| hanshans22 | 10.10.2012 13:00 |
habe jetzt einen fullscan durchgeführt: Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Datenbank Version: v2012.10.10.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Thomas :: THOMAS-THINKPAD [Administrator]
10.10.2012 09:48:50
mbam-log-2012-10-10 (09-48-50).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 463619
Laufzeit: 4 Stunde(n), 7 Minute(n), 35 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\$Recycle.Bin\S-1-5-18\$cc48889fe41583e9a4ebb7d0a7c7d25d\U\00000001.@ (Trojan.0Access) -> Keine Aktion durchgeführt.
(Ende)
Jetzt gehts weiter mit dem TDSS killer. vielen Dank für deine hilfe
TDSS report: Code:
14:12:17.0697 2468 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:12:17.0853 2468 ============================================================
14:12:17.0853 2468 Current date / time: 2012/10/10 14:12:17.0853
14:12:17.0853 2468 SystemInfo:
14:12:17.0853 2468
14:12:17.0853 2468 OS Version: 6.1.7601 ServicePack: 1.0
14:12:17.0853 2468 Product type: Workstation
14:12:17.0853 2468 ComputerName: THOMAS-THINKPAD
14:12:17.0853 2468 UserName: Thomas
14:12:17.0853 2468 Windows directory: C:\Windows
14:12:17.0853 2468 System windows directory: C:\Windows
14:12:17.0853 2468 Processor architecture: Intel x86
14:12:17.0853 2468 Number of processors: 2
14:12:17.0853 2468 Page size: 0x1000
14:12:17.0853 2468 Boot type: Normal boot
14:12:17.0853 2468 ============================================================
14:12:22.0470 2468 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:12:22.0470 2468 ============================================================
14:12:22.0470 2468 \Device\Harddisk0\DR0:
14:12:22.0470 2468 MBR partitions:
14:12:22.0470 2468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:12:22.0470 2468 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
14:12:22.0470 2468 ============================================================
14:12:22.0517 2468 C: <-> \Device\Harddisk0\DR0\Partition2
14:12:22.0517 2468 ============================================================
14:12:22.0517 2468 Initialize success
14:12:22.0517 2468 ============================================================
14:13:53.0933 2664 ============================================================
14:13:53.0933 2664 Scan started
14:13:53.0933 2664 Mode: Manual; SigCheck; TDLFS;
14:13:53.0933 2664 ============================================================
14:13:56.0039 2664 ================ Scan system memory ========================
14:13:56.0039 2664 System memory - ok
14:13:56.0039 2664 ================ Scan services =============================
14:13:56.0258 2664 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:13:56.0476 2664 1394ohci - ok
14:13:56.0539 2664 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:13:56.0570 2664 ACPI - ok
14:13:56.0632 2664 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:13:56.0710 2664 AcpiPmi - ok
14:13:56.0851 2664 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:13:56.0882 2664 AdobeARMservice - ok
14:13:56.0929 2664 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:13:56.0991 2664 adp94xx - ok
14:13:57.0007 2664 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:13:57.0053 2664 adpahci - ok
14:13:57.0069 2664 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:13:57.0100 2664 adpu320 - ok
14:13:57.0147 2664 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:13:57.0209 2664 AeLookupSvc - ok
14:13:57.0303 2664 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
14:13:57.0397 2664 AFD - ok
14:13:57.0443 2664 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
14:13:57.0475 2664 agp440 - ok
14:13:57.0521 2664 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
14:13:57.0553 2664 aic78xx - ok
14:13:57.0584 2664 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
14:13:57.0646 2664 ALG - ok
14:13:57.0677 2664 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
14:13:57.0709 2664 aliide - ok
14:13:57.0787 2664 [ CC91047EC4A39A3120AF6AED1B3663B4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:13:57.0865 2664 AMD External Events Utility - ok
14:13:57.0911 2664 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:13:57.0958 2664 amdagp - ok
14:13:57.0989 2664 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
14:13:58.0005 2664 amdide - ok
14:13:58.0052 2664 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:13:58.0099 2664 AmdK8 - ok
14:13:58.0114 2664 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:13:58.0161 2664 AmdPPM - ok
14:13:58.0208 2664 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:13:58.0270 2664 amdsata - ok
14:13:58.0286 2664 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:13:58.0333 2664 amdsbs - ok
14:13:58.0348 2664 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:13:58.0379 2664 amdxata - ok
14:13:58.0473 2664 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:13:58.0504 2664 AntiVirSchedulerService - ok
14:13:58.0551 2664 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:13:58.0598 2664 AntiVirService - ok
14:13:58.0660 2664 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
14:13:58.0785 2664 AppID - ok
14:13:58.0816 2664 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:13:58.0879 2664 AppIDSvc - ok
14:13:58.0972 2664 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
14:13:59.0035 2664 Appinfo - ok
14:13:59.0066 2664 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
14:13:59.0113 2664 AppMgmt - ok
14:13:59.0159 2664 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
14:13:59.0206 2664 arc - ok
14:13:59.0222 2664 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:13:59.0253 2664 arcsas - ok
14:13:59.0409 2664 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:13:59.0471 2664 aspnet_state - ok
14:13:59.0518 2664 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:13:59.0612 2664 AsyncMac - ok
14:13:59.0690 2664 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
14:13:59.0705 2664 atapi - ok
14:13:59.0752 2664 [ 40A07E6916AC098E31A9E39AC202B8A1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
14:13:59.0799 2664 AtiHdmiService - ok
14:13:59.0971 2664 [ DAAF32567F02697A698EAF82E1F04FA6 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:14:00.0220 2664 atikmdag - ok
14:14:00.0267 2664 [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
14:14:00.0298 2664 AtiPcie - ok
14:14:00.0392 2664 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:14:00.0470 2664 AudioEndpointBuilder - ok
14:14:00.0485 2664 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:14:00.0532 2664 Audiosrv - ok
14:14:00.0579 2664 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:14:00.0610 2664 avgntflt - ok
14:14:00.0657 2664 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:14:00.0688 2664 avipbb - ok
14:14:00.0751 2664 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:14:00.0782 2664 avkmgr - ok
14:14:00.0860 2664 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:14:00.0938 2664 AxInstSV - ok
14:14:00.0985 2664 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
14:14:01.0187 2664 b06bdrv - ok
14:14:01.0421 2664 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
14:14:01.0453 2664 b57nd60x - ok
14:14:01.0593 2664 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
14:14:01.0733 2664 BDESVC - ok
14:14:01.0889 2664 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
14:14:01.0967 2664 Beep - ok
14:14:02.0123 2664 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
14:14:02.0201 2664 BFE - ok
14:14:02.0233 2664 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
14:14:02.0404 2664 BITS - ok
14:14:02.0451 2664 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:14:02.0513 2664 blbdrive - ok
14:14:02.0591 2664 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:14:02.0638 2664 bowser - ok
14:14:02.0685 2664 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:14:02.0779 2664 BrFiltLo - ok
