| |
| |||||||
Log-Analyse und Auswertung: Trojaner MitB PC 2Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
02.05.2013, 19:28
| #1 |
 |  Trojaner MitB PC 2 Und hier der Log des zweiten PCs OTL logfile created on: 02.05.2013 19:22:18 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,97 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 47,43% Memory free 3,93 Gb Paging File | 2,83 Gb Available in Paging File | 71,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 377,97 Gb Free Space | 81,17% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.02 18:26:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.11.02 16:37:08 | 001,668,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\ipoint.exe PRC - [2012.11.02 16:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\itype.exe PRC - [2012.01.23 04:06:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\SCHTASK.EXE PRC - [2011.11.04 16:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011.11.01 14:19:00 | 000,936,208 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2011.11.01 14:03:54 | 000,481,552 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2011.10.20 13:09:32 | 000,363,584 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2011.10.20 13:09:18 | 000,269,376 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe PRC - [2011.10.20 13:09:16 | 000,134,208 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2011.10.20 11:58:46 | 000,101,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe PRC - [2011.07.12 19:03:34 | 000,064,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\LVOSDSVC.exe PRC - [2011.07.12 17:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe PRC - [2011.07.12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2011.06.10 14:47:26 | 001,033,528 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2011.04.24 22:01:02 | 000,219,008 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHVE.EXE PRC - [2011.04.24 22:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE PRC - [2011.03.08 14:21:18 | 000,138,168 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.23 14:29:44 | 000,586,280 | R--- | M] (Ericsson AB) -- C:\Programme\Mobile Broadband Drivers\WMCore\mini_WMCore.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.04.23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2010.04.02 15:48:58 | 000,057,096 | ---- | M] (UPEK Inc.) -- C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe PRC - [2009.04.15 17:00:42 | 000,208,896 | R--- | M] () -- C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe PRC - [2009.04.15 16:41:22 | 000,315,392 | R--- | M] (Lenovo) -- C:\Programme\Lenovo\ATK Hotkey\LFKA.exe PRC - [2009.04.15 15:57:58 | 000,077,824 | R--- | M] (ATK0101) -- C:\Programme\Lenovo\ATK Hotkey\LControl.exe PRC - [2009.02.13 16:39:02 | 000,094,208 | R--- | M] () -- C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe PRC - [2009.02.13 15:45:54 | 000,094,208 | R--- | M] () -- C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe ========== Modules (No Company Name) ========== MOD - [2012.01.23 04:06:00 | 000,054,784 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.09.25 16:29:08 | 000,247,096 | ---- | M] () -- C:\Programme\Common Files\Lenovo\CDRecord.dll MOD - [2007.03.09 16:16:52 | 000,106,496 | R--- | M] () -- C:\Programme\Lenovo\ATK Hotkey\AGFNEX.dll ========== Services (SafeList) ========== SRV - [2013.04.29 20:01:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.21 11:20:33 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012.01.23 04:06:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc) SRV - [2012.01.23 04:06:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2011.12.15 19:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2011.11.01 14:19:00 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2011.11.01 14:03:54 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2011.10.20 13:09:18 | 000,269,376 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2011.10.20 13:09:16 | 000,134,208 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.07.12 17:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2011.07.12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011.06.10 14:47:26 | 001,033,528 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2011.04.24 22:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE -- (EPSON_PM_RPCV4_05) SRV - [2011.02.23 14:29:44 | 000,586,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.04.15 17:00:42 | 000,208,896 | R--- | M] () [Auto | Running] -- C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe -- (LFKAS) SRV - [2009.02.13 16:39:02 | 000,094,208 | R--- | M] () [Auto | Running] -- C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.02.13 15:45:54 | 000,094,208 | R--- | M] () [Auto | Running] -- C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETw5s32.sys -- (NETw5s32) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwrchid.sys -- (btwrchid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwavdt.sys -- (btwavdt) DRV - [2013.04.27 09:53:47 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps) DRV - [2013.04.27 09:53:47 | 000,044,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi) DRV - [2013.04.27 09:53:46 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2012.10.17 14:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.08.02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2012.06.19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2012.02.21 16:19:46 | 000,032,824 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd) DRV - [2012.01.23 04:06:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF) DRV - [2011.12.15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2011.08.03 18:27:18 | 007,517,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) DRV - [2011.07.28 19:37:10 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2011.03.29 20:14:08 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf) DRV - [2011.03.29 20:12:16 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN) DRV - [2010.12.01 17:02:30 | 000,087,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l36wgps.sys -- (l36wgps) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.10.31 17:43:08 | 000,413,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3Mdm.sys -- (Mbm3Mdm) DRV - [2010.10.31 17:43:08 | 000,396,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) DRV - [2010.10.31 17:43:08 | 000,361,032 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3CBus.sys -- (Mbm3CBus) DRV - [2010.10.31 17:43:08 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3mdfl.sys -- (Mbm3mdfl) DRV - [2010.09.07 15:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2010.06.17 17:13:08 | 000,045,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2010.02.23 20:25:34 | 000,026,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wwanussf.sys -- (ecnssndisfltr) DRV - [2010.02.23 20:25:32 | 000,023,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wwanuss.sys -- (ecnssndis) DRV - [2009.10.13 16:12:02 | 000,220,200 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WwanUsbMp.sys -- (WwanUsbServ) DRV - [2009.10.09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.09.15 13:30:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2009.09.15 12:36:18 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2009.09.07 18:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.06.04 22:44:28 | 000,014,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PuAcpi32.sys -- (MTsensor32) DRV - [2009.03.13 13:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) DRV - [2008.10.21 11:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.10.21 11:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008.10.21 11:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008.10.21 11:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.10.21 11:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008.10.21 11:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) DRV - [2008.10.21 11:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.05.16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2007.07.24 11:09:04 | 000,013,880 | R--- | M] () [Kernel | Auto | Running] -- C:\Programme\Lenovo\ATK Hotkey\ASMMAP.sys -- (ASMMAP) DRV - [2000.01.01 02:00:00 | 000,127,488 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\..\SearchScopes,DefaultScope = {82ED8678-AED9-461C-A47F-19669953151F} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{82ED8678-AED9-461C-A47F-19669953151F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.27 09:54:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.27 09:54:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.27 09:53:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.27 09:53:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.27 09:53:59 | 000,000,000 | ---D | M] [2010.11.14 14:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions O1 HOSTS File: ([2012.03.01 11:14:56 | 000,000,929 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 192.168.205.10 sbs-server.procmas.local O1 - Hosts: 192.168.206.10 pmsbs.procmas.local O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHVE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites) O15 - HKCU\..Trusted Domains: googlemail.com ([]https in Trusted sites) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP12-14923/webex/ieatgpc1.cab (GpcContainer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FD1AAFB-A91B-4136-BA2C-ACB2CBCE54BC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88F98A2F-4E7A-4811-8503-DB4F4BC2A8EA}: NameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C294DF5B-8B9F-41FA-90BF-BF38FC055020}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E768B23C-01B1-4370-983F-D50096DED064}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ea9ae69b-64e4-11e0-9c43-028037ec0200}\Shell - "" = AutoRun O33 - MountPoints2\{ea9ae69b-64e4-11e0-9c43-028037ec0200}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.02 18:25:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.04.29 21:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.04.29 21:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers ========== Files - Modified Within 30 Days ========== [2013.05.02 19:21:42 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable [2013.05.02 19:20:52 | 000,377,856 | ---- | M] () -- C:\Users\*****\Desktop\gmer_2.1.19163.exe [2013.05.02 19:20:15 | 000,050,477 | ---- | M] () -- C:\Users\*****\Desktop\Defogger.exe [2013.05.02 19:10:02 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job [2013.05.02 19:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.02 18:41:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3164677393-2529824498-908953145-1001UA.job [2013.05.02 18:26:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.05.02 18:12:15 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.02 18:12:15 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.02 18:06:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.02 18:05:34 | 1583,321,088 | -HS- | M] () -- C:\hiberfil.sys [2013.04.30 05:58:29 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.04.29 21:19:21 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk [2013.04.29 20:41:04 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3164677393-2529824498-908953145-1001Core.job [2013.04.29 20:05:31 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.29 20:05:31 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.29 20:05:31 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.29 20:05:31 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.27 09:53:47 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kneps.sys [2013.04.27 09:53:47 | 000,044,432 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kltdi.sys [2013.04.27 09:53:46 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys [2013.04.27 09:53:45 | 000,074,848 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klflt.sys [2013.04.14 09:15:56 | 000,418,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.05.02 19:21:42 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable [2013.05.02 19:20:51 | 000,377,856 | ---- | C] () -- C:\Users\*****\Desktop\gmer_2.1.19163.exe [2013.05.02 19:20:15 | 000,050,477 | ---- | C] () -- C:\Users\*****\Desktop\Defogger.exe [2013.04.30 05:58:29 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.04.29 21:19:21 | 000,002,455 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk [2012.12.21 15:14:31 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2012.12.21 14:57:01 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.12.21 14:57:00 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2012.12.21 14:56:56 | 000,000,259 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012.02.21 15:17:49 | 000,030,028 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat [2011.10.29 11:42:05 | 000,007,619 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg [2011.10.28 08:14:12 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db [2011.06.06 09:14:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.05.07 13:52:17 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.03.04 09:15:04 | 000,646,848 | ---- | C] () -- C:\Users\*****\AppData\Local\wanancsp.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.12.01 09:51:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Azureus [2012.02.22 10:00:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited [2011.12.01 09:51:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2010.07.30 15:19:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lenovo [2012.02.20 19:51:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MyPhoneExplorer [2012.10.06 13:45:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia [2012.02.20 20:36:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia Suite [2012.10.06 13:59:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC Suite [2011.05.03 14:14:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PCDr [2012.02.21 16:48:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PwrMgr [2012.02.22 11:05:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer [2011.05.03 14:06:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Update [2012.01.20 12:55:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\VG Solutions ========== Purity Check ========== < End of report > GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-05-02 20:12:59 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-26A0RT0 rev.01.01A01 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\*****\AppData\Local\Temp\pwdiypod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x8EC7B6BA] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x8EC2EC02] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0x8EC2EF4A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x8EC2F390] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x8EC1728C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x8EC2E8DC] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x8EC17804] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x8EC176EA] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0x8EC2EDAE] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x8EC7E528] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x8EC17924] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x8EC7D9BC] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x8EC7DBFC] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0x8EC7D660] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0x8EC2EE7C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x8EC7D506] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x8EC172D0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x8EC7B7FC] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x8EC7B464] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x8EC7E320] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x8EC2D06C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x8EC1789A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x8EC1777A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x8EC7D0AE] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x8EC7E7D4] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x8EC179BA] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x8EC7D718] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x8EC17A44] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x8EC2D27A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x8EC7E1D4] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x8EC2F174] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x8EC2F002] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0x8EC2F0B8] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x8EC2F1E4] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x8EC7DEFE] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x8EC2EA6A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x8EC7E05C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x8EC17AE6] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x8EC7B56E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x8EC7D24E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x8EC7DDA6] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x8EC17AF8] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x8EC7D3AE] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x8EC7D8B8] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x8EC7E93C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x8EC7E666] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83851A09 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8388B1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 8389222C 4 Bytes [BA, B6, C7, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83892254 8 Bytes [02, EC, C2, 8E, 4A, EF, C2, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 1143 83892298 4 Bytes [90, F3, C2, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 116F 838922C4 4 Bytes [8C, 72, C1, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 838922E8 4 Bytes CALL D765B1AF .text ... ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys Device \Driver\BTHUSB \Device\00000082 bthport.sys Device \Driver\BTHUSB \Device\00000084 bthport.sys AttachedDevice \Driver\tdx \Device\Udp kltdi.sys AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20@001fe498e862 0xE6 0xBC 0x42 0xB8 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20@303855343428 0xE3 0xDD 0x40 0x6E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607689c6b9 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607689c6b9@f81edf616114 0x2A 0xC8 0x58 0xD9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ?????????????????????????????????????o??????????Microsoft????????m???????????????n??????????????????????????????????????????????????????6-21-2006???????????? ???????????????????N????????????D????????????????????????????????????????????????????????LegacyDriver????????????????????????????????????????????????? ????e???????????????????????????4??s-???????????????????????l???????h??????????????????Mikrofon????machine.inf:INTEL_SYS.NTx86:PCI_DRV:6.1.7601.17514  ci\ven_8086&dev_2940????Intel(R) ICH9 Family PCI Express Root Port 1 - 2940?????? ?????????????????????1?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????#?????????? ???????????????????????????#?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????????Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???p???????p????????????Microsoft????????u??? ???????p???????????n?9?????? ????? ????????????????p???q???????z??HIDClass?????????????p??????????TDI?????????????system32\drivers\rdprefmp.sys???Microsoft???? ???????o???????????|????????(?4?c???????????X??????l?????e&P???????????????????????????}??????????????????????????????????? 0??????????????????q??Tdx?nsi?????? ???????s?????p?????n?9????????H?????????????(?????????p???????????????????????????????????????????Sy??????????????t???? ???????o?????q????Pq?2??????$?h?d???????????N??p?????????e????@%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p?????h??p????????h?????%SystemRoot%\system32\svchost.exe -k NetworkService???????N??p?????????n????@%SystemRoot%\System32\dnsapi.dll,-102?????????q0????p??? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????q????TDI?????????????????t??????? ?????????????,? q???????????????????p???????????e??????????????????????? F??q???????????????q????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlo Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20@001fe498e862 0xE6 0xBC 0x42 0xB8 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20@303855343428 0xE3 0xDD 0x40 0x6E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607689c6b9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607689c6b9@f81edf616114 0x2A 0xC8 0x58 0xD9 ... Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ?????????????e???6???6??????????????????????7&2642e261&0??????????????????????N??????.?????.?.??oem34.inf???????????oem34.inf???? ???????t???????????t????????<????? ??????????????????????????e?????????????????????????e??????????????????????????????? ???????o???????????l??????????b???????????@%systemroot%\system32\drivers\mup.sys,-101???????2??u????????h?????\SystemRoot\system32\drivers\mpio.sys?????$??t??????p???Boot Bus Extender?????L??t???????????d??mpio.inf_x86_neutral_5406d6d4bb64c599??????????~????? N?????????????????????????????????????? 0??z???????????????????v???U??????????Sy??? ???????o???????????z??????????L???????????????????????t?????????????????????????????????????????L??t????????h??????????????????????????Z?????????????g ??????????????????:??t????????h?????system32\drivers\MSKSSRV.sys??????D??t?????????e????Microsoft Streaming Service Proxy???????????????????????????????????????? ???????o???????????p??????????\???????????? F?????? ???????m??LegacyDriver?????????????.??t???????????????t?????????? Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???o????????????????????????????????????t???`???????? ???????o?????o???????????????????? ???????????? ???????o??????????????????????????????????\SystemRoot\system32\drivers\CompositeBus.sys???Busenumeratortreiber f?r Verbundger?te???v??\SystemRoot\System32\drivers\dxgkrnl.sys?????????|?|?????????&???????l???r???h??ODiag???????????????????Microsoft?????????????????? ??????l?l?m?o?o?l?o???????????r?r?????o??????????????@%SystemRoot%\system32\drivers\fileinfo.sys,-100????@%SystemRoot%\system32\drivers\fltmgr.sys,-10001????@%SystemRoot%\system32\drivers\fvevol.sys,-100??????????????\SystemRoot\system32\drivers\HDAudBus.sys???@%SystemRoot%\system32\drivers\http.sys,-1????????b??o?????????e??????????????????*??o?????????e??????????????????????T??p????????h??????p????0??o???w?????ewa??system32\drivers\HTTP.sys?????? ????????? p???p??8.0.219.0?????X??????&???&?????????????????s????????????????????GEAR ASPI Filter Driver??????????????p???y?z? ????????????4??o????????h?????0683??????<??o????????h???????<??p????????h???? ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Eine Datei "Extra" wurde auch hier nicht abgelegt! |
|
03.05.2013, 05:40
| #2 |
| /// Malwareteam    | Trojaner MitB PC 2 Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
03.05.2013, 18:58
| #3 |
| | Trojaner MitB PC 2 #OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 03.05.2013 18:42:21 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,97 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,79% Memory free 3,93 Gb Paging File | 2,97 Gb Available in Paging File | 75,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 378,05 Gb Free Space | 81,19% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.02 18:26:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.11.02 16:37:08 | 001,668,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\ipoint.exe PRC - [2012.11.02 16:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\itype.exe PRC - [2012.01.23 04:06:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\SCHTASK.EXE PRC - [2011.11.04 16:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011.11.01 14:19:00 | 000,936,208 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2011.11.01 14:03:54 | 000,481,552 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2011.10.20 13:09:32 | 000,363,584 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2011.10.20 13:09:18 | 000,269,376 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe PRC - [2011.10.20 13:09:16 | 000,134,208 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2011.10.20 11:58:46 | 000,101,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe PRC - [2011.07.12 19:03:34 | 000,064,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\LVOSDSVC.exe PRC - [2011.07.12 17:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe PRC - [2011.07.12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2011.06.10 14:47:26 | 001,033,528 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2011.04.24 22:01:02 | 000,219,008 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHVE.EXE PRC - [2011.04.24 22:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE PRC - [2011.03.08 14:21:18 | 000,138,168 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.23 14:29:44 | 000,586,280 | R--- | M] (Ericsson AB) -- C:\Programme\Mobile Broadband Drivers\WMCore\mini_WMCore.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.04.23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2010.04.02 15:48:58 | 000,057,096 | ---- | M] (UPEK Inc.) -- C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe PRC - [2009.04.15 17:00:42 | 000,208,896 | R--- | M] () -- C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe PRC - [2009.04.15 16:41:22 | 000,315,392 | R--- | M] (Lenovo) -- C:\Programme\Lenovo\ATK Hotkey\LFKA.exe PRC - [2009.04.15 15:57:58 | 000,077,824 | R--- | M] (ATK0101) -- C:\Programme\Lenovo\ATK Hotkey\LControl.exe PRC - [2009.02.13 16:39:02 | 000,094,208 | R--- | M] () -- C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe PRC - [2009.02.13 15:45:54 | 000,094,208 | R--- | M] () -- C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe ========== Modules (No Company Name) ========== MOD - [2012.01.23 04:06:00 | 000,054,784 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.03.09 16:16:52 | 000,106,496 | R--- | M] () -- C:\Programme\Lenovo\ATK Hotkey\AGFNEX.dll ========== Services (SafeList) ========== SRV - [2013.04.29 20:01:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.21 11:20:33 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012.01.23 04:06:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc) SRV - [2012.01.23 04:06:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2011.12.15 19:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2011.11.01 14:19:00 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2011.11.01 14:03:54 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2011.10.20 13:09:18 | 000,269,376 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2011.10.20 13:09:16 | 000,134,208 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.07.12 17:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2011.07.12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011.06.10 14:47:26 | 001,033,528 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2011.04.24 22:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE -- (EPSON_PM_RPCV4_05) SRV - [2011.02.23 14:29:44 | 000,586,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.04.15 17:00:42 | 000,208,896 | R--- | M] () [Auto | Running] -- C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe -- (LFKAS) SRV - [2009.02.13 16:39:02 | 000,094,208 | R--- | M] () [Auto | Running] -- C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.02.13 15:45:54 | 000,094,208 | R--- | M] () [Auto | Running] -- C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETw5s32.sys -- (NETw5s32) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwrchid.sys -- (btwrchid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwavdt.sys -- (btwavdt) DRV - [2013.04.27 09:53:47 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps) DRV - [2013.04.27 09:53:47 | 000,044,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi) DRV - [2013.04.27 09:53:46 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2012.10.17 14:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.08.02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2012.06.19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2012.02.21 16:19:46 | 000,032,824 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd) DRV - [2012.01.23 04:06:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF) DRV - [2011.12.15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2011.08.03 18:27:18 | 007,517,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) DRV - [2011.07.28 19:37:10 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2011.03.29 20:14:08 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf) DRV - [2011.03.29 20:12:16 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN) DRV - [2010.12.01 17:02:30 | 000,087,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l36wgps.sys -- (l36wgps) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.10.31 17:43:08 | 000,413,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3Mdm.sys -- (Mbm3Mdm) DRV - [2010.10.31 17:43:08 | 000,396,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) DRV - [2010.10.31 17:43:08 | 000,361,032 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3CBus.sys -- (Mbm3CBus) DRV - [2010.10.31 17:43:08 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3mdfl.sys -- (Mbm3mdfl) DRV - [2010.09.07 15:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2010.06.17 17:13:08 | 000,045,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2010.02.23 20:25:34 | 000,026,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wwanussf.sys -- (ecnssndisfltr) DRV - [2010.02.23 20:25:32 | 000,023,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wwanuss.sys -- (ecnssndis) DRV - [2009.10.13 16:12:02 | 000,220,200 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WwanUsbMp.sys -- (WwanUsbServ) DRV - [2009.10.09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.09.15 13:30:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2009.09.15 12:36:18 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2009.09.07 18:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.06.04 22:44:28 | 000,014,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PuAcpi32.sys -- (MTsensor32) DRV - [2009.03.13 13:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) DRV - [2008.10.21 11:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.10.21 11:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008.10.21 11:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008.10.21 11:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.10.21 11:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008.10.21 11:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) DRV - [2008.10.21 11:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.05.16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2007.07.24 11:09:04 | 000,013,880 | R--- | M] () [Kernel | Auto | Running] -- C:\Programme\Lenovo\ATK Hotkey\ASMMAP.sys -- (ASMMAP) DRV - [2000.01.01 02:00:00 | 000,127,488 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\..\SearchScopes,DefaultScope = {82ED8678-AED9-461C-A47F-19669953151F} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{82ED8678-AED9-461C-A47F-19669953151F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.27 09:54:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.27 09:54:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.27 09:53:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.27 09:53:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.27 09:53:59 | 000,000,000 | ---D | M] [2010.11.14 14:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions O1 HOSTS File: ([2012.03.01 11:14:56 | 000,000,929 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 192.168.205.10 sbs-server.procmas.local O1 - Hosts: 192.168.206.10 pmsbs.procmas.local O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHVE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites) O15 - HKCU\..Trusted Domains: googlemail.com ([]https in Trusted sites) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP12-14923/webex/ieatgpc1.cab (GpcContainer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FD1AAFB-A91B-4136-BA2C-ACB2CBCE54BC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88F98A2F-4E7A-4811-8503-DB4F4BC2A8EA}: NameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C294DF5B-8B9F-41FA-90BF-BF38FC055020}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E768B23C-01B1-4370-983F-D50096DED064}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ea9ae69b-64e4-11e0-9c43-028037ec0200}\Shell - "" = AutoRun O33 - MountPoints2\{ea9ae69b-64e4-11e0-9c43-028037ec0200}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.02 18:25:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.04.29 21:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.04.29 21:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers ========== Files - Modified Within 30 Days ========== [2013.05.03 18:42:47 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.03 18:42:47 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.03 18:41:11 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3164677393-2529824498-908953145-1001UA.job [2013.05.03 18:36:41 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job [2013.05.03 18:34:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.03 18:34:41 | 1583,321,088 | -HS- | M] () -- C:\hiberfil.sys [2013.05.02 20:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.02 19:21:42 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable [2013.05.02 19:20:52 | 000,377,856 | ---- | M] () -- C:\Users\*****\Desktop\gmer_2.1.19163.exe [2013.05.02 19:20:15 | 000,050,477 | ---- | M] () -- C:\Users\*****\Desktop\Defogger.exe [2013.05.02 18:26:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.04.30 05:58:29 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.04.29 21:19:21 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk [2013.04.29 20:41:04 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3164677393-2529824498-908953145-1001Core.job [2013.04.29 20:05:31 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.29 20:05:31 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.29 20:05:31 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.29 20:05:31 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.27 09:53:47 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kneps.sys [2013.04.27 09:53:47 | 000,044,432 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kltdi.sys [2013.04.27 09:53:46 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys [2013.04.27 09:53:45 | 000,074,848 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klflt.sys [2013.04.14 09:15:56 | 000,418,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.05.02 19:21:42 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable [2013.05.02 19:20:51 | 000,377,856 | ---- | C] () -- C:\Users\*****\Desktop\gmer_2.1.19163.exe [2013.05.02 19:20:15 | 000,050,477 | ---- | C] () -- C:\Users\*****\Desktop\Defogger.exe [2013.04.30 05:58:29 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.04.29 21:19:21 | 000,002,455 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk [2012.12.21 15:14:31 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2012.12.21 14:57:01 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.12.21 14:57:00 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2012.12.21 14:56:56 | 000,000,259 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012.02.21 15:17:49 | 000,030,028 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat [2011.10.29 11:42:05 | 000,007,619 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg [2011.10.28 08:14:12 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db [2011.06.06 09:14:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.05.07 13:52:17 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.03.04 09:15:04 | 000,646,848 | ---- | C] () -- C:\Users\*****\AppData\Local\wanancsp.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.12.01 09:51:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Azureus [2012.02.22 10:00:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited [2011.12.01 09:51:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2010.07.30 15:19:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lenovo [2012.02.20 19:51:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MyPhoneExplorer [2012.10.06 13:45:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia [2012.02.20 20:36:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia Suite [2012.10.06 13:59:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC Suite [2011.05.03 14:14:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PCDr [2012.02.21 16:48:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PwrMgr [2012.02.22 11:05:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer [2011.05.03 14:06:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Update [2012.01.20 12:55:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\VG Solutions ========== Purity Check ========== < End of report > GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-03 19:54:39
