 HPFSService - detected UnsignedFile.Multi.Generic (1)
09:42:05.0948 3488 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
09:42:05.0948 3488 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
09:42:05.0948 3488 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
09:42:05.0964 3488 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
09:42:05.0964 3488 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
09:42:05.0964 3488 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
09:42:06.0042 3488 [ BEA91412B280171463864F682A1DB46E ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
09:42:06.0058 3488 hpqwmiex - ok
09:42:06.0104 3488 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:42:06.0104 3488 HpSAMD - ok
09:42:06.0151 3488 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
09:42:06.0167 3488 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
09:42:06.0167 3488 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
09:42:06.0214 3488 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:42:06.0245 3488 HTTP - ok
09:42:06.0245 3488 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:42:06.0260 3488 hwpolicy - ok
09:42:06.0276 3488 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:42:06.0276 3488 i8042prt - ok
09:42:06.0292 3488 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys
09:42:06.0307 3488 iaStor - ok
09:42:06.0307 3488 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:42:06.0323 3488 iaStorV - ok
09:42:06.0479 3488 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:42:06.0494 3488 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:42:06.0494 3488 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:42:06.0541 3488 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:42:06.0557 3488 idsvc - ok
09:42:06.0650 3488 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:42:06.0728 3488 igfx - ok
09:42:06.0744 3488 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:42:06.0744 3488 iirsp - ok
09:42:06.0775 3488 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:42:06.0806 3488 IKEEXT - ok
09:42:06.0822 3488 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:42:06.0838 3488 intelide - ok
09:42:06.0869 3488 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
09:42:06.0884 3488 intelppm - ok
09:42:06.0900 3488 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:42:06.0916 3488 IPBusEnum - ok
09:42:06.0947 3488 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:42:06.0994 3488 IpFilterDriver - ok
09:42:07.0009 3488 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:42:07.0025 3488 iphlpsvc - ok
09:42:07.0056 3488 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:42:07.0056 3488 IPMIDRV - ok
09:42:07.0072 3488 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:42:07.0103 3488 IPNAT - ok
09:42:07.0150 3488 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:42:07.0165 3488 IRENUM - ok
09:42:07.0212 3488 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:42:07.0228 3488 isapnp - ok
09:42:07.0243 3488 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:42:07.0259 3488 iScsiPrt - ok
09:42:07.0274 3488 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
09:42:07.0290 3488 jhi_service - ok
09:42:07.0337 3488 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:42:07.0337 3488 kbdclass - ok
09:42:07.0415 3488 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:42:07.0430 3488 kbdhid - ok
09:42:07.0508 3488 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:42:07.0524 3488 KeyIso - ok
09:42:07.0586 3488 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:42:07.0602 3488 KSecDD - ok
09:42:07.0602 3488 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:42:07.0618 3488 KSecPkg - ok
09:42:07.0633 3488 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:42:07.0649 3488 ksthunk - ok
09:42:07.0664 3488 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:42:07.0696 3488 KtmRm - ok
09:42:07.0711 3488 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:42:07.0742 3488 LanmanServer - ok
09:42:07.0758 3488 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:42:07.0789 3488 LanmanWorkstation - ok
09:42:07.0867 3488 [ 5EE0BC76EC1157FB5FB2DD82F27D4313 ] License Agent C:\Program Files (x86)\Licensing\License Agent\bin\cla.exe
09:42:07.0914 3488 License Agent ( UnsignedFile.Multi.Generic ) - warning
09:42:07.0914 3488 License Agent - detected UnsignedFile.Multi.Generic (1)
09:42:07.0961 3488 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:42:07.0976 3488 lltdio - ok
09:42:08.0023 3488 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:42:08.0054 3488 lltdsvc - ok
09:42:08.0086 3488 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:42:08.0117 3488 lmhosts - ok
09:42:08.0148 3488 [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:42:08.0164 3488 LMS - ok
09:42:08.0179 3488 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:42:08.0195 3488 LSI_FC - ok
