| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen und TR/ATRAPS.Gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.07.2012, 07:38
| #1 |
 |  TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hallo, Avira zeigt mir die o.g. beiden Trojaner im Verzeichnis C:/Windows/Installer/{56d76256-d551-d3c2-818a-fa84f69dc1cd}\U\80000000.@ an. Ein Verschieben in Quarantäne oder Löschen bringt, wie erwartet, nichts. Ich habe mich an dieser Anleitung von Chris4You orientiert und einen Scan mit OTL gemacht (inkl. Minimale Ausgabe und. Heraus kam folgendes: OTL.txt: Code:
ATTFilter OTL logfile created on: 16.07.2012 08:24:53 - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\username\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,89 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 76,97% Memory free 15,77 Gb Paging File | 13,98 Gb Available in Paging File | 88,65% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,00 Gb Total Space | 61,26 Gb Free Space | 61,26% Space Free | Partition Type: NTFS Drive D: | 348,67 Gb Total Space | 336,25 Gb Free Space | 96,44% Space Free | Partition Type: NTFS Drive Q: | 15,62 Gb Total Space | 5,11 Gb Free Space | 32,68% Space Free | Partition Type: NTFS Computer Name: username-THINK | User Name: username | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\username\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - D:\BACKUP\THUNDERBIRD\PROFILE\9jw7bddz.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.) SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (HyperW7Svc) -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe (Lenovo Group Limited) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.) SRV - (jhi_service) Intel(R) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.) DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.) DRV:64bit: - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited) DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (PHCORE) -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys (Lenovo Group Limited) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 11:45:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.18 20:02:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 11:45:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.14 17:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Extensions [2012.07.09 08:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions [2012.06.10 17:19:41 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2012.06.08 10:31:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.15 10:06:08 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2012.06.10 17:26:36 | 000,000,000 | ---D | M] (Rikaichan Japanese-German Dictionary File) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\rikaichan-jpde@polarcloud.com [2012.05.11 07:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.09 08:32:35 | 000,028,993 | ---- | M] () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPM9XJXR.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI [2012.05.19 08:55:53 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPM9XJXR.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012.06.25 11:45:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.25 11:45:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.25 11:45:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.25 11:45:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.25 11:45:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.25 11:45:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.25 11:45:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\username\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\username\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FA55A89-71BB-43F3-8157-DAEDA2C7B1FA}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE0072BB-ADBE-4809-A9B3-1F3EC8E1389E}: DhcpNameServer = 172.168.111.2 O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk Q:\ O33 - MountPoints2\{42599f76-7a11-11e1-a739-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{42599f76-7a11-11e1-a739-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.16 07:53:48 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.exe [2012.07.12 11:45:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.12 11:45:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.12 11:45:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.12 11:45:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.12 11:45:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.12 11:45:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.12 11:45:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.12 11:45:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.12 11:45:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.12 11:45:02 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.12 11:45:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.12 11:45:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.12 11:45:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.12 11:43:38 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.12 11:43:37 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.12 11:43:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.12 11:43:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.12 11:43:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.08 10:01:56 | 000,000,000 | ---D | C] -- C:\Users\username\.thumbnails [2012.07.08 10:00:12 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\fontconfig [2012.07.08 10:00:09 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\gegl-0.2 [2012.07.08 10:00:09 | 000,000,000 | ---D | C] -- C:\Users\username\.gimp-2.8 [2012.07.08 09:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012.07.08 08:32:43 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2012.07.06 17:17:18 | 000,000,000 | ---D | C] -- C:\InterbankFX_1-Click [2012.07.06 11:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2012.07.06 11:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular [2012.06.30 13:58:01 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.30 13:58:00 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.30 13:57:51 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.30 13:57:50 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.06.30 13:57:50 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.06.28 15:39:39 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Google [2012.06.28 15:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.06.21 20:23:42 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.21 20:23:42 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.21 20:23:41 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.21 20:23:37 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.21 20:23:37 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.21 20:23:37 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.21 20:23:31 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.21 20:23:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.19 12:58:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.19 12:58:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.19 12:58:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.19 12:58:23 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.19 12:58:23 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.19 12:58:23 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe ========== Files - Modified Within 30 Days ========== [2012.07.16 08:02:46 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.16 08:02:46 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.16 07:59:55 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.16 07:59:55 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.16 07:59:55 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.16 07:59:55 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.16 07:59:55 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.16 07:57:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.16 07:57:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.16 07:55:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.16 07:55:08 | 2055,655,423 | -HS- | M] () -- C:\hiberfil.sys [2012.07.16 07:53:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.exe [2012.07.16 07:50:55 | 000,000,000 | ---- | M] () -- C:\Users\username\defogger_reenable [2012.07.16 07:50:27 | 000,050,477 | ---- | M] () -- C:\Users\username\Desktop\Defogger.exe [2012.07.13 07:54:54 | 000,005,849 | ---- | M] () -- C:\Users\username\AppData\Local\recently-used.xbel [2012.07.12 19:38:37 | 000,321,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.12 07:46:31 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk [2012.07.06 17:17:24 | 000,001,554 | ---- | M] () -- C:\Users\username\Desktop\Interbank FX Trader 4.lnk [2012.07.06 11:09:27 | 000,001,244 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.06.25 17:29:47 | 000,001,413 | ---- | M] () -- C:\Users\username\Desktop\Free YouTube to MP3 Converter.lnk ========== Files Created - No Company Name ========== [2012.07.16 08:25:20 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\U\80000000.