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-26A0RT0 rev.01.01A01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\*****\AppData\Local\Temp\pwdiypod.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x8E6826BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x8E635C02]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0x8E635F4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x8E636390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x8E61E28C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x8E6358DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x8E61E804]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x8E61E6EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0x8E635DAE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x8E685528]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x8E61E924]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x8E6849BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x8E684BFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0x8E684660]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0x8E635E7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x8E684506]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x8E61E2D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x8E6827FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x8E682464]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x8E685320]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x8E63406C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x8E61E89A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x8E61E77A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x8E6840AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x8E6857D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x8E61E9BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x8E684718]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x8E61EA44]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x8E63427A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x8E6851D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x8E636174]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x8E636002]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0x8E6360B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x8E6361E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x8E684EFE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x8E635A6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x8E68505C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x8E61EAE6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x8E68256E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x8E68424E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x8E684DA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x8E61EAF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x8E6843AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x8E6848B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x8E68593C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x8E685666]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83881A09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 838BB1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 838C222C 4 Bytes [BA, 26, 68, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 838C2254 8 Bytes [02, 5C, 63, 8E, 4A, 5F, 63, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 838C2298 4 Bytes [90, 63, 63, 8E] {NOP ; ARPL [EBX-0x72], SP}
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 838C22C4 4 Bytes [8C, E2, 61, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 838C22E8 4 Bytes [DC, 58, 63, 8E]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys
Device \Driver\BTHUSB \Device\00000098 bthport.sys
Device \Driver\BTHUSB \Device\0000009a bthport.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20@001fe498e862 0xE6 0xBC 0x42 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20@303855343428 0xE3 0xDD 0x40 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607689c6b9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607689c6b9@f81edf616114 0x2A 0xC8 0x58 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ?????????????????????????????????????o??????????Microsoft????????m???????????????n??????????????????????????????????????????????????????6-21-2006???????????? ???????????????????N????????????D????????????????????????????????????????????????????????LegacyDriver?????????????????????????????????????????????????????e???????????????????????????4??s-???????????????????????l???????h??????????????????Mikrofon????machine.inf:INTEL_SYS.NTx86:PCI_DRV:6.1.7601.17514:pci\ven_8086&dev_2940????Intel(R) ICH9 Family PCI Express Root Port 1 - 2940?????? ?????????????????????1?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????#?????????????????????????????????????#???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???p???????p????????????Microsoft????????u??? ???????p???????????n?9?????? ????? ????????????????p???q???????z??HIDClass?????????????p??????????TDI?????????????system32\drivers\rdprefmp.sys???Microsoft???? ???????o???????????|????????(?4?c???????????X??????l?????e&P???????????????????????????}??????????????????????????????????? 0??????????????????q??Tdx?nsi?????? ???????s?????p?????n?9????????H?????????????(?????????p???????????????????????????????????????????Sy??????????????t???? ???????o?????q????Pq?2??????$?h?d???????????N??p?????????e????@%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p?????h??p????????h?????%SystemRoot%\system32\svchost.exe -k NetworkService???????N??p?????????n????@%SystemRoot%\System32\dnsapi.dll,-102?????????q0????p??? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????q????TDI?????????????????t??????? ?????????????,? q???????????????????p???????????e??????????????????????? F??q???????????????q????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlo
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20@001fe498e862 0xE6 0xBC 0x42 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20@303855343428 0xE3 0xDD 0x40 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607689c6b9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607689c6b9@f81edf616114 0x2A 0xC8 0x58 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ?????????????e???6???6??????????????????????7&2642e261&0??????????????????????N??????.?????.?.??oem34.inf???????????oem34.inf???? ???????t???????????t????????<????? ??????????????????????????e?????????????????????????e??????????????????????????????? ???????o???????????l??????????b???????????@%systemroot%\system32\drivers\mup.sys,-101???????2??u????????h?????\SystemRoot\system32\drivers\mpio.sys?????$??t??????p???Boot Bus Extender?????L??t???????????d??mpio.inf_x86_neutral_5406d6d4bb64c599??????????~????? N?????????????????????????????????????? 0??z???????????????????v???U??????????Sy??? ???????o???????????z??????????L???????????????????????t?????????????????????????????????????????L??t????????h??????????????????????????Z?????????????g??????????????????:??t????????h?????system32\drivers\MSKSSRV.sys??????D??t?????????e????Microsoft Streaming Service Proxy???????????????????????????????????????? ???????o???????????p??????????\???????????? F?????? ???????m??LegacyDriver?????????????.??t???????????????t?????P????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???o????????????????????????????????????t???`???????? ???????o?????o???????????????????? ???????????? ???????o??????????????????????????????????\SystemRoot\system32\drivers\CompositeBus.sys???Busenumeratortreiber f?r Verbundger?te???v??\SystemRoot\System32\drivers\dxgkrnl.sys?????????|?|?????????&???????l???r???h??ODiag???????????????????Microsoft????????????????????????l?l?m?o?o?l?o???????????r?r?????o??????????????@%SystemRoot%\system32\drivers\fileinfo.sys,-100????@%SystemRoot%\system32\drivers\fltmgr.sys,-10001????@%SystemRoot%\system32\drivers\fvevol.sys,-100??????????????\SystemRoot\system32\drivers\HDAudBus.sys???@%SystemRoot%\system32\drivers\http.sys,-1????????b??o?????????e??????????????????*??o?????????e??????????????????????T??p????????h??????p????0??o???w?????ewa??system32\drivers\HTTP.sys??????????????? p???p??8.0.219.0?????X??????&???&?????????????????s????????????????????GEAR ASPI Filter Driver??????????????p???y?z? ????????????4??o????????h?????ON????????<??o????????h???????<??p????????h????
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-03 19:54:39
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-26A0RT0 rev.01.01A01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\*****\AppData\Local\Temp\pwdiypod.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x8E6826BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x8E635C02]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0x8E635F4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x8E636390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x8E61E28C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x8E6358DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x8E61E804]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x8E61E6EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0x8E635DAE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x8E685528]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x8E61E924]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x8E6849BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x8E684BFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0x8E684660]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0x8E635E7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x8E684506]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x8E61E2D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x8E6827FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x8E682464]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x8E685320]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x8E63406C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x8E61E89A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x8E61E77A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x8E6840AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x8E6857D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x8E61E9BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x8E684718]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x8E61EA44]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x8E63427A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x8E6851D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x8E636174]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x8E636002]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0x8E6360B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x8E6361E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x8E684EFE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x8E635A6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x8E68505C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x8E61EAE6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x8E68256E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x8E68424E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x8E684DA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x8E61EAF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x8E6843AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x8E6848B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x8E68593C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x8E685666]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83881A09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 838BB1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 838C222C 4 Bytes [BA, 26, 68, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 838C2254 8 Bytes [02, 5C, 63, 8E, 4A, 5F, 63, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 838C2298 4 Bytes [90, 63, 63, 8E] {NOP ; ARPL [EBX-0x72], SP}
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 838C22C4 4 Bytes [8C, E2, 61, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 838C22E8 4 Bytes [DC, 58, 63, 8E]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys
Device \Driver\BTHUSB \Device\00000098 bthport.sys
Device \Driver\BTHUSB \Device\0000009a bthport.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20@001fe498e862 0xE6 0xBC 0x42 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20@303855343428 0xE3 0xDD 0x40 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607689c6b9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607689c6b9@f81edf616114 0x2A 0xC8 0x58 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ?????????????????????????????????????o??????????Microsoft????????m???????????????n??????????????????????????????????????????????????????6-21-2006???????????? ???????????????????N????????????D????????????????????????????????????????????????????????LegacyDriver?????????????????????????????????????????????????????e???????????????????????????4??s-???????????????????????l???????h??????????????????Mikrofon????machine.inf:INTEL_SYS.NTx86:PCI_DRV:6.1.7601.17514:pci\ven_8086&dev_2940????Intel(R) ICH9 Family PCI Express Root Port 1 - 2940?????? ?????????????????????1?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????#?????????????????????????????????????#???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???p???????p????????????Microsoft????????u??? ???????p???????????n?9?????? ????? ????????????????p???q???????z??HIDClass?????????????p??????????TDI?????????????system32\drivers\rdprefmp.sys???Microsoft???? ???????o???????????|????????(?4?c???????????X??????l?????e&P???????????????????????????}??????????????????????????????????? 0??????????????????q??Tdx?nsi?????? ???????s?????p?????n?9????????H?????????????(?????????p???????????????????????????????????????????Sy??????????????t???? ???????o?????q????Pq?2??????$?h?d???????????N??p?????????e????@%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p?????h??p????????h?????%SystemRoot%\system32\svchost.exe -k NetworkService???????N??p?????????n????@%SystemRoot%\System32\dnsapi.dll,-102?????????q0????p??? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????q????TDI?????????????????t??????? ?????????????,? q???????????????????p???????????e??????????????????????? F??q???????????????q????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlo
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20@001fe498e862 0xE6 0xBC 0x42 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20@303855343428 0xE3 0xDD 0x40 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607689c6b9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607689c6b9@f81edf616114 0x2A 0xC8 0x58 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ?????????????e???6???6??????????????????????7&2642e261&0??????????????????????N??????.?????.?.??oem34.inf???????????oem34.inf???? ???????t???????????t????????<????? ??????????????????????????e?????????????????????????e??????????????????????????????? ???????o???????????l??????????b???????????@%systemroot%\system32\drivers\mup.sys,-101???????2??u????????h?????\SystemRoot\system32\drivers\mpio.sys?????$??t??????p???Boot Bus Extender?????L??t???????????d??mpio.inf_x86_neutral_5406d6d4bb64c599??????????~????? N?????????????????????????????????????? 0??z???????????????????v???U??????????Sy??? ???????o???????????z??????????L???????????????????????t?????????????????????????????????????????L??t????????h??????????????????????????Z?????????????g??????????????????:??t????????h?????system32\drivers\MSKSSRV.sys??????D??t?????????e????Microsoft Streaming Service Proxy???????????????????????????????????????? ???????o???????????p??????????\???????????? F?????? ???????m??LegacyDriver?????????????.??t???????????????t?????P????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???o????????????????????????????????????t???`???????? ???????o?????o???????????????????? ???????????? ???????o??????????????????????????????????\SystemRoot\system32\drivers\CompositeBus.sys???Busenumeratortreiber f?r Verbundger?te???v??\SystemRoot\System32\drivers\dxgkrnl.sys?????????|?|?????????&???????l???r???h??ODiag???????????????????Microsoft????????????????????????l?l?m?o?o?l?o???????????r?r?????o??????????????@%SystemRoot%\system32\drivers\fileinfo.sys,-100????@%SystemRoot%\system32\drivers\fltmgr.sys,-10001????@%SystemRoot%\system32\drivers\fvevol.sys,-100??????????????\SystemRoot\system32\drivers\HDAudBus.sys???@%SystemRoot%\system32\drivers\http.sys,-1????????b??o?????????e??????????????????*??o?????????e??????????????????????T??p????????h??????p????0??o???w?????ewa??system32\drivers\HTTP.sys??????????????? p???p??8.0.219.0?????X??????&???&?????????????????s????????????????????GEAR ASPI Filter Driver??????????????p???y?z? ????????????4??o????????h?????ON????????<??o????????h???????<??p????????h????