14:14:02.0810 2664 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:14:02.0857 2664 BrFiltUp - ok
14:14:02.0919 2664 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
14:14:03.0028 2664 Browser - ok
14:14:03.0059 2664 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:14:03.0137 2664 Brserid - ok
14:14:03.0169 2664 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:14:03.0247 2664 BrSerWdm - ok
14:14:03.0293 2664 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:14:03.0340 2664 BrUsbMdm - ok
14:14:03.0371 2664 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:14:03.0481 2664 BrUsbSer - ok
14:14:03.0512 2664 BTCFilterService - ok
14:14:03.0543 2664 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:14:03.0621 2664 BTHMODEM - ok
14:14:03.0699 2664 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
14:14:03.0793 2664 bthserv - ok
14:14:03.0824 2664 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:14:03.0886 2664 cdfs - ok
14:14:04.0073 2664 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:14:04.0229 2664 cdrom - ok
14:14:04.0292 2664 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
14:14:04.0354 2664 CertPropSvc - ok
14:14:04.0385 2664 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:14:04.0417 2664 circlass - ok
14:14:04.0463 2664 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
14:14:04.0526 2664 CLFS - ok
14:14:05.0165 2664 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:14:05.0243 2664 clr_optimization_v2.0.50727_32 - ok
14:14:06.0320 2664 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:14:07.0630 2664 clr_optimization_v4.0.30319_32 - ok
14:14:07.0693 2664 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:14:07.0739 2664 CmBatt - ok
14:14:07.0833 2664 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:14:07.0849 2664 cmdide - ok
14:14:07.0927 2664 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
14:14:07.0989 2664 CNG - ok
14:14:08.0051 2664 [ C7FF2F6DF3FB4D4A0DF899CA744B0C27 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
14:14:08.0114 2664 CnxtHdAudService - ok
14:14:08.0161 2664 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:14:08.0176 2664 Compbatt - ok
14:14:08.0254 2664 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:14:08.0301 2664 CompositeBus - ok
14:14:08.0317 2664 COMSysApp - ok
14:14:08.0348 2664 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:14:08.0379 2664 crcdisk - ok
14:14:08.0457 2664 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:14:08.0519 2664 CryptSvc - ok
14:14:08.0956 2664 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
14:14:09.0034 2664 CSC - ok
14:14:09.0112 2664 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
14:14:09.0175 2664 CscService - ok
14:14:09.0237 2664 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
14:14:09.0299 2664 CVirtA - ok
14:14:09.0393 2664 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
14:14:09.0502 2664 CVPND - ok
14:14:09.0565 2664 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
14:14:09.0627 2664 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
14:14:09.0627 2664 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
14:14:09.0705 2664 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
14:14:09.0767 2664 DcomLaunch - ok
14:14:09.0814 2664 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
14:14:09.0923 2664 defragsvc - ok
14:14:10.0033 2664 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:14:10.0095 2664 DfsC - ok
14:14:10.0189 2664 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:14:10.0267 2664 Dhcp - ok
14:14:10.0282 2664 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
14:14:10.0345 2664 discache - ok
14:14:10.0376 2664 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:14:10.0407 2664 Disk - ok
14:14:10.0469 2664 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
14:14:10.0485 2664 DNE - ok
14:14:10.0579 2664 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:14:10.0922 2664 Dnscache - ok
14:14:10.0984 2664 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
14:14:11.0062 2664 dot3svc - ok
14:14:11.0125 2664 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
14:14:11.0203 2664 DPS - ok
14:14:11.0234 2664 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:14:11.0265 2664 drmkaud - ok
14:14:11.0421 2664 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:14:11.0530 2664 DXGKrnl - ok
14:14:11.0593 2664 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
14:14:11.0671 2664 EapHost - ok
14:14:11.0951 2664 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
14:14:12.0170 2664 ebdrv - ok
14:14:12.0232 2664 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
14:14:12.0295 2664 EFS - ok
14:14:12.0451 2664 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:14:12.0638 2664 ehRecvr - ok
14:14:12.0887 2664 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
14:14:12.0965 2664 ehSched - ok
14:14:13.0106 2664 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:14:13.0153 2664 elxstor - ok
14:14:13.0168 2664 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:14:13.0262 2664 ErrDev - ok
14:14:13.0309 2664 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
14:14:13.0387 2664 EventSystem - ok
14:14:13.0402 2664 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
14:14:13.0480 2664 exfat - ok
14:14:13.0496 2664 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:14:13.0574 2664 fastfat - ok
14:14:13.0667 2664 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
14:14:13.0792 2664 Fax - ok
14:14:13.0839 2664 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:14:13.0901 2664 fdc - ok
14:14:13.0917 2664 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
14:14:14.0026 2664 fdPHost - ok
14:14:14.0057 2664 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
14:14:14.0120 2664 FDResPub - ok
14:14:14.0167 2664 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:14:14.0198 2664 FileInfo - ok
14:14:14.0229 2664 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:14:14.0291 2664 Filetrace - ok
14:14:14.0323 2664 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:14:14.0369 2664 flpydisk - ok
14:14:14.0401 2664 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:14:14.0479 2664 FltMgr - ok
14:14:14.0588 2664 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
14:14:15.0040 2664 FontCache - ok
14:14:15.0118 2664 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:14:15.0134 2664 FontCache3.0.0.0 - ok
14:14:15.0165 2664 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:14:15.0212 2664 FsDepends - ok
14:14:15.0259 2664 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:14:15.0290 2664 Fs_Rec - ok
14:14:15.0399 2664 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:14:15.0446 2664 fvevol - ok
14:14:15.0493 2664 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:14:15.0524 2664 gagp30kx - ok
14:14:15.0602 2664 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
14:14:15.0742 2664 gpsvc - ok
14:14:15.0789 2664 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:14:15.0836 2664 hcw85cir - ok
14:14:15.0898 2664 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:14:15.0961 2664 HdAudAddService - ok
14:14:16.0007 2664 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:14:16.0039 2664 HDAudBus - ok
14:14:16.0070 2664 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:14:16.0101 2664 HidBatt - ok
14:14:16.0132 2664 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:14:16.0226 2664 HidBth - ok
14:14:16.0257 2664 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:14:16.0304 2664 HidIr - ok
14:14:16.0335 2664 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
14:14:16.0460 2664 hidserv - ok
14:14:16.0538 2664 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:14:16.0569 2664 HidUsb - ok
14:14:16.0990 2664 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:14:17.0084 2664 hkmsvc - ok