@ [2012.07.16 08:16:47 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\U\800000cb.@ [2012.07.16 07:50:55 | 000,000,000 | ---- | C] () -- C:\Users\username\defogger_reenable [2012.07.16 07:50:26 | 000,050,477 | ---- | C] () -- C:\Users\username\Desktop\Defogger.exe [2012.07.13 09:56:29 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\U\00000001.@ [2012.07.13 07:54:54 | 000,005,849 | ---- | C] () -- C:\Users\username\AppData\Local\recently-used.xbel [2012.07.12 07:46:31 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk [2012.07.08 09:57:17 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.07.06 11:09:27 | 000,001,244 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.03.30 14:34:08 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\@ [2012.03.30 14:34:08 | 000,002,048 | -HS- | C] () -- C:\Users\username\AppData\Local\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\@ [2012.03.30 14:18:54 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2012.03.30 04:54:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.30 04:54:02 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.30 04:54:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.07.2012 08:24:53 - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\username\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,89 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 76,97% Memory free
15,77 Gb Paging File | 13,98 Gb Available in Paging File | 88,65% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 61,26 Gb Free Space | 61,26% Space Free | Partition Type: NTFS
Drive D: | 348,67 Gb Total Space | 336,25 Gb Free Space | 96,44% Space Free | Partition Type: NTFS
Drive Q: | 15,62 Gb Total Space | 5,11 Gb Free Space | 32,68% Space Free | Partition Type: NTFS
Computer Name: username-THINK | User Name: username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.71
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.71
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.71
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{DD00F699-6861-4DCF-A19F-8CF61E5E28ED}" = Lenovo Solution Center
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011)
"0DD5528A211904214F70A66DE6ADBD378B21566D" = Windows-Treiberpaket - Intel USB (12/21/2010 9.2.0.1021)
"43B5066463CEBC83E99586A67037B6F9FC4193FE" = Windows-Treiberpaket - Intel System (11/20/2010 9.2.0.1016)
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0)
"8058FF31D7C7F4818DC176DAF53CD379968C86E4" = Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011)
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"DDD8A532E361E9A878EBEF69C338B306810DF059" = Windows-Treiberpaket - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"GIMP-2_is1" = GIMP 2.8.0
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"ElsterFormular 13.2.0.8623k" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"KaloMa_is1" = KaloMa 4.93
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProInst" = Intel PROSet Wireless
"Winamp" = Winamp
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.07.2012 01:22:02 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2012 04:38:07 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2012 04:38:55 | Computer Name = username-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashUtil32_11_3_300_257_Plugin.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82130 Name des fehlerhaften Moduls: fpb.tmp,
Version: 11.3.300.257, Zeitstempel: 0x4fc81fa5 Ausnahmecode: 0x40000015 Fehleroffset:
0x0001224e ID des fehlerhaften Prozesses: 0xe40 Startzeit der fehlerhaften Anwendung:
0x01cd582e1b06e54f Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe
Pfad
des fehlerhaften Moduls: C:\Users\username\AppData\Local\Temp\{DB818F7F-26A7-4DDC-AB39-BED7A53CA9BB}\fpb.tmp
Berichtskennung:
5b5776fd-c421-11e1-b273-f0def1dce4ed
Error - 02.07.2012 04:45:49 | Computer Name = username-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 13.0.1.4548,
Zeitstempel: 0x4fda86dd Name des fehlerhaften Moduls: xul.dll, Version: 13.0.1.4548,
Zeitstempel: 0x4fda862b Ausnahmecode: 0xc0000005 Fehleroffset: 0x008e7d5e ID des fehlerhaften
Prozesses: 0x1390 Startzeit der fehlerhaften Anwendung: 0x01cd582e213f5de6 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Thunderbird\xul.dll Berichtskennung:
52126acc-c422-11e1-b273-f0def1dce4ed
Error - 02.07.2012 04:52:30 | Computer Name = username-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x001d4a67 ID des fehlerhaften Prozesses: 0x1424 Startzeit der fehlerhaften Anwendung:
0x01cd5830025a7f98 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
415e98d8-c423-11e1-b273-f0def1dce4ed
Error - 02.07.2012 05:55:30 | Computer Name = username-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Lenovo
Solution Center\App\diag\flex_comm_sample.exe". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 02.07.2012 05:57:33 | Computer Name = username-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\lenovo
solution center\App\diag\flex_comm_sample.exe". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.07.2012 14:34:02 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
Error - 05.07.2012 01:20:51 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
Error - 05.07.2012 05:07:13 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
[ Lenovo-Message Center Plus/Admin Events ]
Error - 14.04.2012 09:38:57 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
-> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
gefunden.
Error - 14.04.2012 15:45:33 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
-> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
gefunden.
Error - 15.04.2012 02:50:46 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
-> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
gefunden.
Error - 15.04.2012 06:52:45 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
-> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
gefunden.
[ System Events ]
Error - 16.04.2012 14:08:18 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description =
Error - 16.04.2012 14:08:48 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description =
Error - 16.04.2012 14:09:18 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description =
Error - 16.04.2012 14:09:48 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description =
Error - 19.05.2012 14:14:16 | Computer Name = username-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 19.05.2012 14:14:18 | Computer Name = username-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 11.06.2012 07:07:36 | Computer Name = username-THINK | Source = DCOM | ID = 10010
Description =
Error - 11.06.2012 07:09:20 | Computer Name = username-THINK | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
Error - 11.06.2012 07:12:28 | Computer Name = username-THINK | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 18.06.2012 14:00:11 | Computer Name = username-THINK | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?06.?2012 um 19:58:15 unerwartet heruntergefahren.
< End of report >
Code:
ATTFilter 08:41:33.0562 5776 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
08:41:33.0862 5776 ============================================================
08:41:33.0872 5776 Current date / time: 2012/07/16 08:41:33.0862
08:41:33.0872 5776 SystemInfo:
08:41:33.0872 5776
08:41:33.0872 5776 OS Version: 6.1.7601 ServicePack: 1.0
08:41:33.0872 5776 Product type: Workstation
08:41:33.0872 5776 ComputerName: username-THINK
08:41:33.0872 5776 UserName: username
08:41:33.0872 5776 Windows directory: C:\Windows
08:41:33.0872 5776 System windows directory: C:\Windows
08:41:33.0872 5776 Running under WOW64
08:41:33.0872 5776 Processor architecture: Intel x64
