Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner MitB PC 2

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.05.2013, 19:28   #1
daalbock
 
Trojaner MitB PC 2 - Standard

Trojaner MitB PC 2



Und hier der Log des zweiten PCs

OTL logfile created on: 02.05.2013 19:22:18 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,97 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 47,43% Memory free
3,93 Gb Paging File | 2,83 Gb Available in Paging File | 71,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 377,97 Gb Free Space | 81,17% Space Free | Partition Type: NTFS

Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.05.02 18:26:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.02 16:37:08 | 001,668,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2012.11.02 16:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2012.01.23 04:06:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011.11.04 16:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.11.01 14:19:00 | 000,936,208 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2011.11.01 14:03:54 | 000,481,552 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011.10.20 13:09:32 | 000,363,584 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011.10.20 13:09:18 | 000,269,376 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe
PRC - [2011.10.20 13:09:16 | 000,134,208 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011.10.20 11:58:46 | 000,101,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe
PRC - [2011.07.12 19:03:34 | 000,064,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\LVOSDSVC.exe
PRC - [2011.07.12 17:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2011.07.12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.06.10 14:47:26 | 001,033,528 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2011.04.24 22:01:02 | 000,219,008 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHVE.EXE
PRC - [2011.04.24 22:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
PRC - [2011.03.08 14:21:18 | 000,138,168 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.23 14:29:44 | 000,586,280 | R--- | M] (Ericsson AB) -- C:\Programme\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.04.23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010.04.02 15:48:58 | 000,057,096 | ---- | M] (UPEK Inc.) -- C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe
PRC - [2009.04.15 17:00:42 | 000,208,896 | R--- | M] () -- C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe
PRC - [2009.04.15 16:41:22 | 000,315,392 | R--- | M] (Lenovo) -- C:\Programme\Lenovo\ATK Hotkey\LFKA.exe
PRC - [2009.04.15 15:57:58 | 000,077,824 | R--- | M] (ATK0101) -- C:\Programme\Lenovo\ATK Hotkey\LControl.exe
PRC - [2009.02.13 16:39:02 | 000,094,208 | R--- | M] () -- C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe
PRC - [2009.02.13 15:45:54 | 000,094,208 | R--- | M] () -- C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012.01.23 04:06:00 | 000,054,784 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.09.25 16:29:08 | 000,247,096 | ---- | M] () -- C:\Programme\Common Files\Lenovo\CDRecord.dll
MOD - [2007.03.09 16:16:52 | 000,106,496 | R--- | M] () -- C:\Programme\Lenovo\ATK Hotkey\AGFNEX.dll


========== Services (SafeList) ==========

SRV - [2013.04.29 20:01:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.21 11:20:33 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.01.23 04:06:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012.01.23 04:06:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011.12.15 19:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.11.01 14:19:00 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.11.01 14:03:54 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.10.20 13:09:18 | 000,269,376 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011.10.20 13:09:16 | 000,134,208 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.12 17:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011.07.12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.06.10 14:47:26 | 001,033,528 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2011.04.24 22:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE -- (EPSON_PM_RPCV4_05)
SRV - [2011.02.23 14:29:44 | 000,586,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.15 17:00:42 | 000,208,896 | R--- | M] () [Auto | Running] -- C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe -- (LFKAS)
SRV - [2009.02.13 16:39:02 | 000,094,208 | R--- | M] () [Auto | Running] -- C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.02.13 15:45:54 | 000,094,208 | R--- | M] () [Auto | Running] -- C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETw5s32.sys -- (NETw5s32)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - [2013.04.27 09:53:47 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2013.04.27 09:53:47 | 000,044,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2013.04.27 09:53:46 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012.10.17 14:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.08.02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012.06.19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2012.02.21 16:19:46 | 000,032,824 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2012.01.23 04:06:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011.12.15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011.08.03 18:27:18 | 007,517,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2011.07.28 19:37:10 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.03.29 20:14:08 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011.03.29 20:12:16 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010.12.01 17:02:30 | 000,087,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l36wgps.sys -- (l36wgps)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.31 17:43:08 | 000,413,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV - [2010.10.31 17:43:08 | 000,396,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV - [2010.10.31 17:43:08 | 000,361,032 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV - [2010.10.31 17:43:08 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV - [2010.09.07 15:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010.06.17 17:13:08 | 000,045,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010.02.23 20:25:34 | 000,026,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wwanussf.sys -- (ecnssndisfltr)
DRV - [2010.02.23 20:25:32 | 000,023,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wwanuss.sys -- (ecnssndis)
DRV - [2009.10.13 16:12:02 | 000,220,200 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WwanUsbMp.sys -- (WwanUsbServ)
DRV - [2009.10.09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.09.15 13:30:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009.09.15 12:36:18 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009.09.07 18:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.06.04 22:44:28 | 000,014,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PuAcpi32.sys -- (MTsensor32)
DRV - [2009.03.13 13:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2008.10.21 11:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 11:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.10.21 11:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.10.21 11:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 11:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.10.21 11:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.10.21 11:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.05.16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2007.07.24 11:09:04 | 000,013,880 | R--- | M] () [Kernel | Auto | Running] -- C:\Programme\Lenovo\ATK Hotkey\ASMMAP.sys -- (ASMMAP)
DRV - [2000.01.01 02:00:00 | 000,127,488 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\SearchScopes,DefaultScope = {82ED8678-AED9-461C-A47F-19669953151F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{82ED8678-AED9-461C-A47F-19669953151F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.27 09:54:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.27 09:54:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.27 09:53:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.27 09:53:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.27 09:53:59 | 000,000,000 | ---D | M]