09:42:08.0210 3488 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:42:08.0226 3488 LSI_SAS - ok
09:42:08.0226 3488 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:42:08.0242 3488 LSI_SAS2 - ok
09:42:08.0257 3488 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:42:08.0257 3488 LSI_SCSI - ok
09:42:08.0288 3488 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:42:08.0304 3488 luafv - ok
09:42:08.0320 3488 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:42:08.0335 3488 MBAMProtector - ok
09:42:08.0398 3488 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:42:08.0413 3488 MBAMScheduler - ok
09:42:08.0444 3488 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:42:08.0444 3488 MBAMService - ok
09:42:08.0507 3488 [ CC80431BDA1DE950260E0B267D5D497F ] McAfee Endpoint Encryption Agent C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
09:42:08.0522 3488 McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - warning
09:42:08.0522 3488 McAfee Endpoint Encryption Agent - detected UnsignedFile.Multi.Generic (1)
09:42:08.0538 3488 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:42:08.0554 3488 Mcx2Svc - ok
09:42:08.0569 3488 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
09:42:08.0569 3488 megasas - ok
09:42:08.0585 3488 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:42:08.0600 3488 MegaSR - ok
09:42:08.0647 3488 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
09:42:08.0663 3488 MEIx64 - ok
09:42:08.0694 3488 [ 7478099ADB87A3E4716FFD6B6E4DB68F ] MfeEpeOpal C:\Windows\system32\drivers\MfeEpeOpal.sys
09:42:08.0710 3488 MfeEpeOpal - ok
09:42:08.0710 3488 [ 534A8C42CB84E626F797D04852F6ED01 ] MfeEpePc C:\Windows\system32\drivers\MfeEpePc.sys
09:42:08.0710 3488 MfeEpePc - ok
09:42:08.0772 3488 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
09:42:08.0772 3488 Microsoft Office Groove Audit Service - ok
09:42:08.0819 3488 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:42:08.0850 3488 MMCSS - ok
09:42:08.0881 3488 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:42:08.0912 3488 Modem - ok
09:42:08.0944 3488 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:42:08.0959 3488 monitor - ok
09:42:08.0959 3488 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:42:08.0975 3488 mouclass - ok
09:42:09.0037 3488 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:42:09.0053 3488 mouhid - ok
09:42:09.0084 3488 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:42:09.0084 3488 mountmgr - ok
09:42:09.0100 3488 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:42:09.0115 3488 MpFilter - ok
09:42:09.0131 3488 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:42:09.0131 3488 mpio - ok
09:42:09.0178 3488 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:42:09.0193 3488 mpsdrv - ok
09:42:09.0256 3488 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:42:09.0287 3488 MpsSvc - ok
09:42:09.0302 3488 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:42:09.0318 3488 MRxDAV - ok
09:42:09.0334 3488 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:42:09.0349 3488 mrxsmb - ok
09:42:09.0396 3488 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:42:09.0412 3488 mrxsmb10 - ok
09:42:09.0412 3488 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:42:09.0427 3488 mrxsmb20 - ok
09:42:09.0443 3488 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:42:09.0443 3488 msahci - ok
09:42:09.0458 3488 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:42:09.0474 3488 msdsm - ok
09:42:09.0490 3488 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:42:09.0521 3488 MSDTC - ok
09:42:09.0536 3488 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:42:09.0568 3488 Msfs - ok
09:42:09.0599 3488 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:42:09.0630 3488 mshidkmdf - ok
09:42:09.0646 3488 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:42:09.0646 3488 msisadrv - ok
09:42:09.0692 3488 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:42:09.0724 3488 MSiSCSI - ok
09:42:09.0724 3488 msiserver - ok
09:42:09.0739 3488 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:42:09.0770 3488 MSKSSRV - ok
09:42:09.0802 3488 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:42:09.0802 3488 MsMpSvc - ok
09:42:09.0817 3488 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:42:09.0848 3488 MSPCLOCK - ok
09:42:09.0848 3488 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:42:09.0864 3488 MSPQM - ok
09:42:09.0895 3488 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:42:09.0911 3488 MsRPC - ok
09:42:09.0942 3488 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:42:09.0942 3488 mssmbios - ok
09:42:09.0958 3488 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:42:09.0989 3488 MSTEE - ok
09:42:09.0989 3488 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:42:10.0004 3488 MTConfig - ok
09:42:10.0020 3488 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:42:10.0036 3488 Mup - ok