08:41:33.0872 5776 Number of processors: 8
08:41:33.0872 5776 Page size: 0x1000
08:41:33.0872 5776 Boot type: Normal boot
08:41:33.0872 5776 ============================================================
08:41:34.0672 5776 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:41:34.0682 5776 Drive \Device\Harddisk1\DR2 - Size: 0x3D780000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:41:34.0682 5776 ============================================================
08:41:34.0682 5776 \Device\Harddisk0\DR0:
08:41:34.0682 5776 MBR partitions:
08:41:34.0682 5776 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
08:41:34.0682 5776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xC800000
08:41:34.0702 5776 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCAEF000, BlocksNum 0x2B956800
08:41:34.0702 5776 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38445800, BlocksNum 0x1F40000
08:41:34.0702 5776 \Device\Harddisk1\DR2:
08:41:34.0702 5776 MBR partitions:
08:41:34.0702 5776 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x1EBBE0
08:41:34.0702 5776 ============================================================
08:41:34.0732 5776 C: <-> \Device\Harddisk0\DR0\Partition1
08:41:34.0782 5776 Q: <-> \Device\Harddisk0\DR0\Partition3
08:41:34.0812 5776 D: <-> \Device\Harddisk0\DR0\Partition2
08:41:34.0812 5776 ============================================================
08:41:34.0812 5776 Initialize success
08:41:34.0812 5776 ============================================================
08:42:03.0002 6008 ============================================================
08:42:03.0002 6008 Scan started
08:42:03.0002 6008 Mode: Manual; SigCheck; TDLFS;
08:42:03.0002 6008 ============================================================
08:42:03.0682 6008 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
08:42:03.0822 6008 1394ohci - ok
08:42:03.0882 6008 5U877 (f4af97702bad85bfef64b9a557f11b6f) C:\Windows\system32\DRIVERS\5U877.sys
08:42:03.0932 6008 5U877 - ok
08:42:03.0992 6008 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:42:04.0032 6008 ACPI - ok
08:42:04.0062 6008 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:42:04.0112 6008 AcpiPmi - ok
08:42:04.0182 6008 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:42:04.0232 6008 adp94xx - ok
08:42:04.0312 6008 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:42:04.0352 6008 adpahci - ok
08:42:04.0382 6008 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:42:04.0412 6008 adpu320 - ok
08:42:04.0452 6008 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:42:04.0542 6008 AeLookupSvc - ok
08:42:04.0602 6008 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:42:04.0662 6008 AFD - ok
08:42:04.0692 6008 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:42:04.0722 6008 agp440 - ok
08:42:04.0762 6008 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:42:04.0792 6008 ALG - ok
08:42:04.0822 6008 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:42:04.0842 6008 aliide - ok
08:42:04.0862 6008 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:42:04.0892 6008 amdide - ok
08:42:04.0912 6008 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:42:04.0942 6008 AmdK8 - ok
08:42:04.0962 6008 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
08:42:05.0002 6008 AmdPPM - ok
08:42:05.0042 6008 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:42:05.0072 6008 amdsata - ok
08:42:05.0102 6008 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:42:05.0132 6008 amdsbs - ok
08:42:05.0152 6008 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:42:05.0172 6008 amdxata - ok
08:42:05.0262 6008 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
08:42:05.0292 6008 AntiVirSchedulerService - ok
08:42:05.0342 6008 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
08:42:05.0362 6008 AntiVirService - ok
08:42:05.0402 6008 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:42:05.0492 6008 AppID - ok
08:42:05.0512 6008 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:42:05.0592 6008 AppIDSvc - ok
08:42:05.0612 6008 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:42:05.0692 6008 Appinfo - ok
08:42:05.0732 6008 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
08:42:05.0772 6008 AppMgmt - ok
08:42:05.0842 6008 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:42:05.0862 6008 arc - ok
08:42:05.0902 6008 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:42:05.0932 6008 arcsas - ok
08:42:05.0962 6008 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:42:06.0052 6008 AsyncMac - ok
08:42:06.0102 6008 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:42:06.0122 6008 atapi - ok
08:42:06.0222 6008 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:42:06.0332 6008 AudioEndpointBuilder - ok
08:42:06.0342 6008 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:42:06.0452 6008 AudioSrv - ok
08:42:06.0492 6008 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
08:42:06.0532 6008 avgntflt - ok
08:42:06.0562 6008 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
08:42:06.0592 6008 avipbb - ok
08:42:06.0622 6008 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
08:42:06.0652 6008 avkmgr - ok
08:42:06.0692 6008 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:42:06.0742 6008 AxInstSV - ok
08:42:06.0812 6008 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:42:06.0852 6008 b06bdrv - ok
08:42:06.0912 6008 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:42:06.0952 6008 b57nd60a - ok
08:42:06.0982 6008 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:42:07.0022 6008 BDESVC - ok
08:42:07.0032 6008 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:42:07.0132 6008 Beep - ok
08:42:07.0232 6008 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
08:42:07.0362 6008 BITS - ok
08:42:07.0402 6008 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:42:07.0442 6008 blbdrive - ok
08:42:07.0482 6008 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:42:07.0522 6008 bowser - ok
08:42:07.0552 6008 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:42:07.0602 6008 BrFiltLo - ok
08:42:07.0612 6008 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:42:07.0642 6008 BrFiltUp - ok
08:42:07.0672 6008 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:42:07.0772 6008 Browser - ok
08:42:07.0812 6008 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:42:07.0862 6008 Brserid - ok
08:42:07.0882 6008 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:42:07.0922 6008 BrSerWdm - ok
08:42:07.0942 6008 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:42:07.0992 6008 BrUsbMdm - ok
08:42:08.0012 6008 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:42:08.0052 6008 BrUsbSer - ok
08:42:08.0082 6008 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
08:42:08.0122 6008 BthEnum - ok
08:42:08.0152 6008 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:42:08.0202 6008 BTHMODEM - ok
08:42:08.0242 6008 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
08:42:08.0292 6008 BthPan - ok
08:42:08.0352 6008 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
08:42:08.0392 6008 BTHPORT - ok
08:42:08.0442 6008 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:42:08.0532 6008 bthserv - ok
08:42:08.0542 6008 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
08:42:08.0582 6008 BTHUSB - ok
08:42:08.0662 6008 BTWAMPFL (8834f87a6a745872894df8223201a6c3) C:\Windows\system32\DRIVERS\btwampfl.sys
08:42:08.0702 6008 BTWAMPFL - ok
08:42:08.0722 6008 btwaudio (9863d82ecbec6106d377ed73680d99d8) C:\Windows\system32\drivers\btwaudio.sys
08:42:08.0752 6008 btwaudio - ok
08:42:08.0782 6008 btwavdt (3432dd66ae75ab2de6d0527ad78dbfc7) C:\Windows\system32\drivers\btwavdt.sys
08:42:08.0812 6008 btwavdt - ok
08:42:08.0942 6008 btwdins (eb4afe08fb39bb444f221d7d501e0915) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
08:42:09.0002 6008 btwdins - ok
08:42:09.0032 6008 btwl2cap (382dc5a631ced0462ea09b7eb898bdbf) C:\Windows\system32\DRIVERS\btwl2cap.sys
08:42:09.0052 6008 btwl2cap - ok
08:42:09.0062 6008 btwrchid (13a9c2cedd44c175e6ca39a536795ca6) C:\Windows\system32\DRIVERS\btwrchid.sys
08:42:09.0082 6008 btwrchid - ok
08:42:09.0122 6008 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:42:09.0222 6008 cdfs - ok
08:42:09.0272 6008 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:42:09.0312 6008 cdrom - ok
08:42:09.0352 6008 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:42:09.0442 6008 CertPropSvc - ok