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Geändert von daalbock (03.05.2013 um 19:12 Uhr) |
|
03.05.2013, 19:11
| #4 |
| | Trojaner MitB PC 2Code:
ATTFilter 20:01:24.0459 4344 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:01:24.0506 4344 ============================================================
20:01:24.0506 4344 Current date / time: 2013/05/03 20:01:24.0506
20:01:24.0506 4344 SystemInfo:
20:01:24.0506 4344
20:01:24.0506 4344 OS Version: 6.1.7601 ServicePack: 1.0
20:01:24.0506 4344 Product type: Workstation
20:01:24.0506 4344 ComputerName: *****-PC
20:01:24.0506 4344 UserName: *****
20:01:24.0506 4344 Windows directory: C:\Windows
20:01:24.0506 4344 System windows directory: C:\Windows
20:01:24.0506 4344 Processor architecture: Intel x86
20:01:24.0506 4344 Number of processors: 2
20:01:24.0506 4344 Page size: 0x1000
20:01:24.0506 4344 Boot type: Normal boot
20:01:24.0506 4344 ============================================================
20:01:25.0848 4344 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:01:25.0848 4344 ============================================================
20:01:25.0848 4344 \Device\Harddisk0\DR0:
20:01:25.0848 4344 MBR partitions:
20:01:25.0848 4344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:01:25.0848 4344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
20:01:25.0848 4344 ============================================================
20:01:26.0128 4344 C: <-> \Device\Harddisk0\DR0\Partition2
20:01:26.0128 4344 ============================================================
20:01:26.0128 4344 Initialize success
20:01:26.0128 4344 ============================================================
20:01:28.0141 4240 ============================================================
20:01:28.0141 4240 Scan started
20:01:28.0141 4240 Mode: Manual;
20:01:28.0141 4240 ============================================================
20:01:29.0794 4240 ================ Scan system memory ========================
20:01:29.0794 4240 System memory - ok
20:01:29.0794 4240 ================ Scan services =============================
20:01:30.0294 4240 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:01:30.0309 4240 1394ohci - ok
20:01:30.0356 4240 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:01:30.0356 4240 ACPI - ok
20:01:30.0387 4240 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:01:30.0387 4240 AcpiPmi - ok
20:01:30.0512 4240 [ 1933DB4808793F3BD7AB34A39A809425 ] AcPrfMgrSvc C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
20:01:30.0512 4240 AcPrfMgrSvc - ok
20:01:30.0543 4240 [ E7AF543334B21D84124709061A9AE4D7 ] AcSvc C:\Program Files\Lenovo\Access Connections\AcSvc.exe
20:01:30.0543 4240 AcSvc - ok
20:01:30.0652 4240 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:01:30.0652 4240 AdobeARMservice - ok
20:01:30.0746 4240 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:01:30.0762 4240 AdobeFlashPlayerUpdateSvc - ok
20:01:30.0808 4240 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:01:30.0824 4240 adp94xx - ok
20:01:30.0871 4240 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:01:30.0871 4240 adpahci - ok
20:01:30.0902 4240 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:01:30.0918 4240 adpu320 - ok
20:01:30.0949 4240 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:01:30.0949 4240 AeLookupSvc - ok
20:01:31.0011 4240 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
20:01:31.0011 4240 AFD - ok
20:01:31.0058 4240 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:01:31.0058 4240 agp440 - ok
20:01:31.0105 4240 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:01:31.0105 4240 aic78xx - ok
20:01:31.0136 4240 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:01:31.0136 4240 ALG - ok
20:01:31.0167 4240 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
20:01:31.0167 4240 aliide - ok
20:01:31.0214 4240 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:01:31.0214 4240 amdagp - ok
20:01:31.0230 4240 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
20:01:31.0230 4240 amdide - ok
20:01:31.0261 4240 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:01:31.0261 4240 AmdK8 - ok
20:01:31.0276 4240 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:01:31.0276 4240 AmdPPM - ok
20:01:31.0339 4240 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:01:31.0339 4240 amdsata - ok
20:01:31.0354 4240 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:01:31.0354 4240 amdsbs - ok
20:01:31.0370 4240 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:01:31.0370 4240 amdxata - ok
20:01:31.0432 4240 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
20:01:31.0432 4240 AppID - ok
20:01:31.0464 4240 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:01:31.0464 4240 AppIDSvc - ok
20:01:31.0510 4240 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
20:01:31.0510 4240 Appinfo - ok
20:01:31.0620 4240 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:01:31.0620 4240 Apple Mobile Device - ok
20:01:31.0651 4240 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
20:01:31.0651 4240 AppMgmt - ok
20:01:31.0682 4240 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:01:31.0682 4240 arc - ok
20:01:31.0713 4240 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:01:31.0713 4240 arcsas - ok
20:01:31.0760 4240 [ AD699ABB71C9BEA804D5FE02CC32708B ] ASLDRService C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
20:01:31.0760 4240 ASLDRService - ok
20:01:31.0776 4240 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
20:01:31.0776 4240 ASMMAP - ok
20:01:31.0807 4240 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:01:31.0807 4240 AsyncMac - ok
20:01:31.0838 4240 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
20:01:31.0838 4240 atapi - ok
20:01:31.0916 4240 [ 614A60AEE03A6151FDCBAC295854A9CB ] athr C:\Windows\system32\DRIVERS\athr.sys
20:01:31.0932 4240 athr - ok
20:01:31.0947 4240 [ F62CA1881D057A98AB8C4BA2020D3D0E ] ATKGFNEXSrv C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
20:01:31.0963 4240 ATKGFNEXSrv - ok
20:01:32.0010 4240 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:01:32.0010 4240 AudioEndpointBuilder - ok
20:01:32.0025 4240 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:01:32.0025 4240 Audiosrv - ok
20:01:32.0119 4240 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
20:01:32.0134 4240 AVP - ok
20:01:32.0181 4240 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:01:32.0181 4240 AxInstSV - ok
20:01:32.0244 4240 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:01:32.0244 4240 b06bdrv - ok
20:01:32.0290 4240 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:01:32.0290 4240 b57nd60x - ok
20:01:32.0353 4240 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:01:32.0353 4240 BDESVC - ok
20:01:32.0384 4240 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:01:32.0384 4240 Beep - ok
20:01:32.0431 4240 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
20:01:32.0431 4240 BFE - ok
20:01:32.0493 4240 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
20:01:32.0493 4240 BITS - ok
20:01:32.0524 4240 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:01:32.0524 4240 blbdrive - ok
20:01:32.0618 4240 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:01:32.0618 4240 Bonjour Service - ok
20:01:32.0665 4240 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:01:32.0665 4240 bowser - ok
20:01:32.0696 4240 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:01:32.0696 4240 BrFiltLo - ok
20:01:32.0712 4240 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:01:32.0712 4240 BrFiltUp - ok
20:01:32.0758 4240 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
20:01:32.0758 4240 Browser - ok
20:01:32.0790 4240 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:01:32.0790 4240 Brserid - ok
20:01:32.0821 4240 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:01:32.0821 4240 BrSerWdm - ok
20:01:32.0868 4240 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:01:32.0868 4240 BrUsbMdm - ok
20:01:32.0883 4240 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:01:32.0883 4240 BrUsbSer - ok
20:01:32.0930 4240 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:01:32.0930 4240 BthEnum - ok
20:01:32.0946 4240 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:01:32.0946 4240 BTHMODEM - ok
20:01:32.0977 4240 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:01:32.0977 4240 BthPan - ok
20:01:33.0008 4240 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:01:33.0008 4240 BTHPORT - ok
20:01:33.0039 4240 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:01:33.0039 4240 bthserv - ok
20:01:33.0055 4240 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:01:33.0055 4240 BTHUSB - ok
20:01:33.0102 4240 [ DD5361CF05025BD61A5D0115ECC2566F ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
20:01:33.0102 4240 btusbflt - ok
20:01:33.0133 4240 btwavdt - ok
20:01:33.0148 4240 btwl2cap - ok
20:01:33.0164 4240 btwrchid - ok
20:01:33.0195 4240 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:01:33.0195 4240 cdfs - ok
20:01:33.0273 4240 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:01:33.0273 4240 cdrom - ok
20:01:33.0320 4240 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
20:01:33.0320 4240 CertPropSvc - ok
20:01:33.0336 4240 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:01:33.0336 4240 circlass - ok
20:01:33.0382 4240 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:01:33.0382 4240 CLFS - ok
20:01:33.0460 4240 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:01:33.0460 4240 clr_optimization_v2.0.50727_32 - ok
20:01:33.0523 4240 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:01:33.0538 4240 clr_optimization_v4.0.30319_32 - ok
20:01:33.0554 4240 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:01:33.0554 4240 CmBatt - ok
20:01:33.0601 4240 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:01:33.0601 4240 cmdide - ok
20:01:33.0648 4240 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
20:01:33.0663 4240 CNG - ok
20:01:33.0694 4240 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:01:33.0694 4240 Compbatt - ok
20:01:33.0726 4240 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:01:33.0726 4240 CompositeBus - ok
20:01:33.0741 4240 COMSysApp - ok
20:01:33.0788 4240 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:01:33.0788 4240 crcdisk - ok
20:01:33.0835 4240 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:01:33.0835 4240 CryptSvc - ok
20:01:33.0882 4240 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
20:01:33.0882 4240 CSC - ok
20:01:33.0960 4240 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
20:01:33.0960 4240 CscService - ok
20:01:34.0038 4240 [ 90F8539FA0DE4AAFE4FDBE7F95D6A512 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
20:01:34.0053 4240 dc3d - ok
20:01:34.0084 4240 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:01:34.0084 4240 DcomLaunch - ok
20:01:34.0131 4240 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:01:34.0131 4240 defragsvc - ok
20:01:34.0178 4240 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:01:34.0178 4240 DfsC - ok
20:01:34.0240 4240 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:01:34.0240 4240 Dhcp - ok
20:01:34.0272 4240 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:01:34.0272 4240 discache - ok
20:01:34.0287 4240 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:01:34.0303 4240 Disk - ok
20:01:34.0318 4240 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:01:34.0334 4240 Dnscache - ok
20:01:34.0365 4240 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
20:01:34.0365 4240 dot3svc - ok
20:01:34.0412 4240 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
20:01:34.0412 4240 DPS - ok
20:01:34.0443 4240 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:01:34.0443 4240 drmkaud - ok
20:01:34.0506 4240 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:01:34.0506 4240 DXGKrnl - ok