09:42:10.0067 3488 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:42:10.0082 3488 napagent - ok
09:42:10.0098 3488 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:42:10.0114 3488 NativeWifiP - ok
09:42:10.0145 3488 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:42:10.0160 3488 NDIS - ok
09:42:10.0176 3488 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:42:10.0192 3488 NdisCap - ok
09:42:10.0254 3488 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:42:10.0285 3488 NdisTapi - ok
09:42:10.0332 3488 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:42:10.0348 3488 Ndisuio - ok
09:42:10.0379 3488 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:42:10.0394 3488 NdisWan - ok
09:42:10.0441 3488 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:42:10.0488 3488 NDProxy - ok
09:42:10.0550 3488 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:42:10.0550 3488 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:42:10.0550 3488 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:42:10.0582 3488 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:42:10.0628 3488 NetBIOS - ok
09:42:10.0644 3488 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:42:10.0660 3488 NetBT - ok
09:42:10.0706 3488 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:42:10.0722 3488 Netlogon - ok
09:42:10.0769 3488 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:42:10.0800 3488 Netman - ok
09:42:10.0862 3488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:42:10.0878 3488 NetMsmqActivator - ok
09:42:10.0894 3488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:42:10.0894 3488 NetPipeActivator - ok
09:42:10.0909 3488 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:42:10.0940 3488 netprofm - ok
09:42:10.0940 3488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:42:10.0956 3488 NetTcpActivator - ok
09:42:10.0956 3488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:42:10.0956 3488 NetTcpPortSharing - ok
09:42:10.0987 3488 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:42:10.0987 3488 nfrd960 - ok
09:42:11.0003 3488 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:42:11.0018 3488 NisDrv - ok
09:42:11.0034 3488 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
09:42:11.0050 3488 NisSrv - ok
09:42:11.0065 3488 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:42:11.0081 3488 NlaSvc - ok
09:42:11.0096 3488 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:42:11.0128 3488 Npfs - ok
09:42:11.0174 3488 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:42:11.0221 3488 nsi - ok
09:42:11.0252 3488 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:42:11.0284 3488 nsiproxy - ok
09:42:11.0315 3488 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:42:11.0346 3488 Ntfs - ok
09:42:11.0362 3488 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:42:11.0393 3488 Null - ok
09:42:11.0408 3488 [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
09:42:11.0408 3488 NVHDA - ok
09:42:11.0564 3488 [ CD90D63B7161CE9F5A3066F320999AB8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:42:11.0830 3488 nvlddmkm - ok
09:42:11.0845 3488 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:42:11.0845 3488 nvraid - ok
09:42:11.0876 3488 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:42:11.0876 3488 nvstor - ok
09:42:11.0908 3488 [ B014B7050A2BEAE115BFCB3A91803D73 ] nvsvc C:\Windows\system32\nvvsvc.exe
09:42:11.0923 3488 nvsvc - ok
09:42:11.0954 3488 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:42:11.0970 3488 nv_agp - ok
09:42:12.0064 3488 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:42:12.0095 3488 odserv - ok
09:42:12.0110 3488 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:42:12.0110 3488 ohci1394 - ok
09:42:12.0126 3488 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:42:12.0142 3488 ose - ok
09:42:12.0157 3488 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:42:12.0188 3488 p2pimsvc - ok
09:42:12.0204 3488 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:42:12.0204 3488 p2psvc - ok
09:42:12.0235 3488 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
09:42:12.0251 3488 Parport - ok
09:42:12.0266 3488 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:42:12.0282 3488 partmgr - ok
09:42:12.0298 3488 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:42:12.0298 3488 PcaSvc - ok
09:42:12.0313 3488 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:42:12.0313 3488 pci - ok
09:42:12.0329 3488 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:42:12.0344 3488 pciide - ok
09:42:12.0360 3488 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:42:12.0360 3488 pcmcia - ok
09:42:12.0360 3488 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:42:12.0376 3488 pcw - ok
09:42:12.0391 3488 pdfcDispatcher - ok
09:42:12.0407 3488 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:42:12.0438 3488 PEAUTH - ok
09:42:12.0469 3488 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:42:12.0485 3488 PeerDistSvc - ok