08:42:09.0472 6008 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
08:42:09.0512 6008 circlass - ok
08:42:09.0582 6008 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:42:09.0622 6008 CLFS - ok
08:42:09.0682 6008 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:42:09.0712 6008 clr_optimization_v2.0.50727_32 - ok
08:42:09.0742 6008 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:42:09.0772 6008 clr_optimization_v2.0.50727_64 - ok
08:42:09.0842 6008 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:42:09.0862 6008 clr_optimization_v4.0.30319_32 - ok
08:42:09.0902 6008 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:42:09.0922 6008 clr_optimization_v4.0.30319_64 - ok
08:42:09.0952 6008 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:42:09.0992 6008 CmBatt - ok
08:42:10.0002 6008 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:42:10.0032 6008 cmdide - ok
08:42:10.0092 6008 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
08:42:10.0162 6008 CNG - ok
08:42:10.0352 6008 CnxtHdAudService (8de541b4cfa281a204baa3ea2109809e) C:\Windows\system32\drivers\CHDRT64.sys
08:42:10.0432 6008 CnxtHdAudService - ok
08:42:10.0572 6008 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
08:42:10.0592 6008 Compbatt - ok
08:42:10.0622 6008 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:42:10.0672 6008 CompositeBus - ok
08:42:10.0682 6008 COMSysApp - ok
08:42:10.0702 6008 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:42:10.0722 6008 crcdisk - ok
08:42:10.0772 6008 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
08:42:10.0812 6008 CryptSvc - ok
08:42:10.0872 6008 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
08:42:10.0932 6008 CSC - ok
08:42:11.0022 6008 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
08:42:11.0082 6008 CscService - ok
08:42:11.0132 6008 CxAudMsg (9d0d050170d47e778b624a28c90f23de) C:\Windows\system32\CxAudMsg64.exe
08:42:11.0152 6008 CxAudMsg - ok
08:42:11.0232 6008 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:42:11.0352 6008 DcomLaunch - ok
08:42:11.0402 6008 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:42:11.0512 6008 defragsvc - ok
08:42:11.0572 6008 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:42:11.0662 6008 DfsC - ok
08:42:11.0732 6008 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:42:11.0832 6008 Dhcp - ok
08:42:11.0852 6008 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:42:11.0952 6008 discache - ok
08:42:11.0992 6008 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:42:12.0012 6008 Disk - ok
08:42:12.0032 6008 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
08:42:12.0062 6008 dmvsc - ok
08:42:12.0112 6008 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:42:12.0162 6008 Dnscache - ok
08:42:12.0212 6008 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:42:12.0312 6008 dot3svc - ok
08:42:12.0412 6008 DozeSvc (277247b79da2230d0c3aeb83e6cd8ca7) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
08:42:12.0452 6008 DozeSvc - ok
08:42:12.0492 6008 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:42:12.0592 6008 DPS - ok
08:42:12.0622 6008 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:42:12.0662 6008 drmkaud - ok
08:42:12.0762 6008 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:42:12.0832 6008 DXGKrnl - ok
08:42:12.0862 6008 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
08:42:12.0882 6008 DzHDD64 - ok
08:42:12.0942 6008 e1cexpress (dc1776d086aa9733b1929a3d979d9fdd) C:\Windows\system32\DRIVERS\e1c62x64.sys
08:42:12.0972 6008 e1cexpress - ok
08:42:13.0012 6008 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:42:13.0112 6008 EapHost - ok
08:42:13.0442 6008 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:42:13.0582 6008 ebdrv - ok
08:42:13.0712 6008 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:42:13.0762 6008 EFS - ok
08:42:13.0852 6008 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:42:13.0902 6008 elxstor - ok
08:42:13.0912 6008 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:42:13.0952 6008 ErrDev - ok
08:42:14.0032 6008 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:42:14.0142 6008 EventSystem - ok
08:42:14.0342 6008 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
08:42:14.0422 6008 EvtEng - ok
08:42:14.0572 6008 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:42:14.0672 6008 exfat - ok
08:42:14.0712 6008 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:42:14.0812 6008 fastfat - ok
08:42:14.0902 6008 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:42:14.0962 6008 Fax - ok
08:42:14.0982 6008 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:42:15.0022 6008 fdc - ok
08:42:15.0052 6008 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:42:15.0142 6008 fdPHost - ok
08:42:15.0152 6008 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:42:15.0242 6008 FDResPub - ok
08:42:15.0282 6008 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:42:15.0302 6008 FileInfo - ok
08:42:15.0322 6008 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:42:15.0412 6008 Filetrace - ok
08:42:15.0432 6008 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:42:15.0462 6008 flpydisk - ok
08:42:15.0502 6008 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:42:15.0542 6008 FltMgr - ok
08:42:15.0642 6008 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:42:15.0722 6008 FontCache - ok
08:42:15.0782 6008 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:42:15.0802 6008 FontCache3.0.0.0 - ok
08:42:15.0852 6008 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:42:15.0872 6008 FsDepends - ok
08:42:15.0902 6008 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:42:15.0922 6008 Fs_Rec - ok
08:42:15.0962 6008 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:42:16.0002 6008 fvevol - ok
08:42:16.0062 6008 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:42:16.0082 6008 gagp30kx - ok
08:42:16.0182 6008 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:42:16.0282 6008 gpsvc - ok
08:42:16.0312 6008 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:42:16.0342 6008 hcw85cir - ok
08:42:16.0412 6008 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:42:16.0472 6008 HdAudAddService - ok
08:42:16.0502 6008 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:42:16.0552 6008 HDAudBus - ok
08:42:16.0562 6008 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:42:16.0602 6008 HidBatt - ok
08:42:16.0642 6008 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:42:16.0682 6008 HidBth - ok
08:42:16.0702 6008 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:42:16.0742 6008 HidIr - ok
08:42:16.0762 6008 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
08:42:16.0862 6008 hidserv - ok
08:42:16.0912 6008 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:42:16.0932 6008 HidUsb - ok
08:42:16.0962 6008 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:42:17.0062 6008 hkmsvc - ok
08:42:17.0102 6008 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:42:17.0142 6008 HomeGroupListener - ok
08:42:17.0172 6008 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:42:17.0222 6008 HomeGroupProvider - ok
08:42:17.0252 6008 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:42:17.0282 6008 HpSAMD - ok
08:42:17.0382 6008 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:42:17.0492 6008 HTTP - ok
08:42:17.0512 6008 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:42:17.0542 6008 hwpolicy - ok
08:42:17.0642 6008 HyperW7Svc (e935c8099f9196bf19224d9ee4808612) C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
08:42:17.0662 6008 HyperW7Svc - ok
08:42:17.0712 6008 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:42:17.0742 6008 i8042prt - ok
08:42:17.0812 6008 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
08:42:17.0852 6008 iaStor - ok
08:42:17.0912 6008 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:42:17.0952 6008 iaStorV - ok
08:42:17.0972 6008 IBMPMDRV (29ed470689b7c597a9701d6a4c57a578) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
08:42:17.0992 6008 IBMPMDRV - ok
08:42:18.0012 6008 IBMPMSVC (bc7af43eec24e995d770ec92a441d5d8) C:\Windows\system32\ibmpmsvc.exe
08:42:18.0032 6008 IBMPMSVC - ok
08:42:18.0162 6008 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:42:18.0212 6008 idsvc - ok
08:42:19.0182 6008 igfx (66dc0ce2d1867b8178eaa0e11930dbd7) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:42:19.0772 6008 igfx - ok