[2010.11.14 14:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions

O1 HOSTS File: ([2012.03.01 11:14:56 | 000,000,929 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 192.168.205.10 sbs-server.procmas.local
O1 - Hosts: 192.168.206.10 pmsbs.procmas.local
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: googlemail.com ([]https in Trusted sites)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP12-14923/webex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FD1AAFB-A91B-4136-BA2C-ACB2CBCE54BC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88F98A2F-4E7A-4811-8503-DB4F4BC2A8EA}: NameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C294DF5B-8B9F-41FA-90BF-BF38FC055020}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E768B23C-01B1-4370-983F-D50096DED064}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ea9ae69b-64e4-11e0-9c43-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{ea9ae69b-64e4-11e0-9c43-028037ec0200}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.02 18:25:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.04.29 21:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.04.29 21:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers

========== Files - Modified Within 30 Days ==========

[2013.05.02 19:21:42 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable
[2013.05.02 19:20:52 | 000,377,856 | ---- | M] () -- C:\Users\*****\Desktop\gmer_2.1.19163.exe
[2013.05.02 19:20:15 | 000,050,477 | ---- | M] () -- C:\Users\*****\Desktop\Defogger.exe
[2013.05.02 19:10:02 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013.05.02 19:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.02 18:41:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3164677393-2529824498-908953145-1001UA.job
[2013.05.02 18:26:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.05.02 18:12:15 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.02 18:12:15 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.02 18:06:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.02 18:05:34 | 1583,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.30 05:58:29 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.04.29 21:19:21 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013.04.29 20:41:04 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3164677393-2529824498-908953145-1001Core.job
[2013.04.29 20:05:31 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.29 20:05:31 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.29 20:05:31 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.29 20:05:31 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.27 09:53:47 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kneps.sys
[2013.04.27 09:53:47 | 000,044,432 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kltdi.sys
[2013.04.27 09:53:46 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys
[2013.04.27 09:53:45 | 000,074,848 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klflt.sys
[2013.04.14 09:15:56 | 000,418,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013.05.02 19:21:42 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable
[2013.05.02 19:20:51 | 000,377,856 | ---- | C] () -- C:\Users\*****\Desktop\gmer_2.1.19163.exe
[2013.05.02 19:20:15 | 000,050,477 | ---- | C] () -- C:\Users\*****\Desktop\Defogger.exe
[2013.04.30 05:58:29 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.04.29 21:19:21 | 000,002,455 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2012.12.21 15:14:31 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012.12.21 14:57:01 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.12.21 14:57:00 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2012.12.21 14:56:56 | 000,000,259 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.02.21 15:17:49 | 000,030,028 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat
[2011.10.29 11:42:05 | 000,007,619 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2011.10.28 08:14:12 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db
[2011.06.06 09:14:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.05.07 13:52:17 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.04 09:15:04 | 000,646,848 | ---- | C] () -- C:\Users\*****\AppData\Local\wanancsp.dat

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.12.01 09:51:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Azureus
[2012.02.22 10:00:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited
[2011.12.01 09:51:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2010.07.30 15:19:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lenovo
[2012.02.20 19:51:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MyPhoneExplorer
[2012.10.06 13:45:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia
[2012.02.20 20:36:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia Suite
[2012.10.06 13:59:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC Suite
[2011.05.03 14:14:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PCDr
[2012.02.21 16:48:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PwrMgr
[2012.02.22 11:05:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer
[2011.05.03 14:06:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Update
[2012.01.20 12:55:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\VG Solutions