20:01:34.0537 4240 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:01:34.0552 4240 EapHost - ok
20:01:34.0646 4240 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:01:34.0724 4240 ebdrv - ok
20:01:34.0771 4240 [ E922BC274FBD736B41020872C8AAC390 ] ecnssndis C:\Windows\system32\Drivers\wwanuss.sys
20:01:34.0771 4240 ecnssndis - ok
20:01:34.0802 4240 [ 15CA5CD73A30398C89247B3C5E933044 ] ecnssndisfltr C:\Windows\system32\Drivers\wwanussf.sys
20:01:34.0802 4240 ecnssndisfltr - ok
20:01:34.0833 4240 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
20:01:34.0833 4240 EFS - ok
20:01:34.0911 4240 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:01:34.0911 4240 ehRecvr - ok
20:01:34.0942 4240 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
20:01:34.0942 4240 ehSched - ok
20:01:34.0989 4240 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:01:34.0989 4240 elxstor - ok
20:01:35.0052 4240 [ CEF06A8DF4BA42673F3297759FD62E80 ] EPSON_PM_RPCV4_05 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
20:01:35.0052 4240 EPSON_PM_RPCV4_05 - ok
20:01:35.0098 4240 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:01:35.0098 4240 ErrDev - ok
20:01:35.0145 4240 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:01:35.0145 4240 EventSystem - ok
20:01:35.0348 4240 [ 67FAAD0A3C1257646E2B6C5027DB6193 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:01:35.0364 4240 EvtEng - ok
20:01:35.0395 4240 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:01:35.0395 4240 exfat - ok
20:01:35.0442 4240 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:01:35.0442 4240 fastfat - ok
20:01:35.0488 4240 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
20:01:35.0504 4240 Fax - ok
20:01:35.0520 4240 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:01:35.0520 4240 fdc - ok
20:01:35.0551 4240 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:01:35.0551 4240 fdPHost - ok
20:01:35.0566 4240 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:01:35.0566 4240 FDResPub - ok
20:01:35.0582 4240 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:01:35.0582 4240 FileInfo - ok
20:01:35.0598 4240 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:01:35.0613 4240 Filetrace - ok
20:01:35.0629 4240 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:01:35.0629 4240 flpydisk - ok
20:01:35.0644 4240 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:01:35.0644 4240 FltMgr - ok
20:01:35.0722 4240 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
20:01:35.0738 4240 FontCache - ok
20:01:35.0800 4240 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:01:35.0800 4240 FontCache3.0.0.0 - ok
20:01:35.0816 4240 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:01:35.0816 4240 FsDepends - ok
20:01:35.0863 4240 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:01:35.0863 4240 Fs_Rec - ok
20:01:35.0910 4240 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:01:35.0910 4240 fvevol - ok
20:01:35.0941 4240 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:01:35.0941 4240 gagp30kx - ok
20:01:36.0003 4240 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:01:36.0003 4240 GEARAspiWDM - ok
20:01:36.0066 4240 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
20:01:36.0066 4240 gpsvc - ok
20:01:36.0128 4240 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:01:36.0128 4240 hcw85cir - ok
20:01:36.0175 4240 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:01:36.0190 4240 HdAudAddService - ok
20:01:36.0222 4240 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:01:36.0222 4240 HDAudBus - ok
20:01:36.0253 4240 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:01:36.0253 4240 HidBatt - ok
20:01:36.0268 4240 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:01:36.0268 4240 HidBth - ok
20:01:36.0300 4240 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:01:36.0300 4240 HidIr - ok
20:01:36.0331 4240 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
20:01:36.0331 4240 hidserv - ok
20:01:36.0378 4240 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:01:36.0378 4240 HidUsb - ok
20:01:36.0409 4240 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:01:36.0424 4240 hkmsvc - ok
20:01:36.0456 4240 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:01:36.0456 4240 HomeGroupListener - ok
20:01:36.0502 4240 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:01:36.0502 4240 HomeGroupProvider - ok
20:01:36.0565 4240 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:01:36.0565 4240 HpSAMD - ok
20:01:36.0612 4240 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:01:36.0612 4240 HTTP - ok
20:01:36.0658 4240 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:01:36.0674 4240 hwpolicy - ok
20:01:36.0705 4240 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:01:36.0705 4240 i8042prt - ok
20:01:36.0768 4240 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:01:36.0783 4240 iaStorV - ok
20:01:36.0830 4240 [ 4A8AB38FDF3649C1FE3E9D16BF79927D ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
20:01:36.0830 4240 IBMPMDRV - ok
20:01:36.0830 4240 [ BB5CB196922C9F57598AE98C036DE246 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
20:01:36.0830 4240 IBMPMSVC - ok
20:01:36.0939 4240 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:01:36.0955 4240 IDriverT - ok
20:01:37.0033 4240 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:01:37.0048 4240 idsvc - ok
20:01:37.0282 4240 [ 1EC36A3CA56B0A31B4920399EE6D77EB ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
20:01:37.0470 4240 igfx - ok
20:01:37.0501 4240 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:01:37.0501 4240 iirsp - ok
20:01:37.0563 4240 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
20:01:37.0579 4240 IKEEXT - ok
20:01:37.0641 4240 [ 81486F0EB4238B65C317F97DE246C4AC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
20:01:37.0641 4240 IntcHdmiAddService - ok
20:01:37.0657 4240 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
20:01:37.0657 4240 intelide - ok
20:01:37.0704 4240 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:01:37.0704 4240 intelppm - ok
20:01:37.0735 4240 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:01:37.0750 4240 IPBusEnum - ok
20:01:37.0766 4240 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:01:37.0766 4240 IpFilterDriver - ok
20:01:37.0813 4240 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:01:37.0828 4240 iphlpsvc - ok
20:01:37.0860 4240 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:01:37.0875 4240 IPMIDRV - ok
20:01:37.0891 4240 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:01:37.0891 4240 IPNAT - ok
20:01:38.0047 4240 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:01:38.0062 4240 iPod Service - ok
20:01:38.0140 4240 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:01:38.0140 4240 IRENUM - ok
20:01:38.0265 4240 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:01:38.0265 4240 isapnp - ok
20:01:38.0343 4240 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:01:38.0343 4240 iScsiPrt - ok
20:01:38.0406 4240 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:01:38.0406 4240 kbdclass - ok
20:01:38.0437 4240 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:01:38.0437 4240 kbdhid - ok
20:01:38.0499 4240 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
20:01:38.0499 4240 KeyIso - ok
20:01:38.0764 4240 [ EA26CB00F83686856F2C79673C00C686 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
20:01:38.0764 4240 kl1 - ok
20:01:39.0170 4240 [ BE21AC70BB25B9BA0D79AA510D6BBFCB ] KLIF C:\Windows\system32\DRIVERS\klif.sys
20:01:39.0186 4240 KLIF - ok
20:01:39.0326 4240 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
20:01:39.0326 4240 KLIM6 - ok
20:01:39.0576 4240 [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
20:01:39.0576 4240 klkbdflt - ok
20:01:39.0841 4240 [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
20:01:39.0841 4240 klmouflt - ok
20:01:39.0981 4240 [ E7EFE379B05BB01F13885C5DBE5A4E64 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
20:01:39.0981 4240 kltdi - ok
20:01:40.0044 4240 [ 8F932DF10408BCABA2FCF6163C843F8E ] kneps C:\Windows\system32\DRIVERS\kneps.sys
20:01:40.0059 4240 kneps - ok
20:01:40.0106 4240 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:01:40.0122 4240 KSecDD - ok
20:01:40.0168 4240 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:01:40.0168 4240 KSecPkg - ok
20:01:40.0200 4240 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:01:40.0215 4240 KtmRm - ok
20:01:40.0246 4240 [ 31C584C4F630B253CCEAEA12AB930B64 ] l36wgps C:\Windows\system32\DRIVERS\l36wgps.sys
20:01:40.0262 4240 l36wgps - ok
20:01:40.0387 4240 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
20:01:40.0402 4240 LanmanServer - ok
20:01:40.0512 4240 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:01:40.0512 4240 LanmanWorkstation - ok
20:01:40.0574 4240 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
20:01:40.0574 4240 lenovo.smi - ok
20:01:40.0636 4240 [ 158B67696EC8602CE71F9AA4F14AA96F ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
20:01:40.0636 4240 Lenovo.VIRTSCRLSVC - ok
20:01:40.0652 4240 [ 270723E97CA3B26B82700DC02F082C9F ] LFKAS C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
20:01:40.0652 4240 LFKAS - ok
20:01:40.0824 4240 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:01:40.0824 4240 lltdio - ok
20:01:40.0870 4240 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:01:40.0870 4240 lltdsvc - ok
20:01:40.0886 4240 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:01:40.0886 4240 lmhosts - ok
20:01:40.0933 4240 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:01:40.0948 4240 LSI_FC - ok
20:01:40.0948 4240 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:01:40.0948 4240 LSI_SAS - ok
20:01:40.0980 4240 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:01:40.0980 4240 LSI_SAS2 - ok
20:01:41.0011 4240 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:01:41.0011 4240 LSI_SCSI - ok
20:01:41.0026 4240 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:01:41.0026 4240 luafv - ok
20:01:41.0058 4240 [ 25A7192E0C9224841216F2992E188A6D ] Mbm3CBus C:\Windows\system32\DRIVERS\Mbm3CBus.sys
20:01:41.0073 4240 Mbm3CBus - ok
20:01:41.0120 4240 [ 61CE3D382021A5A6E9826F0F77D7029A ] Mbm3DevMt C:\Windows\system32\DRIVERS\Mbm3DevMt.sys
20:01:41.0120 4240 Mbm3DevMt - ok
20:01:41.0167 4240 [ EAF4A90BBE5B4E5C02FDFFAC86E7A981 ] Mbm3mdfl C:\Windows\system32\DRIVERS\Mbm3mdfl.sys
20:01:41.0167 4240 Mbm3mdfl - ok
20:01:41.0198 4240 [ 6BE23F21DC769DB3D7A2D6C19434AB8E ] Mbm3Mdm C:\Windows\system32\DRIVERS\Mbm3Mdm.sys
20:01:41.0214 4240 Mbm3Mdm - ok
20:01:41.0260 4240 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:01:41.0276 4240 Mcx2Svc - ok
20:01:41.0307 4240 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:01:41.0307 4240 megasas - ok
20:01:41.0338 4240 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:01:41.0338 4240 MegaSR - ok
20:01:41.0385 4240 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:01:41.0385 4240 MMCSS - ok
20:01:41.0385 4240 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:01:41.0385 4240 Modem - ok
20:01:41.0432 4240 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:01:41.0432 4240 monitor - ok
20:01:41.0479 4240 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:01:41.0479 4240 mouclass - ok
20:01:41.0510 4240 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:01:41.0510 4240 mouhid - ok
20:01:41.0541 4240 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:01:41.0541 4240 mountmgr - ok
20:01:41.0588 4240 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
20:01:41.0588 4240 mpio - ok
20:01:41.0604 4240 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:01:41.0619 4240 mpsdrv - ok
20:01:41.0666 4240 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:01:41.0666 4240 MpsSvc - ok
20:01:41.0713 4240 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:01:41.0713 4240 MRxDAV - ok