08:42:19.0902 6008 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:42:19.0932 6008 iirsp - ok
08:42:20.0022 6008 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:42:20.0142 6008 IKEEXT - ok
08:42:20.0172 6008 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:42:20.0192 6008 intelide - ok
08:42:20.0222 6008 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:42:20.0262 6008 intelppm - ok
08:42:20.0302 6008 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:42:20.0392 6008 IPBusEnum - ok
08:42:20.0412 6008 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:42:20.0512 6008 IpFilterDriver - ok
08:42:20.0532 6008 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:42:20.0562 6008 IPMIDRV - ok
08:42:20.0602 6008 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:42:20.0702 6008 IPNAT - ok
08:42:20.0732 6008 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:42:20.0782 6008 IRENUM - ok
08:42:20.0802 6008 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:42:20.0832 6008 isapnp - ok
08:42:20.0872 6008 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:42:20.0902 6008 iScsiPrt - ok
08:42:21.0012 6008 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
08:42:21.0042 6008 jhi_service - ok
08:42:21.0072 6008 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:42:21.0102 6008 kbdclass - ok
08:42:21.0142 6008 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:42:21.0172 6008 kbdhid - ok
08:42:21.0202 6008 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:42:21.0232 6008 KeyIso - ok
08:42:21.0272 6008 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
08:42:21.0292 6008 KSecDD - ok
08:42:21.0322 6008 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
08:42:21.0352 6008 KSecPkg - ok
08:42:21.0372 6008 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:42:21.0462 6008 ksthunk - ok
08:42:21.0542 6008 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:42:21.0642 6008 KtmRm - ok
08:42:21.0692 6008 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
08:42:21.0792 6008 LanmanServer - ok
08:42:21.0832 6008 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:42:21.0932 6008 LanmanWorkstation - ok
08:42:22.0042 6008 LENOVO.MICMUTE (340288b3b2edc8afd5ff127df85142a7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
08:42:22.0062 6008 LENOVO.MICMUTE - ok
08:42:22.0082 6008 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
08:42:22.0102 6008 lenovo.smi - ok
08:42:22.0152 6008 Lenovo.VIRTSCRLSVC (f7de50781dc4d162c1005eb30d98f931) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
08:42:22.0172 6008 Lenovo.VIRTSCRLSVC - ok
08:42:22.0202 6008 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:42:22.0302 6008 lltdio - ok
08:42:22.0362 6008 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:42:22.0472 6008 lltdsvc - ok
08:42:22.0492 6008 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:42:22.0592 6008 lmhosts - ok
08:42:22.0672 6008 LMS (97f9eaac985a663394cd8f54dcd3e73a) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
08:42:22.0702 6008 LMS - ok
08:42:22.0732 6008 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:42:22.0762 6008 LSI_FC - ok
08:42:22.0792 6008 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:42:22.0822 6008 LSI_SAS - ok
08:42:22.0842 6008 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:42:22.0872 6008 LSI_SAS2 - ok
08:42:22.0892 6008 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:42:22.0922 6008 LSI_SCSI - ok
08:42:22.0952 6008 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:42:23.0052 6008 luafv - ok
08:42:23.0072 6008 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:42:23.0092 6008 megasas - ok
08:42:23.0152 6008 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:42:23.0182 6008 MegaSR - ok
08:42:23.0212 6008 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
08:42:23.0232 6008 MEIx64 - ok
08:42:23.0272 6008 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:42:23.0372 6008 MMCSS - ok
08:42:23.0382 6008 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:42:23.0482 6008 Modem - ok
08:42:23.0512 6008 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:42:23.0552 6008 monitor - ok
08:42:23.0592 6008 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:42:23.0612 6008 mouclass - ok
08:42:23.0642 6008 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:42:23.0682 6008 mouhid - ok
08:42:23.0702 6008 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:42:23.0732 6008 mountmgr - ok
08:42:23.0802 6008 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:42:23.0822 6008 MozillaMaintenance - ok
08:42:23.0862 6008 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:42:23.0882 6008 mpio - ok
08:42:23.0902 6008 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:42:23.0992 6008 mpsdrv - ok
08:42:24.0022 6008 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:42:24.0072 6008 MRxDAV - ok
08:42:24.0112 6008 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:42:24.0152 6008 mrxsmb - ok
08:42:24.0192 6008 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:42:24.0232 6008 mrxsmb10 - ok
08:42:24.0272 6008 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:42:24.0303 6008 mrxsmb20 - ok
08:42:24.0332 6008 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:42:24.0352 6008 msahci - ok
08:42:24.0392 6008 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:42:24.0422 6008 msdsm - ok
08:42:24.0452 6008 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:42:24.0502 6008 MSDTC - ok
08:42:24.0564 6008 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:42:24.0666 6008 Msfs - ok
08:42:24.0686 6008 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:42:24.0776 6008 mshidkmdf - ok
08:42:24.0806 6008 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:42:24.0836 6008 msisadrv - ok
08:42:24.0878 6008 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:42:24.0978 6008 MSiSCSI - ok
08:42:24.0978 6008 msiserver - ok
08:42:25.0030 6008 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:42:25.0120 6008 MSKSSRV - ok
08:42:25.0140 6008 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:42:25.0242 6008 MSPCLOCK - ok
08:42:25.0282 6008 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:42:25.0362 6008 MSPQM - ok
08:42:25.0412 6008 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:42:25.0452 6008 MsRPC - ok
08:42:25.0472 6008 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:42:25.0502 6008 mssmbios - ok
08:42:25.0522 6008 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:42:25.0622 6008 MSTEE - ok
08:42:25.0652 6008 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:42:25.0682 6008 MTConfig - ok
08:42:25.0702 6008 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:42:25.0732 6008 Mup - ok
08:42:25.0792 6008 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:42:25.0902 6008 napagent - ok
08:42:25.0972 6008 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:42:26.0022 6008 NativeWifiP - ok
08:42:26.0142 6008 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
08:42:26.0212 6008 NDIS - ok
08:42:26.0242 6008 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:42:26.0342 6008 NdisCap - ok
08:42:26.0362 6008 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:42:26.0452 6008 NdisTapi - ok
08:42:26.0472 6008 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:42:26.0572 6008 Ndisuio - ok
08:42:26.0602 6008 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:42:26.0692 6008 NdisWan - ok
08:42:26.0722 6008 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:42:26.0812 6008 NDProxy - ok
08:42:26.0832 6008 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:42:26.0932 6008 NetBIOS - ok
08:42:26.0982 6008 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:42:27.0072 6008 NetBT - ok
08:42:27.0102 6008 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:42:27.0132 6008 Netlogon - ok
08:42:27.0192 6008 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:42:27.0292 6008 Netman - ok
08:42:27.0342 6008 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:42:27.0452 6008 netprofm - ok
08:42:27.0502 6008 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:42:27.0542 6008 NetTcpPortSharing - ok
08:42:28.0252 6008 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
08:42:28.0612 6008 NETwNs64 - ok
08:42:28.0772 6008 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:42:28.0792 6008 nfrd960 - ok