09:42:12.0563 3488 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:42:12.0578 3488 PerfHost - ok
09:42:12.0641 3488 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:42:12.0672 3488 pla - ok
09:42:12.0703 3488 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:42:12.0719 3488 PlugPlay - ok
09:42:12.0750 3488 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:42:12.0750 3488 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:42:12.0750 3488 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:42:12.0797 3488 [ 0BEE791C7C7ACE453C134E73633C497D ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys
09:42:12.0812 3488 pmxdrv - ok
09:42:12.0859 3488 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:42:12.0875 3488 PNRPAutoReg - ok
09:42:12.0922 3488 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:42:12.0937 3488 PNRPsvc - ok
09:42:12.0953 3488 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:42:12.0984 3488 PolicyAgent - ok
09:42:13.0015 3488 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:42:13.0046 3488 Power - ok
09:42:13.0078 3488 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:42:13.0109 3488 PptpMiniport - ok
09:42:13.0156 3488 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
09:42:13.0156 3488 Processor - ok
09:42:13.0171 3488 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:42:13.0187 3488 ProfSvc - ok
09:42:13.0218 3488 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:42:13.0234 3488 ProtectedStorage - ok
09:42:13.0280 3488 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:42:13.0312 3488 Psched - ok
09:42:13.0343 3488 QDrive - ok
09:42:13.0390 3488 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:42:13.0421 3488 ql2300 - ok
09:42:13.0436 3488 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:42:13.0452 3488 ql40xx - ok
09:42:13.0483 3488 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:42:13.0499 3488 QWAVE - ok
09:42:13.0530 3488 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:42:13.0546 3488 QWAVEdrv - ok
09:42:13.0577 3488 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:42:13.0624 3488 RasAcd - ok
09:42:13.0670 3488 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:42:13.0686 3488 RasAgileVpn - ok
09:42:13.0702 3488 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:42:13.0733 3488 RasAuto - ok
09:42:13.0764 3488 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:42:13.0795 3488 Rasl2tp - ok
09:42:13.0826 3488 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:42:13.0842 3488 RasMan - ok
09:42:13.0889 3488 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:42:13.0920 3488 RasPppoe - ok
09:42:13.0998 3488 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:42:14.0029 3488 RasSstp - ok
09:42:14.0076 3488 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:42:14.0107 3488 rdbss - ok
09:42:14.0107 3488 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
09:42:14.0123 3488 rdpbus - ok
09:42:14.0138 3488 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:42:14.0154 3488 RDPCDD - ok
09:42:14.0170 3488 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:42:14.0201 3488 RDPDR - ok
09:42:14.0216 3488 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:42:14.0232 3488 RDPENCDD - ok
09:42:14.0232 3488 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:42:14.0263 3488 RDPREFMP - ok
09:42:14.0310 3488 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:42:14.0326 3488 RDPWD - ok
09:42:14.0341 3488 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:42:14.0357 3488 rdyboost - ok
09:42:14.0372 3488 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:42:14.0404 3488 RemoteAccess - ok
09:42:14.0419 3488 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:42:14.0450 3488 RemoteRegistry - ok
09:42:14.0482 3488 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:42:14.0528 3488 RpcEptMapper - ok
09:42:14.0591 3488 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:42:14.0606 3488 RpcLocator - ok
09:42:14.0653 3488 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:42:14.0700 3488 RpcSs - ok
09:42:14.0716 3488 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:42:14.0747 3488 rspndr - ok
09:42:14.0762 3488 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
09:42:14.0778 3488 RTL8167 - ok
09:42:14.0794 3488 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:42:14.0809 3488 s3cap - ok
09:42:14.0840 3488 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:42:14.0856 3488 SamSs - ok
09:42:14.0887 3488 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:42:14.0887 3488 sbp2port - ok
09:42:14.0903 3488 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:42:14.0934 3488 SCardSvr - ok
09:42:14.0981 3488 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:42:15.0028 3488 scfilter - ok
09:42:15.0074 3488 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:42:15.0106 3488 Schedule - ok

Markus
soll ich noch was machen?