20:01:41.0760 4240 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:01:41.0760 4240 mrxsmb - ok
20:01:41.0806 4240 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:01:41.0806 4240 mrxsmb10 - ok
20:01:41.0853 4240 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:01:41.0853 4240 mrxsmb20 - ok
20:01:41.0884 4240 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
20:01:41.0900 4240 msahci - ok
20:01:41.0916 4240 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:01:41.0916 4240 msdsm - ok
20:01:41.0947 4240 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:01:41.0947 4240 MSDTC - ok
20:01:41.0994 4240 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:01:41.0994 4240 Msfs - ok
20:01:42.0009 4240 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:01:42.0009 4240 mshidkmdf - ok
20:01:42.0040 4240 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:01:42.0040 4240 msisadrv - ok
20:01:42.0087 4240 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:01:42.0087 4240 MSiSCSI - ok
20:01:42.0087 4240 msiserver - ok
20:01:42.0118 4240 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:01:42.0134 4240 MSKSSRV - ok
20:01:42.0150 4240 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:01:42.0150 4240 MSPCLOCK - ok
20:01:42.0165 4240 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:01:42.0165 4240 MSPQM - ok
20:01:42.0181 4240 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:01:42.0181 4240 MsRPC - ok
20:01:42.0228 4240 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:01:42.0228 4240 mssmbios - ok
20:01:42.0243 4240 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:01:42.0243 4240 MSTEE - ok
20:01:42.0259 4240 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:01:42.0259 4240 MTConfig - ok
20:01:42.0290 4240 [ 648CBE572FFE978BF33B8D7E60AC441B ] MTsensor32 C:\Windows\system32\DRIVERS\PuAcpi32.sys
20:01:42.0290 4240 MTsensor32 - ok
20:01:42.0306 4240 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:01:42.0306 4240 Mup - ok
20:01:42.0352 4240 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
20:01:42.0352 4240 napagent - ok
20:01:42.0399 4240 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:01:42.0399 4240 NativeWifiP - ok
20:01:42.0462 4240 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:01:42.0477 4240 NDIS - ok
20:01:42.0493 4240 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:01:42.0493 4240 NdisCap - ok
20:01:42.0524 4240 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:01:42.0524 4240 NdisTapi - ok
20:01:42.0571 4240 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:01:42.0571 4240 Ndisuio - ok
20:01:42.0602 4240 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:01:42.0602 4240 NdisWan - ok
20:01:42.0633 4240 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:01:42.0633 4240 NDProxy - ok
20:01:42.0680 4240 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
20:01:42.0680 4240 Netaapl - ok
20:01:42.0727 4240 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:01:42.0727 4240 NetBIOS - ok
20:01:42.0774 4240 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:01:42.0774 4240 NetBT - ok
20:01:42.0774 4240 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
20:01:42.0789 4240 Netlogon - ok
20:01:42.0836 4240 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:01:42.0836 4240 Netman - ok
20:01:42.0852 4240 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:01:42.0867 4240 netprofm - ok
20:01:42.0898 4240 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:01:42.0898 4240 NetTcpPortSharing - ok
20:01:42.0930 4240 NETw5s32 - ok
20:01:43.0039 4240 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
20:01:43.0132 4240 netw5v32 - ok
20:01:43.0351 4240 [ 5C979C481981E04919ECBB3B88D54B34 ] NETwNs32 C:\Windows\system32\DRIVERS\NETwNs32.sys
20:01:43.0522 4240 NETwNs32 - ok
20:01:43.0569 4240 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:01:43.0569 4240 nfrd960 - ok
20:01:43.0600 4240 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
20:01:43.0616 4240 NlaSvc - ok
20:01:43.0632 4240 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:01:43.0632 4240 Npfs - ok
20:01:43.0678 4240 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:01:43.0678 4240 nsi - ok
20:01:43.0678 4240 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:01:43.0678 4240 nsiproxy - ok
20:01:43.0741 4240 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:01:43.0788 4240 Ntfs - ok
20:01:43.0803 4240 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:01:43.0803 4240 Null - ok
20:01:43.0834 4240 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:01:43.0834 4240 nvraid - ok
20:01:43.0866 4240 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:01:43.0866 4240 nvstor - ok
20:01:43.0928 4240 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:01:43.0928 4240 nv_agp - ok
20:01:44.0037 4240 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:01:44.0037 4240 odserv - ok
20:01:44.0084 4240 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:01:44.0084 4240 ohci1394 - ok
20:01:44.0162 4240 [ EC322186D8FCE3D632F3F597D67747DD ] OpenVPNService C:\Program Files\OpenVPN\bin\openvpnserv.exe
20:01:44.0162 4240 OpenVPNService - ok
20:01:44.0256 4240 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:01:44.0271 4240 ose - ok
20:01:44.0302 4240 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:01:44.0302 4240 p2pimsvc - ok
20:01:44.0318 4240 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:01:44.0334 4240 p2psvc - ok
20:01:44.0365 4240 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:01:44.0365 4240 Parport - ok
20:01:44.0396 4240 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:01:44.0412 4240 partmgr - ok
20:01:44.0427 4240 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:01:44.0427 4240 Parvdm - ok
20:01:44.0458 4240 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:01:44.0458 4240 PcaSvc - ok
20:01:44.0505 4240 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
20:01:44.0505 4240 pccsmcfd - ok
20:01:44.0536 4240 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:01:44.0536 4240 pci - ok
20:01:44.0583 4240 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:01:44.0583 4240 pciide - ok
20:01:44.0630 4240 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:01:44.0630 4240 pcmcia - ok
20:01:44.0646 4240 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:01:44.0646 4240 pcw - ok
20:01:44.0677 4240 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:01:44.0692 4240 PEAUTH - ok
20:01:44.0739 4240 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:01:44.0755 4240 PeerDistSvc - ok
20:01:44.0833 4240 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:01:44.0880 4240 pla - ok
20:01:44.0942 4240 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:01:44.0942 4240 PlugPlay - ok
20:01:44.0973 4240 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:01:44.0973 4240 PNRPAutoReg - ok
20:01:44.0989 4240 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:01:45.0004 4240 PNRPsvc - ok
20:01:45.0068 4240 [ 083075543F8E696600CE4761087D3FA9 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
20:01:45.0068 4240 Point32 - ok
20:01:45.0115 4240 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:01:45.0115 4240 PolicyAgent - ok
20:01:45.0161 4240 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:01:45.0161 4240 Power - ok
20:01:45.0239 4240 [ 6F51482ADCED13CEBFE0F1054F2116F2 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
20:01:45.0239 4240 Power Manager DBC Service - ok
20:01:45.0271 4240 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:01:45.0286 4240 PptpMiniport - ok
20:01:45.0302 4240 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:01:45.0302 4240 Processor - ok
20:01:45.0349 4240 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
20:01:45.0364 4240 ProfSvc - ok
20:01:45.0364 4240 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:01:45.0364 4240 ProtectedStorage - ok
20:01:45.0411 4240 [ C0446279CF577EFF7EF2A6E0714DA503 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
20:01:45.0411 4240 psadd - ok
20:01:45.0458 4240 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:01:45.0458 4240 Psched - ok
20:01:45.0489 4240 [ AF8B60D65F8B39C4FAC6BE8641923F37 ] PwmEWSvc C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
20:01:45.0489 4240 PwmEWSvc - ok
20:01:45.0567 4240 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:01:45.0598 4240 ql2300 - ok
20:01:45.0629 4240 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:01:45.0629 4240 ql40xx - ok
20:01:45.0661 4240 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:01:45.0676 4240 QWAVE - ok
20:01:45.0692 4240 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:01:45.0692 4240 QWAVEdrv - ok
20:01:45.0707 4240 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:01:45.0707 4240 RasAcd - ok
20:01:45.0739 4240 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:01:45.0739 4240 RasAgileVpn - ok
20:01:45.0754 4240 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:01:45.0754 4240 RasAuto - ok
20:01:45.0785 4240 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:01:45.0785 4240 Rasl2tp - ok
20:01:45.0832 4240 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:01:45.0832 4240 RasMan - ok
20:01:45.0848 4240 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:01:45.0848 4240 RasPppoe - ok
20:01:45.0863 4240 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:01:45.0863 4240 RasSstp - ok
20:01:45.0910 4240 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:01:45.0910 4240 rdbss - ok
20:01:45.0941 4240 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:01:45.0941 4240 rdpbus - ok
20:01:45.0973 4240 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:01:45.0973 4240 RDPCDD - ok
20:01:46.0019 4240 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:01:46.0019 4240 RDPDR - ok
20:01:46.0035 4240 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:01:46.0035 4240 RDPENCDD - ok
20:01:46.0051 4240 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:01:46.0051 4240 RDPREFMP - ok
20:01:46.0129 4240 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:01:46.0129 4240 RdpVideoMiniport - ok
20:01:46.0160 4240 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:01:46.0175 4240 RDPWD - ok
20:01:46.0207 4240 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:01:46.0207 4240 rdyboost - ok
20:01:46.0347 4240 [ 640B77265CE0225ECE46512813F293EA ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:01:46.0347 4240 RegSrvc - ok
20:01:46.0378 4240 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:01:46.0378 4240 RemoteAccess - ok
20:01:46.0425 4240 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:01:46.0425 4240 RemoteRegistry - ok
20:01:46.0456 4240 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:01:46.0472 4240 RFCOMM - ok
20:01:46.0503 4240 [ D65AC8797F0286ED269500747D6290A4 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
20:01:46.0519 4240 rimmptsk - ok
20:01:46.0550 4240 [ 49EC82B44EB93374ED9988DA7E0E0151 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
20:01:46.0550 4240 rimsptsk - ok
20:01:46.0565 4240 [ 3F400C3CCD0818858602DDB37B5DE719 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
20:01:46.0581 4240 rismxdp - ok
20:01:46.0628 4240 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:01:46.0628 4240 RpcEptMapper - ok
20:01:46.0659 4240 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:01:46.0659 4240 RpcLocator - ok
20:01:46.0675 4240 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
20:01:46.0690 4240 RpcSs - ok
20:01:46.0721 4240 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:01:46.0721 4240 rspndr - ok
20:01:46.0784 4240 [ 442F90838EA6D95080C557A16363A71B ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
20:01:46.0784 4240 RTL8167 - ok
20:01:46.0862 4240 [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus C:\Windows\system32\DRIVERS\s0016bus.sys
20:01:46.0862 4240 s0016bus - ok