08:42:28.0852 6008 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:42:28.0962 6008 NlaSvc - ok
08:42:28.0982 6008 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:42:29.0072 6008 Npfs - ok
08:42:29.0082 6008 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:42:29.0182 6008 nsi - ok
08:42:29.0202 6008 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:42:29.0292 6008 nsiproxy - ok
08:42:29.0482 6008 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:42:29.0582 6008 Ntfs - ok
08:42:29.0702 6008 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:42:29.0802 6008 Null - ok
08:42:29.0842 6008 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
08:42:29.0872 6008 nusb3hub - ok
08:42:29.0902 6008 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
08:42:29.0942 6008 nusb3xhc - ok
08:42:31.0132 6008 nvlddmkm (e2c13f0bc48bbf7fec12aee77f3d3e26) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:42:31.0672 6008 nvlddmkm - ok
08:42:31.0812 6008 nvpciflt (2e6c975ae61742dc8a31b9e260d8af1d) C:\Windows\system32\DRIVERS\nvpciflt.sys
08:42:31.0822 6008 nvpciflt - ok
08:42:31.0872 6008 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:42:31.0902 6008 nvraid - ok
08:42:31.0942 6008 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:42:31.0972 6008 nvstor - ok
08:42:32.0072 6008 NVSvc (ade4d6e9335f1746016d3533f177c694) C:\Windows\system32\nvvsvc.exe
08:42:32.0132 6008 NVSvc - ok
08:42:32.0392 6008 nvUpdatusService (e9200f89ea2885b9b8151aa9d7b480eb) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
08:42:32.0492 6008 nvUpdatusService - ok
08:42:32.0642 6008 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:42:32.0672 6008 nv_agp - ok
08:42:32.0682 6008 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:42:32.0722 6008 ohci1394 - ok
08:42:32.0782 6008 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:42:32.0822 6008 p2pimsvc - ok
08:42:32.0882 6008 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:42:32.0922 6008 p2psvc - ok
08:42:32.0952 6008 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
08:42:32.0982 6008 Parport - ok
08:42:33.0012 6008 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:42:33.0042 6008 partmgr - ok
08:42:33.0082 6008 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:42:33.0142 6008 PcaSvc - ok
08:42:33.0182 6008 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:42:33.0212 6008 pci - ok
08:42:33.0222 6008 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:42:33.0242 6008 pciide - ok
08:42:33.0282 6008 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:42:33.0322 6008 pcmcia - ok
08:42:33.0332 6008 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:42:33.0362 6008 pcw - ok
08:42:33.0432 6008 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:42:33.0542 6008 PEAUTH - ok
08:42:33.0692 6008 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
08:42:33.0772 6008 PeerDistSvc - ok
08:42:33.0862 6008 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:42:33.0892 6008 PerfHost - ok
08:42:33.0972 6008 PHCORE (52c9f4359af4a25969b882aecc6f3bda) C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
08:42:33.0992 6008 PHCORE - ok
08:42:34.0182 6008 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:42:34.0322 6008 pla - ok
08:42:34.0492 6008 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:42:34.0542 6008 PlugPlay - ok
08:42:34.0572 6008 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:42:34.0602 6008 PNRPAutoReg - ok
08:42:34.0632 6008 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:42:34.0672 6008 PNRPsvc - ok
08:42:34.0722 6008 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
08:42:34.0742 6008 Point64 - ok
08:42:34.0812 6008 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:42:34.0922 6008 PolicyAgent - ok
08:42:34.0962 6008 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
08:42:35.0012 6008 Power - ok
08:42:35.0072 6008 Power Manager DBC Service (4cadd52e1669693937360c7ed680365b) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
08:42:35.0092 6008 Power Manager DBC Service - ok
08:42:35.0132 6008 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:42:35.0232 6008 PptpMiniport - ok
08:42:35.0242 6008 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:42:35.0282 6008 Processor - ok
08:42:35.0322 6008 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
08:42:35.0362 6008 ProfSvc - ok
08:42:35.0382 6008 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:42:35.0412 6008 ProtectedStorage - ok
08:42:35.0452 6008 psadd (05a4779e4994b21473edbe85aabe8030) C:\Windows\system32\DRIVERS\psadd.sys
08:42:35.0462 6008 psadd - ok
08:42:35.0512 6008 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:42:35.0602 6008 Psched - ok
08:42:35.0652 6008 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
08:42:35.0682 6008 PSI_SVC_2 - ok
08:42:35.0722 6008 PwmEWSvc (71399b176de1caefd5ad4287abb9e8a3) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
08:42:35.0752 6008 PwmEWSvc - ok
08:42:35.0922 6008 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:42:36.0012 6008 ql2300 - ok
08:42:36.0162 6008 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:42:36.0192 6008 ql40xx - ok
08:42:36.0242 6008 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:42:36.0282 6008 QWAVE - ok
08:42:36.0312 6008 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:42:36.0362 6008 QWAVEdrv - ok
08:42:36.0372 6008 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:42:36.0462 6008 RasAcd - ok
08:42:36.0492 6008 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:42:36.0582 6008 RasAgileVpn - ok
08:42:36.0612 6008 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:42:36.0712 6008 RasAuto - ok
08:42:36.0752 6008 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:42:36.0832 6008 Rasl2tp - ok
08:42:36.0902 6008 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:42:37.0002 6008 RasMan - ok
08:42:37.0032 6008 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:42:37.0122 6008 RasPppoe - ok
08:42:37.0152 6008 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:42:37.0252 6008 RasSstp - ok
08:42:37.0292 6008 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:42:37.0392 6008 rdbss - ok
08:42:37.0422 6008 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:42:37.0462 6008 rdpbus - ok
08:42:37.0482 6008 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:42:37.0582 6008 RDPCDD - ok
08:42:37.0622 6008 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
08:42:37.0652 6008 RDPDR - ok
08:42:37.0662 6008 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:42:37.0752 6008 RDPENCDD - ok
08:42:37.0772 6008 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:42:37.0862 6008 RDPREFMP - ok
08:42:37.0912 6008 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:42:37.0942 6008 RDPWD - ok
08:42:37.0982 6008 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:42:38.0012 6008 rdyboost - ok
08:42:38.0162 6008 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
08:42:38.0212 6008 RegSrvc - ok
08:42:38.0252 6008 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:42:38.0352 6008 RemoteAccess - ok
08:42:38.0392 6008 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:42:38.0492 6008 RemoteRegistry - ok
08:42:38.0572 6008 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
08:42:38.0622 6008 RFCOMM - ok
08:42:38.0662 6008 risdxc (5a227511ed22ddfedf7ef7323c8f7d2f) C:\Windows\system32\DRIVERS\risdxc64.sys
08:42:38.0692 6008 risdxc - ok
08:42:38.0712 6008 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:42:38.0812 6008 RpcEptMapper - ok
08:42:38.0832 6008 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:42:38.0872 6008 RpcLocator - ok
08:42:38.0952 6008 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:42:39.0052 6008 RpcSs - ok
08:42:39.0082 6008 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:42:39.0172 6008 rspndr - ok
08:42:39.0192 6008 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
08:42:39.0232 6008 s3cap - ok
08:42:39.0252 6008 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:42:39.0282 6008 SamSs - ok
08:42:39.0282 6008 SAService - ok
08:42:39.0312 6008 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:42:39.0342 6008 sbp2port - ok
08:42:39.0372 6008 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:42:39.0472 6008 SCardSvr - ok
08:42:39.0502 6008 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:42:39.0602 6008 scfilter - ok