14:14:17.0193 2664 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:14:17.0302 2664 HomeGroupListener - ok
14:14:17.0396 2664 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:14:17.0489 2664 HomeGroupProvider - ok
14:14:17.0770 2664 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:14:17.0833 2664 HpSAMD - ok
14:14:17.0957 2664 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:14:18.0035 2664 HTTP - ok
14:14:18.0113 2664 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:14:18.0207 2664 hwpolicy - ok
14:14:18.0301 2664 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:14:18.0363 2664 i8042prt - ok
14:14:18.0410 2664 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:14:18.0457 2664 iaStorV - ok
14:14:18.0535 2664 [ 400D7095D5AE08970F839BCAC1843106 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
14:14:18.0550 2664 IBMPMDRV - ok
14:14:18.0847 2664 [ 06AF18300C5B511A3D85C3E0B7909C10 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
14:14:18.0862 2664 IBMPMSVC - ok
14:14:19.0049 2664 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:14:19.0159 2664 idsvc - ok
14:14:19.0205 2664 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:14:19.0237 2664 iirsp - ok
14:14:19.0330 2664 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
14:14:19.0471 2664 IKEEXT - ok
14:14:19.0580 2664 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
14:14:19.0611 2664 intelide - ok
14:14:19.0658 2664 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:14:19.0689 2664 intelppm - ok
14:14:19.0736 2664 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:14:19.0798 2664 IPBusEnum - ok
14:14:19.0845 2664 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:14:19.0939 2664 IpFilterDriver - ok
14:14:20.0032 2664 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:14:20.0204 2664 iphlpsvc - ok
14:14:20.0344 2664 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:14:20.0391 2664 IPMIDRV - ok
14:14:20.0422 2664 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:14:20.0469 2664 IPNAT - ok
14:14:20.0516 2664 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:14:21.0187 2664 IRENUM - ok
14:14:21.0202 2664 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:14:21.0233 2664 isapnp - ok
14:14:21.0374 2664 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:14:21.0436 2664 iScsiPrt - ok
14:14:21.0452 2664 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:14:21.0483 2664 kbdclass - ok
14:14:21.0545 2664 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:14:21.0608 2664 kbdhid - ok
14:14:21.0639 2664 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
14:14:21.0655 2664 KeyIso - ok
14:14:21.0733 2664 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:14:21.0764 2664 KSecDD - ok
14:14:21.0873 2664 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:14:21.0904 2664 KSecPkg - ok
14:14:21.0982 2664 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
14:14:22.0060 2664 KtmRm - ok
14:14:22.0107 2664 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
14:14:22.0169 2664 LanmanServer - ok
14:14:22.0201 2664 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:14:22.0263 2664 LanmanWorkstation - ok
14:14:22.0403 2664 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
14:14:22.0450 2664 LBTServ - ok
14:14:22.0544 2664 [ CAB9C6C37FD0F9612B269349116504B6 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
14:14:22.0575 2664 LENOVO.CAMMUTE - ok
14:14:22.0871 2664 [ C88EB33793420A79F601FB5E33E2EDD9 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
14:14:22.0903 2664 LENOVO.MICMUTE - ok
14:14:22.0934 2664 [ 3C3F7F424E324C6971632C5DE5FF458F ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
14:14:22.0981 2664 lenovo.smi - ok
14:14:23.0012 2664 [ 04B5F7F44CCB2FAB615C67ED0E6C8323 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
14:14:23.0043 2664 LENOVO.TPKNRSVC - ok
14:14:23.0074 2664 [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
14:14:23.0105 2664 Lenovo.VIRTSCRLSVC - ok
14:14:23.0168 2664 [ 717E6714BCA808F2A372E636AFF3D15A ] LEqdUsb C:\Windows\system32\Drivers\LEqdUsb.Sys
14:14:23.0183 2664 LEqdUsb - ok
14:14:23.0215 2664 [ 2786F7B4003ADFF88CE28BC1800B5407 ] LHidEqd C:\Windows\system32\Drivers\LHidEqd.Sys
14:14:23.0246 2664 LHidEqd - ok
14:14:23.0339 2664 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:14:23.0371 2664 LHidFilt - ok
14:14:23.0417 2664 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:14:23.0480 2664 lltdio - ok
14:14:23.0527 2664 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:14:23.0589 2664 lltdsvc - ok
14:14:23.0605 2664 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
14:14:23.0667 2664 lmhosts - ok
14:14:23.0729 2664 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:14:23.0761 2664 LMouFilt - ok
14:14:23.0807 2664 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:14:23.0885 2664 LSI_FC - ok
14:14:23.0901 2664 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:14:23.0948 2664 LSI_SAS - ok
14:14:23.0963 2664 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:14:24.0010 2664 LSI_SAS2 - ok
14:14:24.0041 2664 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:14:24.0073 2664 LSI_SCSI - ok
14:14:24.0104 2664 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
14:14:24.0151 2664 luafv - ok
14:14:24.0307 2664 [ 6311F8863D898CE60C048779F9D86E74 ] lxecCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe
14:14:24.0385 2664 lxecCATSCustConnectService - ok
14:14:24.0400 2664 lxec_device - ok
14:14:24.0463 2664 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:14:24.0494 2664 Mcx2Svc - ok
14:14:24.0525 2664 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:14:24.0556 2664 megasas - ok
14:14:24.0697 2664 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:14:24.0728 2664 MegaSR - ok
14:14:24.0790 2664 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
14:14:24.0868 2664 MMCSS - ok
14:14:24.0915 2664 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
14:14:24.0977 2664 Modem - ok
14:14:25.0055 2664 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:14:25.0102 2664 monitor - ok
14:14:25.0133 2664 motccgp - ok
14:14:25.0133 2664 motccgpfl - ok
14:14:25.0149 2664 motmodem - ok
14:14:25.0165 2664 MotoSwitchService - ok
14:14:25.0196 2664 Motousbnet - ok
14:14:25.0211 2664 motusbdevice - ok
14:14:25.0274 2664 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:14:25.0305 2664 mouclass - ok
14:14:25.0336 2664 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:14:25.0383 2664 mouhid - ok
14:14:25.0445 2664 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:14:25.0477 2664 mountmgr - ok
14:14:25.0555 2664 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
14:14:25.0601 2664 mpio - ok
14:14:25.0648 2664 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:14:25.0804 2664 mpsdrv - ok
14:14:26.0007 2664 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:14:26.0272 2664 MpsSvc - ok
14:14:26.0319 2664 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:14:26.0397 2664 MRxDAV - ok
14:14:26.0459 2664 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:14:26.0537 2664 mrxsmb - ok
14:14:26.0584 2664 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:14:26.0756 2664 mrxsmb10 - ok
14:14:26.0834 2664 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:14:26.0865 2664 mrxsmb20 - ok
14:14:26.0912 2664 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
14:14:26.0943 2664 msahci - ok
14:14:27.0005 2664 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:14:27.0037 2664 msdsm - ok
14:14:27.0068 2664 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
14:14:27.0161 2664 MSDTC - ok
14:14:27.0208 2664 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:14:27.0255 2664 Msfs - ok
14:14:27.0286 2664 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:14:27.0349 2664 mshidkmdf - ok