Antwort

Themen zu Trojan Ransom
anti-malware, autostart, bösartige, dateien, explorer, gefunde, gen, löschen, microsoft, minute, objekte, ransom, registrierung, reich, service, service pack 1, software, speicher, temp, test, troja, trojan, users, version, verzeichnisse



Ähnliche Themen: Trojan Ransom


  1. Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.-
    Plagegeister aller Art und deren Bekämpfung - 12.04.2014 (23)
  2. Nach spontanen mbam scan: Trojan.Phex.THAGen6 und Trojan.Ransom.ED
    Log-Analyse und Auswertung - 22.12.2013 (1)
  3. Trojan.Ransom.SUGen/PUM.Hijack.StartMenu/und Trojan Ransom
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (2)
  4. Mehrere Trojaner im Temp Ordner (Trojan.Citadel.IE, Trojan.Ransom.CT, Trojan.Zlob)
    Log-Analyse und Auswertung - 14.04.2013 (7)
  5. Trojan.Ransom.ED, Trojan.Agent.ED und Trojan.FakeMS.PRGen auf laptop
    Log-Analyse und Auswertung - 13.04.2013 (9)
  6. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  7. Bublik b.; Trojan.Ransom.ED; Trojan.Agent.ED und Trojan.FakeMS.PRGen in Email?
    Mülltonne - 28.03.2013 (0)
  8. Vista: Trojan.Ransom.Gen; Trojan.0Access; Trojan.Agent; Firewall inaktiv
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (3)
  9. BKA-Trojaner u.a. (Trojan.Bublik, Trojan-Ransom.Foreign, Worm.Cridex, Trojan.Yakes)
    Log-Analyse und Auswertung - 17.03.2013 (4)
  10. Trojan.Agent, Trojan.Delf, Trojan.Ransom.Gen
    Plagegeister aller Art und deren Bekämpfung - 12.02.2013 (18)
  11. Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (18)
  12. Trojan.Downloader, Riskware.tool.ck, exploit.drop.gs & Trojan.Ransom.SUGen in different locations!
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (1)
  13. 2 Funde Trojan.Ransom.SUGen Trojan.Ransom
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (15)
  14. BKA-Virus, PUM.UserWLoad, Trojan.Delf, Trojan.Ransom.Gen, alles auf einmal
    Log-Analyse und Auswertung - 18.11.2012 (23)
  15. Hilfe Virus! Internet tot!Trojan.Ransom.FGen Trojan.0Access
    Log-Analyse und Auswertung - 07.10.2012 (13)
  16. Auf meinem PC: PUM.Disabled.SecurityCenter, Exploit.Drop.GS, Trojan.Delf, Trojan.Ransom.Gen
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (29)
  17. TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)
    Log-Analyse und Auswertung - 20.07.2012 (18)

Zum Thema Trojan Ransom - bekomme PUM.UserWload und Trojan.Ransom nicht los, wer kann mir helfen? Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.18.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jacinta Heidenreich - Trojan Ransom...
Archiv
Du betrachtest: Trojan Ransom auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.