20:01:46.0909 4240 [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl C:\Windows\system32\DRIVERS\s0016mdfl.sys
20:01:46.0909 4240 s0016mdfl - ok
20:01:46.0940 4240 [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm C:\Windows\system32\DRIVERS\s0016mdm.sys
20:01:46.0955 4240 s0016mdm - ok
20:01:46.0987 4240 [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt C:\Windows\system32\DRIVERS\s0016mgmt.sys
20:01:46.0987 4240 s0016mgmt - ok
20:01:47.0018 4240 [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5 C:\Windows\system32\DRIVERS\s0016nd5.sys
20:01:47.0018 4240 s0016nd5 - ok
20:01:47.0065 4240 [ 36792935847143E4A3CDA0DC87248487 ] s0016obex C:\Windows\system32\DRIVERS\s0016obex.sys
20:01:47.0080 4240 s0016obex - ok
20:01:47.0111 4240 [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic C:\Windows\system32\DRIVERS\s0016unic.sys
20:01:47.0111 4240 s0016unic - ok
20:01:47.0158 4240 [ 594FF5620661D1386475406E78CB6F2F ] s0017bus C:\Windows\system32\DRIVERS\s0017bus.sys
20:01:47.0158 4240 s0017bus - ok
20:01:47.0205 4240 [ 7258F550419D543BC5C8E80C578A5D54 ] s0017mdfl C:\Windows\system32\DRIVERS\s0017mdfl.sys
20:01:47.0205 4240 s0017mdfl - ok
20:01:47.0236 4240 [ 1DE4F6607FEB17A15DBD4F1B139E6D2F ] s0017mdm C:\Windows\system32\DRIVERS\s0017mdm.sys
20:01:47.0236 4240 s0017mdm - ok
20:01:47.0252 4240 [ 9814E6BACC06D2526CD52981C7EEEDF0 ] s0017mgmt C:\Windows\system32\DRIVERS\s0017mgmt.sys
20:01:47.0267 4240 s0017mgmt - ok
20:01:47.0314 4240 [ 2C62CD58225973F26682CD4F783DDEDE ] s0017nd5 C:\Windows\system32\DRIVERS\s0017nd5.sys
20:01:47.0314 4240 s0017nd5 - ok
20:01:47.0330 4240 [ F87C3422E84B2FB1B43E0A26247AD5A5 ] s0017obex C:\Windows\system32\DRIVERS\s0017obex.sys
20:01:47.0330 4240 s0017obex - ok
20:01:47.0345 4240 [ DF5E7360A0AFA5956BF75DA683D0679F ] s0017unic C:\Windows\system32\DRIVERS\s0017unic.sys
20:01:47.0345 4240 s0017unic - ok
20:01:47.0392 4240 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:01:47.0392 4240 s3cap - ok
20:01:47.0408 4240 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:01:47.0408 4240 SamSs - ok
20:01:47.0455 4240 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:01:47.0455 4240 sbp2port - ok
20:01:47.0486 4240 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:01:47.0486 4240 SCardSvr - ok
20:01:47.0517 4240 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:01:47.0517 4240 scfilter - ok
20:01:47.0564 4240 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:01:47.0579 4240 Schedule - ok
20:01:47.0611 4240 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:01:47.0611 4240 SCPolicySvc - ok
20:01:47.0657 4240 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
20:01:47.0657 4240 sdbus - ok
20:01:47.0689 4240 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:01:47.0689 4240 SDRSVC - ok
20:01:47.0735 4240 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:01:47.0735 4240 secdrv - ok
20:01:47.0751 4240 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:01:47.0767 4240 seclogon - ok
20:01:47.0782 4240 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
20:01:47.0782 4240 SENS - ok
20:01:47.0813 4240 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:01:47.0829 4240 SensrSvc - ok
20:01:47.0860 4240 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:01:47.0860 4240 Serenum - ok
20:01:47.0891 4240 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:01:47.0891 4240 Serial - ok
20:01:47.0938 4240 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:01:47.0938 4240 sermouse - ok
20:01:48.0047 4240 [ 289E853881E688286AD24299FCC485D8 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:01:48.0063 4240 ServiceLayer - ok
20:01:48.0110 4240 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:01:48.0125 4240 SessionEnv - ok
20:01:48.0141 4240 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:01:48.0157 4240 sffdisk - ok
20:01:48.0172 4240 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:01:48.0172 4240 sffp_mmc - ok
20:01:48.0188 4240 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:01:48.0188 4240 sffp_sd - ok
20:01:48.0203 4240 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:01:48.0219 4240 sfloppy - ok
20:01:48.0250 4240 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:01:48.0250 4240 SharedAccess - ok
20:01:48.0281 4240 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:01:48.0281 4240 ShellHWDetection - ok
20:01:48.0328 4240 [ 1624530D05155F4E5A4736531523BFF5 ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
20:01:48.0328 4240 Shockprf - ok
20:01:48.0375 4240 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:01:48.0375 4240 sisagp - ok
20:01:48.0406 4240 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:01:48.0406 4240 SiSRaid2 - ok
20:01:48.0437 4240 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:01:48.0437 4240 SiSRaid4 - ok
20:01:48.0453 4240 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:01:48.0453 4240 Smb - ok
20:01:48.0500 4240 [ 0B9C01236D25BDCB37AA79DC59DFB7D3 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
20:01:48.0500 4240 smihlp - ok
20:01:48.0547 4240 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:01:48.0562 4240 SNMPTRAP - ok
20:01:48.0625 4240 [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
20:01:48.0625 4240 Sony Ericsson PCCompanion - ok
20:01:48.0656 4240 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:01:48.0656 4240 spldr - ok
20:01:48.0703 4240 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
20:01:48.0703 4240 Spooler - ok
20:01:48.0812 4240 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:01:48.0905 4240 sppsvc - ok
20:01:48.0952 4240 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:01:48.0952 4240 sppuinotify - ok
20:01:48.0983 4240 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:01:48.0983 4240 srv - ok
20:01:49.0030 4240 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:01:49.0030 4240 srv2 - ok
20:01:49.0061 4240 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:01:49.0077 4240 SrvHsfHDA - ok
20:01:49.0108 4240 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:01:49.0139 4240 SrvHsfV92 - ok
20:01:49.0171 4240 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
20:01:49.0171 4240 SrvHsfWinac - ok
20:01:49.0202 4240 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:01:49.0202 4240 srvnet - ok
20:01:49.0233 4240 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:01:49.0233 4240 SSDPSRV - ok
20:01:49.0249 4240 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:01:49.0264 4240 SstpSvc - ok
20:01:49.0280 4240 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:01:49.0295 4240 stexstor - ok
20:01:49.0327 4240 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:01:49.0342 4240 StiSvc - ok
20:01:49.0373 4240 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:01:49.0389 4240 storflt - ok
20:01:49.0405 4240 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
20:01:49.0405 4240 StorSvc - ok
20:01:49.0436 4240 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:01:49.0436 4240 storvsc - ok
20:01:49.0483 4240 [ 6EA2F517373771CAC5188E82617C9C0B ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
20:01:49.0483 4240 SUService - ok
20:01:49.0529 4240 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
20:01:49.0529 4240 swenum - ok
20:01:49.0561 4240 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:01:49.0576 4240 swprv - ok
20:01:49.0639 4240 [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:01:49.0639 4240 SynTP - ok
20:01:49.0701 4240 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:01:49.0748 4240 SysMain - ok
20:01:49.0779 4240 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:01:49.0795 4240 TabletInputService - ok
20:01:49.0841 4240 [ 8CF6E2AE1707D82E904ECCA68CEF8B87 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
20:01:49.0841 4240 tap0901 - ok
20:01:49.0888 4240 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:01:49.0888 4240 TapiSrv - ok
20:01:49.0919 4240 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:01:49.0935 4240 TBS - ok
20:01:49.0997 4240 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:01:50.0044 4240 Tcpip - ok
20:01:50.0075 4240 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:01:50.0075 4240 TCPIP6 - ok
20:01:50.0122 4240 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:01:50.0122 4240 tcpipreg - ok
20:01:50.0169 4240 [ 56F3F2EA80865A888192F556DDA98155 ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
20:01:50.0169 4240 TcUsb - ok
20:01:50.0216 4240 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:01:50.0216 4240 TDPIPE - ok
20:01:50.0247 4240 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:01:50.0247 4240 TDTCP - ok
20:01:50.0294 4240 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:01:50.0294 4240 tdx - ok
20:01:50.0325 4240 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:01:50.0325 4240 TermDD - ok
20:01:50.0372 4240 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:01:50.0387 4240 TermService - ok
20:01:50.0403 4240 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:01:50.0419 4240 Themes - ok
20:01:50.0481 4240 [ 6EF4145EC552A95E01BE4EA31A9AC21F ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
20:01:50.0512 4240 ThinkVantage Registry Monitor Service - ok
20:01:50.0528 4240 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:01:50.0528 4240 THREADORDER - ok
20:01:50.0543 4240 [ D2378FBBD668D9FE9B6B5E3139D506D3 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
20:01:50.0543 4240 TPDIGIMN - ok
20:01:50.0559 4240 [ A34A1E6B5461273846D30F5898602A72 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
20:01:50.0559 4240 TPHDEXLGSVC - ok
20:01:50.0637 4240 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
20:01:50.0637 4240 TPHKSVC - ok
20:01:50.0653 4240 [ C16EC6A5390904D3971179553852025B ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
20:01:50.0653 4240 TPPWRIF - ok
20:01:50.0684 4240 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:01:50.0684 4240 TrkWks - ok
20:01:50.0746 4240 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:01:50.0762 4240 TrustedInstaller - ok
20:01:50.0855 4240 [ 57138BEEDEA832293291036DDF611569 ] TSSCoreService C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
20:01:50.0887 4240 TSSCoreService - ok
20:01:50.0918 4240 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:01:50.0918 4240 tssecsrv - ok
20:01:50.0965 4240 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:01:50.0965 4240 TsUsbFlt - ok
20:01:51.0011 4240 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:01:51.0011 4240 tunnel - ok
20:01:51.0105 4240 [ 4581A61AD590BC3CCDF2759D0BDD69FC ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
20:01:51.0152 4240 TVT Backup Service - ok
20:01:51.0183 4240 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:01:51.0183 4240 uagp35 - ok
20:01:51.0214 4240 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:01:51.0214 4240 udfs - ok
20:01:51.0261 4240 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:01:51.0261 4240 UI0Detect - ok
20:01:51.0292 4240 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:01:51.0292 4240 uliagpkx - ok
20:01:51.0355 4240 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:01:51.0355 4240 umbus - ok
20:01:51.0386 4240 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:01:51.0386 4240 UmPass - ok
20:01:51.0433 4240 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
20:01:51.0433 4240 UmRdpService - ok
20:01:51.0464 4240 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:01:51.0464 4240 upnphost - ok
20:01:51.0511 4240 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:01:51.0511 4240 USBAAPL - ok
20:01:51.0542 4240 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:01:51.0542 4240 usbccgp - ok
20:01:51.0589 4240 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:01:51.0589 4240 usbcir - ok
20:01:51.0635 4240 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:01:51.0651 4240 usbehci - ok
20:01:51.0667 4240 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:01:51.0667 4240 usbhub - ok