14:14:27.0395 2664 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:14:27.0427 2664 msisadrv - ok
14:14:27.0473 2664 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:14:27.0536 2664 MSiSCSI - ok
14:14:27.0551 2664 msiserver - ok
14:14:27.0583 2664 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:14:27.0629 2664 MSKSSRV - ok
14:14:27.0661 2664 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:14:27.0723 2664 MSPCLOCK - ok
14:14:27.0754 2664 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:14:27.0801 2664 MSPQM - ok
14:14:27.0863 2664 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:14:27.0895 2664 MsRPC - ok
14:14:27.0973 2664 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:14:27.0988 2664 mssmbios - ok
14:14:28.0019 2664 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:14:28.0066 2664 MSTEE - ok
14:14:28.0097 2664 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:14:28.0144 2664 MTConfig - ok
14:14:28.0191 2664 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
14:14:28.0222 2664 Mup - ok
14:14:28.0300 2664 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
14:14:28.0347 2664 napagent - ok
14:14:28.0425 2664 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:14:28.0487 2664 NativeWifiP - ok
14:14:28.0737 2664 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:14:28.0799 2664 NDIS - ok
14:14:28.0831 2664 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:14:28.0893 2664 NdisCap - ok
14:14:28.0924 2664 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:14:28.0987 2664 NdisTapi - ok
14:14:29.0049 2664 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:14:29.0111 2664 Ndisuio - ok
14:14:29.0158 2664 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:14:29.0221 2664 NdisWan - ok
14:14:29.0252 2664 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:14:29.0361 2664 NDProxy - ok
14:14:29.0392 2664 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:14:29.0455 2664 NetBIOS - ok
14:14:29.0517 2664 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:14:29.0595 2664 NetBT - ok
14:14:29.0611 2664 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
14:14:29.0642 2664 Netlogon - ok
14:14:29.0689 2664 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
14:14:29.0751 2664 Netman - ok
14:14:29.0813 2664 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:14:29.0845 2664 NetMsmqActivator - ok
14:14:29.0860 2664 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:14:29.0876 2664 NetPipeActivator - ok
14:14:29.0923 2664 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
14:14:30.0001 2664 netprofm - ok
14:14:30.0047 2664 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:14:30.0063 2664 NetTcpActivator - ok
14:14:30.0110 2664 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:14:30.0125 2664 NetTcpPortSharing - ok
14:14:30.0172 2664 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:14:30.0219 2664 nfrd960 - ok
14:14:30.0297 2664 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:14:30.0406 2664 NlaSvc - ok
14:14:30.0547 2664 [ 99145C5D4B6C4D6F5CE83EE6ABFFE294 ] nmwcdnsu C:\Windows\system32\drivers\nmwcdnsu.sys
14:14:30.0734 2664 nmwcdnsu - ok
14:14:30.0874 2664 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:14:30.0968 2664 Npfs - ok
14:14:31.0077 2664 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
14:14:31.0155 2664 nsi - ok
14:14:31.0186 2664 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:14:31.0249 2664 nsiproxy - ok
14:14:31.0436 2664 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:14:31.0561 2664 Ntfs - ok
14:14:31.0592 2664 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
14:14:31.0654 2664 Null - ok
14:14:31.0685 2664 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:14:31.0717 2664 nvraid - ok
14:14:31.0795 2664 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:14:31.0826 2664 nvstor - ok
14:14:31.0888 2664 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:14:31.0935 2664 nv_agp - ok
14:14:31.0997 2664 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:14:32.0122 2664 ohci1394 - ok
14:14:32.0169 2664 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:14:32.0200 2664 ose - ok
14:14:32.0247 2664 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:14:32.0325 2664 p2pimsvc - ok
14:14:32.0356 2664 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
14:14:32.0387 2664 p2psvc - ok
14:14:32.0419 2664 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:14:32.0465 2664 Parport - ok
14:14:32.0528 2664 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:14:32.0559 2664 partmgr - ok
14:14:32.0606 2664 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
14:14:32.0684 2664 Parvdm - ok
14:14:32.0731 2664 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:14:32.0793 2664 PcaSvc - ok
14:14:32.0887 2664 [ 2DD9D5A9150C7015AC7F215EFA59E44F ] PCDSRVC{3037D694-FD904ACA-06020200}_0 c:\program files\pc-doctor\pcdsrvc.pkms
14:14:32.0949 2664 PCDSRVC{3037D694-FD904ACA-06020200}_0 - ok
14:14:32.0996 2664 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
14:14:33.0011 2664 pci - ok
14:14:33.0136 2664 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
14:14:33.0167 2664 pciide - ok
14:14:33.0199 2664 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:14:33.0245 2664 pcmcia - ok
14:14:33.0261 2664 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
14:14:33.0292 2664 pcw - ok
14:14:33.0370 2664 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:14:33.0495 2664 PEAUTH - ok
14:14:33.0542 2664 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:14:33.0651 2664 PeerDistSvc - ok
14:14:33.0947 2664 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
14:14:34.0088 2664 pla - ok
14:14:34.0119 2664 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:14:34.0197 2664 PlugPlay - ok
14:14:34.0244 2664 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:14:34.0291 2664 PNRPAutoReg - ok
14:14:34.0337 2664 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:14:34.0353 2664 PNRPsvc - ok
14:14:34.0509 2664 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:14:34.0634 2664 PolicyAgent - ok
14:14:34.0712 2664 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
14:14:34.0774 2664 Power - ok
14:14:34.0852 2664 [ BAC02775CF629E5FE80BEA952F4448EF ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
14:14:34.0883 2664 Power Manager DBC Service - ok
14:14:34.0915 2664 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:14:34.0977 2664 PptpMiniport - ok
14:14:35.0008 2664 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:14:35.0055 2664 Processor - ok
14:14:35.0117 2664 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
14:14:35.0180 2664 ProfSvc - ok
14:14:35.0195 2664 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:14:35.0211 2664 ProtectedStorage - ok
14:14:35.0258 2664 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:14:35.0320 2664 Psched - ok
14:14:35.0445 2664 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:14:35.0648 2664 ql2300 - ok
14:14:35.0710 2664 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:14:35.0741 2664 ql40xx - ok
14:14:35.0788 2664 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
14:14:35.0835 2664 QWAVE - ok
14:14:35.0882 2664 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:14:35.0944 2664 QWAVEdrv - ok
14:14:35.0975 2664 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:14:36.0038 2664 RasAcd - ok
14:14:36.0069 2664 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:14:36.0131 2664 RasAgileVpn - ok
14:14:36.0147 2664 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
14:14:36.0241 2664 RasAuto - ok
14:14:36.0272 2664 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:14:36.0334 2664 Rasl2tp - ok
14:14:36.0428 2664 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
14:14:36.0506 2664 RasMan - ok
14:14:36.0537 2664 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:14:36.0599 2664 RasPppoe - ok