08:42:39.0722 6008 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:42:39.0852 6008 Schedule - ok
08:42:39.0882 6008 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:42:39.0972 6008 SCPolicySvc - ok
08:42:40.0002 6008 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:42:40.0042 6008 SDRSVC - ok
08:42:40.0092 6008 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:42:40.0192 6008 secdrv - ok
08:42:40.0222 6008 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:42:40.0302 6008 seclogon - ok
08:42:40.0332 6008 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:42:40.0432 6008 SENS - ok
08:42:40.0452 6008 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:42:40.0492 6008 SensrSvc - ok
08:42:40.0512 6008 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:42:40.0552 6008 Serenum - ok
08:42:40.0582 6008 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:42:40.0612 6008 Serial - ok
08:42:40.0642 6008 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:42:40.0672 6008 sermouse - ok
08:42:40.0722 6008 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:42:40.0812 6008 SessionEnv - ok
08:42:40.0842 6008 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:42:40.0872 6008 sffdisk - ok
08:42:40.0892 6008 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:42:40.0932 6008 sffp_mmc - ok
08:42:40.0942 6008 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:42:40.0982 6008 sffp_sd - ok
08:42:41.0002 6008 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:42:41.0032 6008 sfloppy - ok
08:42:41.0092 6008 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:42:41.0192 6008 ShellHWDetection - ok
08:42:41.0232 6008 Shockprf (e2fc046d4edabfe3b5ef7da06406277d) C:\Windows\system32\DRIVERS\Apsx64.sys
08:42:41.0252 6008 Shockprf - ok
08:42:41.0282 6008 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:42:41.0312 6008 SiSRaid2 - ok
08:42:41.0332 6008 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:42:41.0352 6008 SiSRaid4 - ok
08:42:41.0392 6008 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:42:41.0482 6008 Smb - ok
08:42:41.0532 6008 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:42:41.0572 6008 SNMPTRAP - ok
08:42:41.0602 6008 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:42:41.0632 6008 spldr - ok
08:42:41.0702 6008 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:42:41.0802 6008 Spooler - ok
08:42:42.0082 6008 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:42:42.0292 6008 sppsvc - ok
08:42:42.0422 6008 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:42:42.0512 6008 sppuinotify - ok
08:42:42.0582 6008 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:42:42.0632 6008 srv - ok
08:42:42.0692 6008 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:42:42.0742 6008 srv2 - ok
08:42:42.0772 6008 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:42:42.0802 6008 srvnet - ok
08:42:42.0842 6008 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:42:42.0942 6008 SSDPSRV - ok
08:42:42.0952 6008 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:42:43.0042 6008 SstpSvc - ok
08:42:43.0142 6008 Stereo Service (9f16ddf670705ecae9169e6e3130e50b) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:42:43.0172 6008 Stereo Service - ok
08:42:43.0202 6008 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:42:43.0222 6008 stexstor - ok
08:42:43.0322 6008 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:42:43.0382 6008 stisvc - ok
08:42:43.0432 6008 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
08:42:43.0452 6008 storflt - ok
08:42:43.0482 6008 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
08:42:43.0512 6008 StorSvc - ok
08:42:43.0542 6008 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
08:42:43.0562 6008 storvsc - ok
08:42:43.0632 6008 SUService (59b5a060a31bd4bab030c4fcd1048292) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
08:42:43.0652 6008 SUService - ok
08:42:43.0672 6008 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:42:43.0692 6008 swenum - ok
08:42:43.0772 6008 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:42:43.0882 6008 swprv - ok
08:42:44.0052 6008 SynTP (ffdd13b42d4b106ac9fafbb0e1f7faa5) C:\Windows\system32\DRIVERS\SynTP.sys
08:42:44.0132 6008 SynTP - ok
08:42:44.0412 6008 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:42:44.0522 6008 SysMain - ok
08:42:44.0642 6008 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:42:44.0692 6008 TabletInputService - ok
08:42:44.0732 6008 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:42:44.0822 6008 TapiSrv - ok
08:42:44.0842 6008 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:42:44.0942 6008 TBS - ok
08:42:45.0172 6008 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:42:45.0272 6008 Tcpip - ok
08:42:45.0562 6008 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:42:45.0662 6008 TCPIP6 - ok
08:42:45.0792 6008 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:42:45.0892 6008 tcpipreg - ok
08:42:45.0912 6008 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:42:45.0942 6008 TDPIPE - ok
08:42:45.0972 6008 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:42:45.0992 6008 TDTCP - ok
08:42:46.0032 6008 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:42:46.0132 6008 tdx - ok
08:42:46.0152 6008 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
08:42:46.0182 6008 TermDD - ok
08:42:46.0272 6008 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:42:46.0382 6008 TermService - ok
08:42:46.0402 6008 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:42:46.0442 6008 Themes - ok
08:42:46.0472 6008 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:42:46.0562 6008 THREADORDER - ok
08:42:46.0592 6008 TPDIGIMN (55b7fe3e1d3b616bdc4e9ea48d92d6e6) C:\Windows\system32\DRIVERS\ApsHM64.sys
08:42:46.0602 6008 TPDIGIMN - ok
08:42:46.0632 6008 TPHDEXLGSVC (f0684c62ed8fd3061cd488ecfc851022) C:\Windows\system32\TPHDEXLG64.exe
08:42:46.0652 6008 TPHDEXLGSVC - ok
08:42:46.0732 6008 TPHKLOAD (83415782d47f8064fcafea308abb2246) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
08:42:46.0762 6008 TPHKLOAD - ok
08:42:46.0792 6008 TPHKSVC (c04bb65441913ab621c58a8bd3169b23) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
08:42:46.0822 6008 TPHKSVC - ok
08:42:46.0852 6008 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
08:42:46.0892 6008 TPM - ok
08:42:46.0922 6008 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
08:42:46.0942 6008 TPPWRIF - ok
08:42:46.0982 6008 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:42:47.0092 6008 TrkWks - ok
08:42:47.0152 6008 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:42:47.0252 6008 TrustedInstaller - ok
08:42:47.0272 6008 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:42:47.0362 6008 tssecsrv - ok
08:42:47.0392 6008 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:42:47.0432 6008 TsUsbFlt - ok
08:42:47.0452 6008 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:42:47.0482 6008 TsUsbGD - ok
08:42:47.0522 6008 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:42:47.0612 6008 tunnel - ok
08:42:47.0652 6008 TVTI2C (4daae0413cd4e816258838e2fafb3147) C:\Windows\system32\DRIVERS\Tvti2c.sys
08:42:47.0672 6008 TVTI2C - ok
08:42:47.0702 6008 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:42:47.0722 6008 uagp35 - ok
08:42:47.0772 6008 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:42:47.0872 6008 udfs - ok
08:42:47.0912 6008 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:42:47.0962 6008 UI0Detect - ok
08:42:48.0032 6008 UleadBurningHelper (be788a747457e6916586c410ec0111e7) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
08:42:48.0042 6008 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
08:42:48.0042 6008 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
08:42:48.0082 6008 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:42:48.0102 6008 uliagpkx - ok
08:42:48.0132 6008 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:42:48.0172 6008 umbus - ok
08:42:48.0192 6008 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:42:48.0222 6008 UmPass - ok
08:42:48.0272 6008 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
08:42:48.0322 6008 UmRdpService - ok
08:42:48.0592 6008 UNS (a69cd6bdb82872999d2e46f9324ada83) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
08:42:48.0722 6008 UNS - ok
08:42:48.0892 6008 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:42:48.0992 6008 upnphost - ok