20:01:51.0698 4240 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:01:51.0698 4240 usbohci - ok
20:01:51.0729 4240 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:01:51.0729 4240 usbprint - ok
20:01:51.0776 4240 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\Windows\system32\drivers\usbser.sys
20:01:51.0791 4240 usbser - ok
20:01:51.0807 4240 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:01:51.0807 4240 USBSTOR - ok
20:01:51.0854 4240 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:01:51.0854 4240 usbuhci - ok
20:01:51.0916 4240 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:01:51.0916 4240 usbvideo - ok
20:01:51.0947 4240 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:01:51.0947 4240 UxSms - ok
20:01:51.0963 4240 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:01:51.0979 4240 VaultSvc - ok
20:01:51.0994 4240 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:01:51.0994 4240 vdrvroot - ok
20:01:52.0041 4240 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:01:52.0057 4240 vds - ok
20:01:52.0088 4240 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:01:52.0088 4240 vga - ok
20:01:52.0103 4240 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:01:52.0103 4240 VgaSave - ok
20:01:52.0150 4240 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:01:52.0166 4240 vhdmp - ok
20:01:52.0181 4240 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:01:52.0181 4240 viaagp - ok
20:01:52.0197 4240 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:01:52.0197 4240 ViaC7 - ok
20:01:52.0244 4240 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:01:52.0244 4240 viaide - ok
20:01:52.0275 4240 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:01:52.0275 4240 vmbus - ok
20:01:52.0291 4240 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:01:52.0291 4240 VMBusHID - ok
20:01:52.0306 4240 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:01:52.0322 4240 volmgr - ok
20:01:52.0337 4240 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:01:52.0337 4240 volmgrx - ok
20:01:52.0369 4240 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:01:52.0369 4240 volsnap - ok
20:01:52.0400 4240 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:01:52.0400 4240 vsmraid - ok
20:01:52.0447 4240 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:01:52.0493 4240 VSS - ok
20:01:52.0509 4240 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:01:52.0509 4240 vwifibus - ok
20:01:52.0525 4240 [ 7090D3436EEB4E7DA3373090A23448F7 ] VWiFiFlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:01:52.0540 4240 VWiFiFlt - ok
20:01:52.0556 4240 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:01:52.0556 4240 vwifimp - ok
20:01:52.0603 4240 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:01:52.0603 4240 W32Time - ok
20:01:52.0634 4240 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:01:52.0634 4240 WacomPen - ok
20:01:52.0681 4240 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:01:52.0681 4240 WANARP - ok
20:01:52.0681 4240 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:01:52.0681 4240 Wanarpv6 - ok
20:01:52.0759 4240 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:01:52.0805 4240 wbengine - ok
20:01:52.0837 4240 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:01:52.0837 4240 WbioSrvc - ok
20:01:52.0883 4240 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:01:52.0883 4240 wcncsvc - ok
20:01:52.0899 4240 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:01:52.0899 4240 WcsPlugInService - ok
20:01:52.0930 4240 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:01:52.0930 4240 Wd - ok
20:01:52.0977 4240 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:01:52.0993 4240 Wdf01000 - ok
20:01:53.0008 4240 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:01:53.0008 4240 WdiServiceHost - ok
20:01:53.0008 4240 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:01:53.0024 4240 WdiSystemHost - ok
20:01:53.0055 4240 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:01:53.0055 4240 WebClient - ok
20:01:53.0086 4240 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:01:53.0086 4240 Wecsvc - ok
20:01:53.0117 4240 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:01:53.0117 4240 wercplsupport - ok
20:01:53.0164 4240 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:01:53.0164 4240 WerSvc - ok
20:01:53.0195 4240 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:01:53.0195 4240 WfpLwf - ok
20:01:53.0227 4240 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:01:53.0227 4240 WIMMount - ok
20:01:53.0273 4240 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:01:53.0289 4240 WinDefend - ok
20:01:53.0305 4240 WinHttpAutoProxySvc - ok
20:01:53.0367 4240 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:01:53.0383 4240 Winmgmt - ok
20:01:53.0429 4240 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:01:53.0476 4240 WinRM - ok
20:01:53.0539 4240 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
20:01:53.0539 4240 WinUsb - ok
20:01:53.0585 4240 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:01:53.0601 4240 Wlansvc - ok
20:01:53.0710 4240 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:01:53.0757 4240 wlidsvc - ok
20:01:53.0835 4240 WMCoreService - ok
20:01:53.0866 4240 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:01:53.0866 4240 WmiAcpi - ok
20:01:53.0897 4240 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:01:53.0897 4240 wmiApSrv - ok
20:01:53.0975 4240 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:01:54.0022 4240 WMPNetworkSvc - ok
20:01:54.0038 4240 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:01:54.0038 4240 WPCSvc - ok
20:01:54.0069 4240 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:01:54.0085 4240 WPDBusEnum - ok
20:01:54.0116 4240 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:01:54.0116 4240 ws2ifsl - ok
20:01:54.0131 4240 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
20:01:54.0131 4240 wscsvc - ok
20:01:54.0163 4240 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
20:01:54.0163 4240 WSDPrintDevice - ok
20:01:54.0225 4240 [ 7DC0270CFD4A05B4112E3EBBF083B595 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
20:01:54.0225 4240 WSDScan - ok
20:01:54.0225 4240 WSearch - ok
20:01:54.0303 4240 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:01:54.0350 4240 wuauserv - ok
20:01:54.0397 4240 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:01:54.0397 4240 WudfPf - ok
20:01:54.0412 4240 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:01:54.0412 4240 WUDFRd - ok
20:01:54.0443 4240 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:01:54.0443 4240 wudfsvc - ok
20:01:54.0475 4240 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:01:54.0475 4240 WwanSvc - ok
20:01:54.0521 4240 [ 9A11DECE3BE7DB6443272395F97497D5 ] WwanUsbServ C:\Windows\system32\DRIVERS\WwanUsbMp.sys
20:01:54.0521 4240 WwanUsbServ - ok
20:01:54.0646 4240 ================ Scan global ===============================
20:01:54.0693 4240 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:01:54.0740 4240 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:01:54.0755 4240 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:01:54.0787 4240 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:01:54.0818 4240 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:01:54.0818 4240 [Global] - ok
20:01:54.0833 4240 ================ Scan MBR ==================================
20:01:54.0849 4240 [ EE8A217915EB08AE1C3A5DD48A8FCA82 ] \Device\Harddisk0\DR0
20:01:55.0083 4240 \Device\Harddisk0\DR0 - ok
20:01:55.0083 4240 ================ Scan VBR ==================================
20:01:55.0099 4240 [ 44A677013A49D02061235D998949F6F9 ] \Device\Harddisk0\DR0\Partition1
20:01:55.0099 4240 \Device\Harddisk0\DR0\Partition1 - ok
20:01:55.0130 4240 [ 058F1726B6CC8479D489A117219374CF ] \Device\Harddisk0\DR0\Partition2
20:01:55.0130 4240 \Device\Harddisk0\DR0\Partition2 - ok
20:01:55.0130 4240 ============================================================
20:01:55.0130 4240 Scan finished
20:01:55.0130 4240 ============================================================
20:01:55.0145 4272 Detected object count: 0
20:01:55.0145 4272 Actual detected object count: 0
20:01:58.0047 2708 Deinitialize success
|
|
05.05.2013, 10:41
| #5 |
| | Trojaner MitB PC 2Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.05.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16540 ***** :: *****-PC [Administrator] Schutz: Aktiviert 05.05.2013 09:52:18 MBAM-log-2013-05-05 (11-33-37)_PC2.txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 455351 Laufzeit: 1 Stunde(n), 19 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\ProgramData\MPK (Refog.Keylogger) -> Keine Aktion durchgeführt. C:\ProgramData\MPK\CPDA (Refog.Keylogger) -> Keine Aktion durchgeführt. C:\ProgramData\MPK\CPDM (Refog.Keylogger) -> Keine Aktion durchgeführt. Infizierte Dateien: 2 C:\ProgramData\MPK\key.bin (Refog.Keylogger) -> Keine Aktion durchgeführt. C:\ProgramData\MPK\S0000 (Refog.Keylogger) -> Keine Aktion durchgeführt. (Ende) ESET Online Scanner keine Ergebnisse |
|
06.05.2013, 07:12
| #6 |
| /// Malwareteam | Trojaner MitB PC 2 hierbei handelt es sich um ein legitimes Programm... Info Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Downloade Dir bitte  SecurityCheck und:
__________________ --> Trojaner MitB PC 2 |
|
08.05.2013, 11:56
| #7 |
| /// Malwareteam | Trojaner MitB PC 2 Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
13.05.2013, 05:35
| #8 |
| /// Malwareteam | Trojaner MitB PC 2 Was ist mit diesem Rechner?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
13.05.2013, 18:02
| #9 |
| | Trojaner MitB PC 2 So jetzt geht's hier weiter...AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.300 - Datei am 13/05/2013 um 19:00:17 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [1612 octets] - [29/04/2013 21:11:53]
AdwCleaner[R2].txt - [628 octets] - [13/05/2013 19:00:17]
AdwCleaner[S1].txt - [1674 octets] - [29/04/2013 21:12:32]
########## EOF - C:\AdwCleaner[R2].txt - [747 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.300 - Datei am 13/05/2013 um 19:02:40 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [1612 octets] - [29/04/2013 21:11:53]
AdwCleaner[R2].txt - [815 octets] - [13/05/2013 19:00:17]
AdwCleaner[S1].txt - [1674 octets] - [29/04/2013 21:12:32]
AdwCleaner[S2].txt - [336 octets] - [13/05/2013 19:01:09]
AdwCleaner[S3].txt - [336 octets] - [13/05/2013 19:01:34]
AdwCleaner[S4].txt - [867 octets] - [13/05/2013 19:02:40]
########## EOF - C:\AdwCleaner[S4].txt - [926 octets] ##########
Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 21 Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky Internet Security 2013 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
14.05.2013, 05:53
| #10 |
| /// Malwareteam | Trojaner MitB PC 2 Adobe Reader update Dein Adobe Reader ist veraltet. Da einige Schädlinge die Schwachstellen in veralteten Versionen nutzen, werden wir sie aktualisieren.
Defogger re-enable Starte bitte den Defogger und klicke den re-enable Button Systemwiederherstellungspunkte löschen
Code:
ATTFilter :Commands
[clearallrestorepoints]
OTL Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. adwCleaner
Hier noch ein paar Tipps zur Absicherung deines Systems. Aktualität Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
15.05.2013, 18:54
| #11 |
| | Trojaner MitB PC 2 So, auch das wäre erledigt. Abschließend vielen Dank! Wo geht's hier zur Kaffeekasse? ;-) |
|
| Themen zu Trojaner MitB PC 2 |
| adobe, antivirus, bho, bonjour, defender, dnsapi.dll, ebanking, error, explorer, firefox, flash player, format, helper, internet security 2013, kaspersky, kaspersky internet security 2013, logfile, monitor, object, plug-in, programme, registry, scan, security, software, svchost.exe, tastatur, trojaner, udp, windows |
Textbox.
Linear-Darstellung