14:14:36.0631 2664 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:14:36.0709 2664 RasSstp - ok
14:14:36.0818 2664 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:14:36.0927 2664 rdbss - ok
14:14:36.0974 2664 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:14:37.0021 2664 rdpbus - ok
14:14:37.0083 2664 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:14:37.0208 2664 RDPCDD - ok
14:14:37.0317 2664 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:14:37.0395 2664 RDPDR - ok
14:14:37.0442 2664 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:14:37.0489 2664 RDPENCDD - ok
14:14:37.0520 2664 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:14:37.0567 2664 RDPREFMP - ok
14:14:37.0691 2664 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:14:37.0785 2664 RDPWD - ok
14:14:37.0847 2664 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:14:37.0894 2664 rdyboost - ok
14:14:37.0910 2664 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
14:14:37.0972 2664 RemoteAccess - ok
14:14:38.0019 2664 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:14:38.0097 2664 RemoteRegistry - ok
14:14:38.0144 2664 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:14:38.0206 2664 RpcEptMapper - ok
14:14:38.0237 2664 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
14:14:38.0284 2664 RpcLocator - ok
14:14:38.0315 2664 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
14:14:38.0362 2664 RpcSs - ok
14:14:38.0393 2664 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:14:38.0549 2664 rspndr - ok
14:14:38.0659 2664 [ 7CC293D2F95F8D0A5A4883E21B303D89 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
14:14:38.0721 2664 RSUSBSTOR - ok
14:14:38.0861 2664 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
14:14:38.0908 2664 RTL8167 - ok
14:14:38.0971 2664 [ 8E2CB65B05B102F2ADEEBE4C76BF11B6 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
14:14:39.0111 2664 rtl8192se - ok
14:14:39.0205 2664 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:14:39.0267 2664 s3cap - ok
14:14:39.0298 2664 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
14:14:39.0314 2664 SamSs - ok
14:14:39.0392 2664 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:14:39.0423 2664 sbp2port - ok
14:14:39.0439 2664 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:14:39.0517 2664 SCardSvr - ok
14:14:39.0563 2664 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:14:39.0673 2664 scfilter - ok
14:14:39.0797 2664 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
14:14:39.0922 2664 Schedule - ok
14:14:39.0985 2664 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:14:40.0031 2664 SCPolicySvc - ok
14:14:40.0047 2664 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:14:40.0125 2664 SDRSVC - ok
14:14:40.0187 2664 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:14:40.0234 2664 secdrv - ok
14:14:40.0297 2664 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
14:14:40.0390 2664 seclogon - ok
14:14:40.0421 2664 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
14:14:40.0484 2664 SENS - ok
14:14:40.0546 2664 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:14:40.0624 2664 SensrSvc - ok
14:14:40.0655 2664 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:14:40.0780 2664 Serenum - ok
14:14:40.0811 2664 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:14:40.0874 2664 Serial - ok
14:14:40.0889 2664 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:14:40.0921 2664 sermouse - ok
14:14:41.0077 2664 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
14:14:41.0170 2664 SessionEnv - ok
14:14:41.0248 2664 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:14:41.0373 2664 sffdisk - ok
14:14:41.0389 2664 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:14:41.0420 2664 sffp_mmc - ok
14:14:41.0467 2664 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:14:41.0529 2664 sffp_sd - ok
14:14:41.0560 2664 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:14:41.0607 2664 sfloppy - ok
14:14:41.0669 2664 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:14:41.0747 2664 SharedAccess - ok
14:14:41.0825 2664 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:14:41.0903 2664 ShellHWDetection - ok
14:14:41.0919 2664 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:14:41.0950 2664 sisagp - ok
14:14:41.0997 2664 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:14:42.0028 2664 SiSRaid2 - ok
14:14:42.0044 2664 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:14:42.0075 2664 SiSRaid4 - ok
14:14:42.0137 2664 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:14:42.0200 2664 Smb - ok
14:14:42.0247 2664 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:14:42.0262 2664 SNMPTRAP - ok
14:14:42.0309 2664 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
14:14:42.0325 2664 spldr - ok
14:14:42.0387 2664 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
14:14:42.0434 2664 Spooler - ok
14:14:42.0699 2664 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
14:14:42.0855 2664 sppsvc - ok
14:14:42.0933 2664 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:14:42.0980 2664 sppuinotify - ok
14:14:43.0089 2664 [ 8EA0FD60A5B047E0C734D51AACE531C9 ] sptd C:\Windows\System32\Drivers\sptd.sys
14:14:43.0089 2664 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 8EA0FD60A5B047E0C734D51AACE531C9
14:14:43.0105 2664 sptd ( LockedFile.Multi.Generic ) - warning
14:14:43.0105 2664 sptd - detected LockedFile.Multi.Generic (1)
14:14:43.0214 2664 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:14:43.0323 2664 srv - ok
14:14:43.0339 2664 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:14:43.0401 2664 srv2 - ok
14:14:43.0432 2664 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:14:43.0463 2664 srvnet - ok
14:14:43.0510 2664 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:14:43.0604 2664 SSDPSRV - ok
14:14:43.0666 2664 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
14:14:43.0697 2664 ssmdrv - ok
14:14:43.0744 2664 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:14:43.0822 2664 SstpSvc - ok
14:14:43.0885 2664 Steam Client Service - ok
14:14:43.0931 2664 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:14:43.0963 2664 stexstor - ok
14:14:44.0056 2664 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
14:14:44.0181 2664 StiSvc - ok
14:14:44.0243 2664 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:14:44.0259 2664 storflt - ok
14:14:44.0306 2664 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
14:14:44.0337 2664 StorSvc - ok
14:14:44.0431 2664 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:14:44.0477 2664 storvsc - ok
14:14:44.0524 2664 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
14:14:44.0618 2664 swenum - ok
14:14:44.0774 2664 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:14:44.0883 2664 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
14:14:44.0883 2664 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
14:14:44.0914 2664 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
14:14:44.0992 2664 swprv - ok
14:14:45.0039 2664 [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:14:45.0070 2664 SynTP - ok
14:14:45.0211 2664 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
14:14:45.0273 2664 SysMain - ok
14:14:45.0320 2664 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:14:45.0367 2664 TabletInputService - ok
14:14:45.0476 2664 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
14:14:45.0554 2664 TapiSrv - ok
14:14:45.0585 2664 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
14:14:45.0663 2664 TBS - ok
14:14:45.0819 2664 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:14:45.0975 2664 Tcpip - ok
14:14:46.0037 2664 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:14:46.0084 2664 TCPIP6 - ok
14:14:46.0178 2664 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:14:46.0318 2664 tcpipreg - ok