08:42:49.0072 6008 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
08:42:49.0102 6008 usbaudio - ok
08:42:49.0132 6008 usbccgp (ebf228a52517042de4f38a40285bc8d9) C:\Windows\system32\DRIVERS\usbccgp.sys
08:42:49.0162 6008 usbccgp - ok
08:42:49.0202 6008 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:42:49.0242 6008 usbcir - ok
08:42:49.0262 6008 usbehci (6b3d5e6a9da786ec755b00bc180c700b) C:\Windows\system32\drivers\usbehci.sys
08:42:49.0292 6008 usbehci - ok
08:42:49.0352 6008 usbhub (94abe9da48e466bbe84c73e0c6652ed1) C:\Windows\system32\DRIVERS\usbhub.sys
08:42:49.0402 6008 usbhub - ok
08:42:49.0432 6008 usbohci (660b2c08ce7103e71eaa26f85b0b0a56) C:\Windows\system32\drivers\usbohci.sys
08:42:49.0452 6008 usbohci - ok
08:42:49.0492 6008 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:42:49.0532 6008 usbprint - ok
08:42:49.0572 6008 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:42:49.0602 6008 usbscan - ok
08:42:49.0632 6008 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:42:49.0672 6008 USBSTOR - ok
08:42:49.0692 6008 usbuhci (1529632fc96032d337b298f8a285d640) C:\Windows\system32\drivers\usbuhci.sys
08:42:49.0722 6008 usbuhci - ok
08:42:49.0772 6008 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
08:42:49.0822 6008 usbvideo - ok
08:42:49.0852 6008 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:42:49.0952 6008 UxSms - ok
08:42:49.0982 6008 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:42:50.0012 6008 VaultSvc - ok
08:42:50.0062 6008 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:42:50.0082 6008 vdrvroot - ok
08:42:50.0162 6008 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:42:50.0262 6008 vds - ok
08:42:50.0292 6008 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:42:50.0322 6008 vga - ok
08:42:50.0342 6008 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:42:50.0432 6008 VgaSave - ok
08:42:50.0472 6008 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:42:50.0502 6008 vhdmp - ok
08:42:50.0532 6008 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:42:50.0552 6008 viaide - ok
08:42:50.0582 6008 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
08:42:50.0612 6008 vmbus - ok
08:42:50.0622 6008 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
08:42:50.0662 6008 VMBusHID - ok
08:42:50.0682 6008 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:42:50.0702 6008 volmgr - ok
08:42:50.0752 6008 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:42:50.0792 6008 volmgrx - ok
08:42:50.0842 6008 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:42:50.0872 6008 volsnap - ok
08:42:50.0912 6008 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
08:42:50.0942 6008 vsmraid - ok
08:42:51.0112 6008 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:42:51.0242 6008 VSS - ok
08:42:51.0372 6008 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:42:51.0412 6008 vwifibus - ok
08:42:51.0442 6008 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:42:51.0502 6008 vwififlt - ok
08:42:51.0562 6008 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:42:51.0662 6008 W32Time - ok
08:42:51.0682 6008 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
08:42:51.0722 6008 WacomPen - ok
08:42:51.0762 6008 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:42:51.0862 6008 WANARP - ok
08:42:51.0862 6008 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:42:51.0952 6008 Wanarpv6 - ok
08:42:52.0112 6008 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:42:52.0202 6008 wbengine - ok
08:42:52.0362 6008 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:42:52.0412 6008 WbioSrvc - ok
08:42:52.0442 6008 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:42:52.0512 6008 wcncsvc - ok
08:42:52.0522 6008 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:42:52.0562 6008 WcsPlugInService - ok
08:42:52.0612 6008 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
08:42:52.0642 6008 Wd - ok
08:42:52.0712 6008 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:42:52.0772 6008 Wdf01000 - ok
08:42:52.0792 6008 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:42:52.0852 6008 WdiServiceHost - ok
08:42:52.0852 6008 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:42:52.0902 6008 WdiSystemHost - ok
08:42:52.0932 6008 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:42:52.0992 6008 WebClient - ok
08:42:53.0022 6008 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:42:53.0132 6008 Wecsvc - ok
08:42:53.0152 6008 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:42:53.0252 6008 wercplsupport - ok
08:42:53.0282 6008 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:42:53.0372 6008 WerSvc - ok
08:42:53.0422 6008 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:42:53.0502 6008 WfpLwf - ok
08:42:53.0532 6008 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:42:53.0552 6008 WIMMount - ok
08:42:53.0562 6008 WinHttpAutoProxySvc - ok
08:42:53.0622 6008 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:42:53.0712 6008 Winmgmt - ok
08:42:53.0882 6008 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:42:54.0032 6008 WinRM - ok
08:42:54.0202 6008 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
08:42:54.0242 6008 WinUsb - ok
08:42:54.0362 6008 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:42:54.0442 6008 Wlansvc - ok
08:42:54.0482 6008 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:42:54.0512 6008 WmiAcpi - ok
08:42:54.0592 6008 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:42:54.0632 6008 wmiApSrv - ok
08:42:54.0672 6008 WMPNetworkSvc - ok
08:42:54.0702 6008 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:42:54.0732 6008 WPCSvc - ok
08:42:54.0752 6008 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:42:54.0792 6008 WPDBusEnum - ok
08:42:54.0812 6008 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:42:54.0892 6008 ws2ifsl - ok
08:42:54.0902 6008 WSearch - ok
08:42:55.0112 6008 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:42:55.0242 6008 wuauserv - ok
08:42:55.0382 6008 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:42:55.0472 6008 WudfPf - ok
08:42:55.0502 6008 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:42:55.0592 6008 WUDFRd - ok
08:42:55.0622 6008 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:42:55.0712 6008 wudfsvc - ok
08:42:55.0742 6008 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:42:55.0792 6008 WwanSvc - ok
08:42:55.0832 6008 MBR (0x1B8) (b85b50c6a0d35ae5861c76696621a9fc) \Device\Harddisk0\DR0
08:42:56.0302 6008 \Device\Harddisk0\DR0 - ok
08:42:56.0312 6008 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR2
08:42:57.0372 6008 \Device\Harddisk1\DR2 - ok
08:42:57.0392 6008 Boot (0x1200) (b319c3ca87af16c9981175ec4d827b15) \Device\Harddisk0\DR0\Partition0
08:42:57.0392 6008 \Device\Harddisk0\DR0\Partition0 - ok
08:42:57.0402 6008 Boot (0x1200) (ff72a23b70f57aa11800f0c895d7a2ca) \Device\Harddisk0\DR0\Partition1
08:42:57.0412 6008 \Device\Harddisk0\DR0\Partition1 - ok
08:42:57.0432 6008 Boot (0x1200) (4d7b5619e5fd76b47f38e73bec3d03b1) \Device\Harddisk0\DR0\Partition2
08:42:57.0432 6008 \Device\Harddisk0\DR0\Partition2 - ok
08:42:57.0452 6008 Boot (0x1200) (b85535610a46a83cede7e1449f4cea38) \Device\Harddisk0\DR0\Partition3
08:42:57.0462 6008 \Device\Harddisk0\DR0\Partition3 - ok
08:42:57.0462 6008 Boot (0x1200) (dfea88f2e3588e6a86f963abc6621316) \Device\Harddisk1\DR2\Partition0
08:42:57.0472 6008 \Device\Harddisk1\DR2\Partition0 - ok
08:42:57.0472 6008 ============================================================
08:42:57.0472 6008 Scan finished
08:42:57.0472 6008 ============================================================
08:42:57.0482 6016 Detected object count: 1
08:42:57.0482 6016 Actual detected object count: 1
08:43:49.0292 6016 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
08:43:49.0292 6016 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
wenjin Geändert von wenjin (16.07.2012 um 07:46 Uhr) |
| Themen zu TR/ATRAPS.Gen und TR/ATRAPS.Gen2 |
| 7-zip, 80000000.@, antivir, avg, bho, converter, error, explorer, festplatte, firefox, flash player, format, install.exe, lenovo, logfile, mozilla, mp3, nvidia, nvidia update, nvpciflt.sys, opera, plug-in, popup, pwmtr64v.dll, registry, rundll, saving, scan, searchscopes, security, senden, sigcheck, software, tr/atraps.gen und tr/atraps.gen2, trojaner, unsignedfile.multi.generic, usb, usb 3.0 |
Baum-Darstellung