14:14:46.0396 2664 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:14:46.0459 2664 TDPIPE - ok
14:14:46.0521 2664 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:14:46.0552 2664 TDTCP - ok
14:14:46.0615 2664 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:14:46.0677 2664 tdx - ok
14:14:46.0817 2664 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:14:46.0864 2664 TermDD - ok
14:14:46.0942 2664 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
14:14:47.0020 2664 TermService - ok
14:14:47.0051 2664 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
14:14:47.0098 2664 Themes - ok
14:14:47.0129 2664 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
14:14:47.0176 2664 THREADORDER - ok
14:14:47.0239 2664 [ 2CF225E19490F499528B926263FE4554 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
14:14:47.0270 2664 TPHKSVC - ok
14:14:47.0332 2664 [ 6412DA2B8D079D821B99B3A99943284E ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
14:14:47.0348 2664 TPPWRIF - ok
14:14:47.0395 2664 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
14:14:47.0519 2664 TrkWks - ok
14:14:47.0613 2664 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:14:47.0660 2664 TrustedInstaller - ok
14:14:47.0753 2664 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:14:47.0847 2664 tssecsrv - ok
14:14:47.0925 2664 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:14:47.0987 2664 TsUsbFlt - ok
14:14:48.0065 2664 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:14:48.0128 2664 tunnel - ok
14:14:48.0159 2664 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:14:48.0190 2664 uagp35 - ok
14:14:48.0253 2664 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:14:48.0331 2664 udfs - ok
14:14:48.0377 2664 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:14:48.0424 2664 UI0Detect - ok
14:14:48.0471 2664 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:14:48.0502 2664 uliagpkx - ok
14:14:48.0580 2664 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
14:14:48.0643 2664 umbus - ok
14:14:48.0689 2664 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:14:48.0721 2664 UmPass - ok
14:14:48.0799 2664 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
14:14:48.0923 2664 UmRdpService - ok
14:14:48.0986 2664 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
14:14:49.0079 2664 upnphost - ok
14:14:49.0142 2664 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:14:49.0189 2664 usbaudio - ok
14:14:49.0267 2664 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:14:49.0313 2664 usbccgp - ok
14:14:49.0376 2664 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:14:49.0438 2664 usbcir - ok
14:14:49.0501 2664 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:14:49.0532 2664 usbehci - ok
14:14:49.0563 2664 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:14:49.0625 2664 usbhub - ok
14:14:49.0672 2664 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:14:49.0719 2664 usbohci - ok
14:14:49.0766 2664 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:14:49.0797 2664 usbprint - ok
14:14:49.0859 2664 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:14:49.0906 2664 usbscan - ok
14:14:49.0969 2664 [ 07EA2284C901AD3F5D1CF56268DADC6D ] usbsmi C:\Windows\system32\DRIVERS\SMIksdrv.sys
14:14:50.0031 2664 usbsmi - ok
14:14:50.0047 2664 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:14:50.0109 2664 USBSTOR - ok
14:14:50.0171 2664 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:14:50.0234 2664 usbuhci - ok
14:14:50.0281 2664 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:14:50.0327 2664 usbvideo - ok
14:14:50.0374 2664 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
14:14:50.0515 2664 UxSms - ok
14:14:50.0530 2664 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
14:14:50.0561 2664 VaultSvc - ok
14:14:50.0577 2664 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:14:50.0608 2664 vdrvroot - ok
14:14:50.0702 2664 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
14:14:50.0858 2664 vds - ok
14:14:50.0905 2664 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:14:50.0936 2664 vga - ok
14:14:50.0951 2664 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:14:51.0014 2664 VgaSave - ok
14:14:51.0123 2664 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:14:51.0185 2664 vhdmp - ok
14:14:51.0232 2664 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:14:51.0263 2664 viaagp - ok
14:14:51.0295 2664 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
14:14:51.0341 2664 ViaC7 - ok
14:14:51.0357 2664 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
14:14:51.0388 2664 viaide - ok
14:14:51.0466 2664 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:14:51.0544 2664 vmbus - ok
14:14:51.0560 2664 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:14:51.0607 2664 VMBusHID - ok
14:14:51.0638 2664 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:14:51.0669 2664 volmgr - ok
14:14:51.0731 2664 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:14:51.0856 2664 volmgrx - ok
14:14:51.0950 2664 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:14:51.0997 2664 volsnap - ok
14:14:52.0012 2664 vpnva - ok
14:14:52.0059 2664 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:14:52.0090 2664 vsmraid - ok
14:14:52.0246 2664 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
14:14:52.0402 2664 VSS - ok
14:14:52.0433 2664 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:14:52.0496 2664 vwifibus - ok
14:14:52.0511 2664 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:14:52.0558 2664 vwififlt - ok
14:14:52.0605 2664 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:14:52.0636 2664 vwifimp - ok
14:14:52.0699 2664 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
14:14:52.0855 2664 W32Time - ok
14:14:52.0917 2664 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:14:52.0979 2664 WacomPen - ok
14:14:52.0995 2664 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:14:53.0057 2664 WANARP - ok
14:14:53.0057 2664 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:14:53.0120 2664 Wanarpv6 - ok
14:14:53.0213 2664 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:14:53.0432 2664 WatAdminSvc - ok
14:14:53.0681 2664 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
14:14:53.0853 2664 wbengine - ok
14:14:53.0915 2664 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:14:53.0993 2664 WbioSrvc - ok
14:14:54.0071 2664 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:14:54.0149 2664 wcncsvc - ok
14:14:54.0181 2664 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:14:54.0243 2664 WcsPlugInService - ok
14:14:54.0274 2664 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:14:54.0337 2664 Wd - ok
14:14:54.0383 2664 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:14:54.0524 2664 Wdf01000 - ok
14:14:54.0571 2664 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:14:54.0633 2664 WdiServiceHost - ok
14:14:54.0649 2664 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:14:54.0680 2664 WdiSystemHost - ok
14:14:54.0742 2664 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
14:14:54.0914 2664 WebClient - ok
14:14:54.0945 2664 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:14:55.0007 2664 Wecsvc - ok
14:14:55.0039 2664 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:14:55.0101 2664 wercplsupport - ok
14:14:55.0132 2664 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
14:14:55.0226 2664 WerSvc - ok
14:14:55.0257 2664 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:14:55.0304 2664 WfpLwf - ok
14:14:55.0335 2664 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:14:55.0429 2664 WIMMount - ok
14:14:55.0507 2664 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:14:55.0600 2664 WinDefend - ok
14:14:55.0616 2664 WinHttpAutoProxySvc - ok
14:14:55.0772 2664 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:14:55.0865 2664 Winmgmt - ok
14:14:55.0990 2664 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
14:14:56.0131 2664 WinRM - ok
14:14:56.0224 2664 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:14:56.0287 2664 WinUsb - ok
14:14:56.0411 2664 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:14:56.0505 2664 Wlansvc - ok
14:14:56.0583 2664 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:14:56.0630 2664 WmiAcpi - ok
14:14:56.0661 2664 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:14:56.0708 2664 wmiApSrv - ok
14:14:56.0942 2664 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:14:57.0020 2664 WMPNetworkSvc - ok
14:14:57.0051 2664 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:14:57.0098 2664 WPCSvc - ok
14:14:57.0160 2664 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:14:57.0207 2664 WPDBusEnum - ok
14:14:57.0238 2664 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:14:57.0301 2664 ws2ifsl - ok
14:14:57.0332 2664 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
14:14:57.0379 2664 wscsvc - ok
14:14:57.0394 2664 WSearch - ok
14:14:57.0675 2664 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:14:57.0784 2664 wuauserv - ok
14:14:57.0815 2664 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:14:57.0862 2664 WudfPf - ok
14:14:57.0940 2664 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:14:58.0003 2664 WUDFRd - ok
14:14:58.0127 2664 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:14:58.0221 2664 wudfsvc - ok
14:14:58.0268 2664 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:14:58.0361 2664 WwanSvc - ok
14:14:58.0393 2664 ================ Scan global ===============================
14:14:58.0439 2664 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
14:14:58.0580 2664 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
14:14:58.0720 2664 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
14:14:58.0861 2664 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
14:14:58.0892 2664 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
14:14:58.0923 2664 [Global] - ok
14:14:58.0923 2664 ================ Scan MBR ==================================
14:14:58.0939 2664 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:15:00.0171 2664 \Device\Harddisk0\DR0 - ok
14:15:00.0171 2664 ================ Scan VBR ==================================
14:15:00.0202 2664 [ FE6A91DF3DAC081941B11F8CE7C173E8 ] \Device\Harddisk0\DR0\Partition1
14:15:00.0218 2664 \Device\Harddisk0\DR0\Partition1 - ok
14:15:00.0233 2664 [ 0ACF6B2ADBBF808296BECFB8330489E4 ] \Device\Harddisk0\DR0\Partition2
14:15:00.0233 2664 \Device\Harddisk0\DR0\Partition2 - ok
14:15:00.0249 2664 ============================================================
14:15:00.0249 2664 Scan finished
14:15:00.0249 2664 ============================================================
14:15:00.0280 2812 Detected object count: 3
14:15:00.0280 2812 Actual detected object count: 3
14:15:23.0899 2812 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
14:15:23.0899 2812 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:15:23.0899 2812 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:15:23.0899 2812 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:15:23.0914 2812 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
14:15:23.0914 2812 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
OTL.txt:
OTL Logfile: Code:
OTL logfile created on: 10.10.2012 14:18:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thomas\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 59,03% Memory free
3,50 Gb Paging File | 2,50 Gb Available in Paging File | 71,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 81,01 Gb Free Space | 34,80% Space Free | Partition Type: NTFS
Computer Name: THOMAS-THINKPAD | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Thomas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
========== Modules (No Company Name) ==========
MOD - C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
========== Services (SafeList) ==========
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (lxec_device) -- C:\Windows\System32\lxeccoms.exe ( )
SRV - (lxecCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe ()
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (vpnva) -- system32\DRIVERS\vpnva.sys File not found
DRV - (motusbdevice) -- system32\DRIVERS\motusbdevice.sys File not found
DRV - (Motousbnet) -- system32\DRIVERS\Motousbnet.sys File not found
DRV - (MotoSwitchService) -- system32\DRIVERS\motswch.sys File not found
DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found
DRV - (motccgpfl) -- system32\DRIVERS\motccgpfl.sys File not found
DRV - (motccgp) -- system32\DRIVERS\motccgp.sys File not found
DRV - (BTCFilterService) -- system32\DRIVERS\motfilt.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (PCDSRVC{3037D694-FD904ACA-06020200}_0) -- c:\Programme\PC-Doctor\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (usbsmi) -- C:\Windows\System32\drivers\SMIksdrv.sys (SMI)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2967869
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2967869
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 DC 53 11 51 D1 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2967869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "GIGA Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2967869&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.9
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..network.proxy.backup.ftp: "94.185.245.84"
FF - prefs.js..network.proxy.backup.ftp_port: 3129
FF - prefs.js..network.proxy.backup.gopher: "94.185.245.84"
FF - prefs.js..network.proxy.backup.gopher_port: 3129
FF - prefs.js..network.proxy.backup.socks: "94.185.245.84"
FF - prefs.js..network.proxy.backup.socks_port: 3129
FF - prefs.js..network.proxy.backup.ssl: "94.185.245.84"
FF - prefs.js..network.proxy.backup.ssl_port: 3129
FF - prefs.js..network.proxy.ftp: "93.189.5.138"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "93.189.5.138"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "93.189.5.138"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "93.189.5.138"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "93.189.5.138"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.20 14:43:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.20 14:43:31 | 000,000,000 | ---D | M]
[2010.10.01 19:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2012.09.13 12:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\5b47xun6.default\extensions
[2012.07.25 10:01:28 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\5b47xun6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.13 12:51:02 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\5b47xun6.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2011.08.31 11:28:22 | 000,000,927 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\5b47xun6.default\searchplugins\conduit.xml
[2010.10.21 19:45:55 | 000,001,180 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\5b47xun6.default\searchplugins\urban-dictionary.xml
[2012.04.06 08:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.06 08:37:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.01.20 14:43:30 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.06 08:37:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.20 14:43:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.20 14:43:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.20 14:43:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.20 14:43:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.20 14:43:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.20 14:43:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.09.30 19:37:05 | 000,002,929 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 127.0.0.1 hh-software.com
O1 - Hosts: 127.0.0.1 www.hh-software.com
O1 - Hosts: 46 more lines...
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Unified Remote v2] C:\Program Files\Unified Remote\RemoteServer.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.42.43.62 82.212.62.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24486484-D838-4D66-AA29-C56ED9E69508}: DhcpNameServer = 78.42.43.62 82.212.62.62
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{96af0c33-4275-11e0-83cd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{96af0c33-4275-11e0-83cd-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -a
O33 - MountPoints2\{d6639e4f-d6df-11df-bdb2-60eb6915f9b9}\Shell - "" = AutoRun
O33 - MountPoints2\{d6639e4f-d6df-11df-bdb2-60eb6915f9b9}\Shell\AutoRun\command - "" = D:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.10.10 14:17:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2012.10.10 14:04:10 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\tdsskiller
[2012.10.10 01:27:22 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012.10.10 01:23:03 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.10 01:23:02 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.10 00:58:52 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Thomas\Desktop\esetsmartinstaller_enu.exe
[2012.10.10 00:39:07 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.10.10 00:39:06 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.10.10 00:39:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 00:39:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 00:39:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 00:39:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 00:39:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 00:39:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 00:39:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 00:39:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 00:39:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 00:39:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 00:39:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 00:39:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 00:39:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 00:39:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 00:39:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 00:39:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 00:39:00 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 00:38:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 00:38:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 00:38:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 00:38:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 00:38:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 00:38:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 00:38:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 00:38:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 00:38:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 00:38:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 00:38:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 00:38:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 00:09:38 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2012.10.10 00:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.10 00:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.10 00:08:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.10 00:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.10 00:06:44 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Thomas\Desktop\mbam-setup-1.65.0.1400.exe
[2012.10.09 23:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\0980A25954AD723600FF097FA44CE46C
[2012.09.27 19:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Samsung OCR Software
[2012.09.24 15:34:25 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.24 15:34:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.24 15:34:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.24 15:34:23 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.24 15:34:23 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.24 15:28:53 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Unified Remote
[2012.09.21 11:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012.09.21 11:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.09.21 11:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012.09.12 09:33:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012.09.12 09:33:39 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012.09.12 09:33:39 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012.09.12 09:33:18 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[1 C:\Users\Thomas\*.tmp files -> C:\Users\Thomas\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.10.10 14:17:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2012.10.10 14:15:52 | 000,013,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 14:15:52 | 000,013,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 14:08:18 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.10.10 14:08:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 14:08:04 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.10 14:03:48 | 002,193,278 | ---- | M] () -- C:\Users\Thomas\Desktop\tdsskiller.zip
[2012.10.10 01:27:28 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.10 01:27:28 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.10 01:27:28 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.10 01:27:28 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.10 00:58:58 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Thomas\Desktop\esetsmartinstaller_enu.exe
[2012.10.10 00:08:26 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.10 00:07:17 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Thomas\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.27 19:27:27 | 000,407,865 | ---- | M] () -- C:\Users\Thomas\Desktop\Ganzseitiges Foto.pdf
[2012.09.27 16:33:22 | 000,268,187 | ---- | M] () -- C:\Users\Thomas\Desktop\NONE.pdf
[2012.09.26 19:21:52 | 000,070,253 | ---- | M] () -- C:\Users\Thomas\Desktop\Booking.com_ Bestätigung.pdf
[2012.09.21 11:50:56 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.09.18 13:31:05 | 000,016,668 | ---- | M] () -- C:\Users\Thomas\Desktop\test.png
[2012.09.18 12:55:14 | 000,629,169 | ---- | M] () -- C:\Users\Thomas\Desktop\Sheet_001.jpg
[2012.09.17 20:04:23 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.09.14 22:39:00 | 000,109,930 | ---- | M] () -- C:\Users\Thomas\Desktop\232323232%7Ffp635;9)nu=;45 ) 66)25;)WSNRCG=33;8498;5334(nu0mrj.jpg
[2012.09.14 22:10:41 | 000,278,998 | ---- | M] () -- C:\Users\Thomas\Desktop\Foto.JPG
[2012.09.14 20:28:53 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.09.12 15:26:55 | 000,000,473 | ---- | M] () -- C:\Users\Thomas\Desktop\ras
[2012.09.10 18:30:29 | 003,578,715 | ---- | M] () -- C:\Users\Thomas\Documents\.RData
[2012.09.10 18:30:29 | 000,012,233 | ---- | M] () -- C:\Users\Thomas\Documents\.Rhistory
[1 C:\Users\Thomas\*.tmp files -> C:\Users\Thomas\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.10.10 14:03:44 | 002,193,278 | ---- | C] () -- C:\Users\Thomas\Desktop\tdsskiller.zip
[2012.10.10 00:08:26 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.27 19:25:08 | 000,407,865 | ---- | C] () -- C:\Users\Thomas\Desktop\Ganzseitiges Foto.pdf
[2012.09.27 16:33:22 | 000,268,187 | ---- | C] () -- C:\Users\Thomas\Desktop\NONE.pdf
[2012.09.26 19:21:48 | 000,070,253 | ---- | C] () -- C:\Users\Thomas\Desktop\Booking.com_ Bestätigung.pdf
[2012.09.21 11:50:56 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.09.18 13:31:05 | 000,016,668 | ---- | C] () -- C:\Users\Thomas\Desktop\test.png
[2012.09.14 22:39:00 | 000,109,930 | ---- | C] () -- C:\Users\Thomas\Desktop\232323232%7Ffp635;9)nu=;45 ) 66)25;)WSNRCG=33;8498;5334(nu0mrj.jpg
[2012.09.14 22:00:18 | 000,278,998 | ---- | C] () -- C:\Users\Thomas\Desktop\Foto.JPG
[2012.09.14 15:50:45 | 000,629,169 | ---- | C] () -- C:\Users\Thomas\Desktop\Sheet_001.jpg
[2012.09.10 18:30:28 | 003,578,715 | ---- | C] () -- C:\Users\Thomas\Documents\.RData
[2012.02.19 22:23:54 | 000,000,551 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\AutoGK.ini
[2012.01.18 11:29:28 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.11.30 23:03:29 | 000,000,032 | ---- | C] () -- C:\Users\Thomas\.simfy
[2011.10.07 10:25:08 | 000,000,337 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Perfmon.PerfmonCfg
[2011.09.27 02:57:59 | 000,007,791 | ---- | C] () -- C:\Users\Thomas\.recently-used.xbel
[2011.09.20 14:35:18 | 000,011,230 | ---- | C] () -- C:\Users\Thomas\gsview32.ini
[2011.06.25 18:43:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.16 23:27:00 | 000,004,608 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.20 13:33:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxecvs.dll
[2010.12.20 13:33:29 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeccoin.dll
[2010.12.20 13:33:26 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeccui.dll
[2010.12.20 13:33:26 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeccuir.dll
[2010.12.20 13:33:26 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxecgcfg.dll
[2010.12.20 13:32:22 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxecserv.dll
[2010.12.20 13:32:22 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxecusb1.dll
[2010.12.20 13:32:22 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeccomc.dll
[2010.12.20 13:32:22 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxechbn3.dll
[2010.12.20 13:32:22 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxecpmui.dll
[2010.12.20 13:32:22 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeccoms.exe
[2010.12.20 13:32:22 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeclmpm.dll
[2010.12.20 13:32:22 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeccfg.exe
[2010.12.20 13:32:22 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeccomm.dll
[2010.12.20 13:32:22 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxecinpa.dll
[2010.12.20 13:32:22 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEChcp.dll
[2010.12.20 13:32:22 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeciesc.dll
[2010.12.20 13:32:22 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXECinst.dll
[2010.12.20 13:32:22 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxecih.exe
[2010.12.20 13:32:22 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxecins.dll
[2010.12.20 13:32:22 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxecinsb.dll
[2010.12.20 13:32:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeccu.dll
[2010.12.20 13:32:22 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxecgrd.dll
[2010.12.20 13:32:22 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxecinsr.dll
[2010.12.20 13:32:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeccub.dll
[2010.12.20 13:32:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxecjswr.dll
[2010.12.20 13:32:22 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeccur.dll
[2010.12.20 13:32:12 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXECsm.dll
[2010.12.20 13:32:12 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXECsmr.dll
[2010.10.19 01:16:36 | 000,195,854 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.10.18 23:38:21 | 000,163,840 | ---- | C] () -- C:\Windows\System32\SM37XCoInst.dll
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
--- --- --- |