========== Purity Check ==========



< End of report >

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-02 20:12:59
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-26A0RT0 rev.01.01A01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\*****\AppData\Local\Temp\pwdiypod.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x8EC7B6BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x8EC2EC02]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0x8EC2EF4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x8EC2F390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x8EC1728C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x8EC2E8DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x8EC17804]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x8EC176EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0x8EC2EDAE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x8EC7E528]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x8EC17924]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x8EC7D9BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x8EC7DBFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0x8EC7D660]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0x8EC2EE7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x8EC7D506]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x8EC172D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x8EC7B7FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x8EC7B464]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x8EC7E320]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x8EC2D06C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x8EC1789A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x8EC1777A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x8EC7D0AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x8EC7E7D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x8EC179BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x8EC7D718]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x8EC17A44]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x8EC2D27A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x8EC7E1D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x8EC2F174]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x8EC2F002]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0x8EC2F0B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x8EC2F1E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x8EC7DEFE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x8EC2EA6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x8EC7E05C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x8EC17AE6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x8EC7B56E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x8EC7D24E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x8EC7DDA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x8EC17AF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x8EC7D3AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x8EC7D8B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x8EC7E93C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x8EC7E666]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83851A09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8388B1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 8389222C 4 Bytes [BA, B6, C7, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83892254 8 Bytes [02, EC, C2, 8E, 4A, EF, C2, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 83892298 4 Bytes [90, F3, C2, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 838922C4 4 Bytes [8C, 72, C1, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 838922E8 4 Bytes CALL D765B1AF
.text ...

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys

Device \Driver\BTHUSB \Device\00000082 bthport.sys
Device \Driver\BTHUSB \Device\00000084 bthport.sys

AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20@001fe498e862 0xE6 0xBC 0x42 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20@303855343428 0xE3 0xDD 0x40 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607689c6b9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607689c6b9@f81edf616114 0x2A 0xC8 0x58 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ?????????????????????????????????????o??????????Microsoft????????m???????????????n??????????????????????????????????????????????????????6-21-2006???????????? ???????????????????N????????????D????????????????????????????????????????????????????????LegacyDriver????????????????????????????????????????????????? ????e???????????????????????????4??s-???????????????????????l???????h??????????????????Mikrofon????machine.inf:INTEL_SYS.NTx86:PCI_DRV:6.1.7601.17514ci\ven_8086&dev_2940????Intel(R) ICH9 Family PCI Express Root Port 1 - 2940?????? ?????????????????????1?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????#?????????? ???????????????????????????#?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???p???????p????????????Microsoft????????u??? ???????p???????????n?9?????? ????? ????????????????p???q???????z??HIDClass?????????????p??????????TDI?????????????system32\drivers\rdprefmp.sys???Microsoft???? ???????o???????????|????????(?4?c???????????X??????l?????e&P???????????????????????????}??????????????????????????????????? 0??????????????????q??Tdx?nsi?????? ???????s?????p?????n?9????????H?????????????(?????????p???????????????????????????????????????????Sy??????????????t???? ???????o?????q????Pq?2??????$?h?d???????????N??p?????????e????@%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p?????h??p????????h?????%SystemRoot%\system32\svchost.exe -k NetworkService???????N??p?????????n????@%SystemRoot%\System32\dnsapi.dll,-102?????????q0????p??? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????q????TDI?????????????????t??????? ?????????????,? q???????????????????p???????????e??????????????????????? F??q???????????????q????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlo
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20@001fe498e862 0xE6 0xBC 0x42 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20@303855343428 0xE3 0xDD 0x40 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607689c6b9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607689c6b9@f81edf616114 0x2A 0xC8 0x58 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ?????????????e???6???6??????????????????????7&2642e261&0??????????????????????N??????.?????.?.??oem34.inf???????????oem34.inf???? ???????t???????????t????????<????? ??????????????????????????e?????????????????????????e??????????????????????????????? ???????o???????????l??????????b???????????@%systemroot%\system32\drivers\mup.sys,-101???????2??u????????h?????\SystemRoot\system32\drivers\mpio.sys?????$??t??????p???Boot Bus Extender?????L??t???????????d??mpio.inf_x86_neutral_5406d6d4bb64c599??????????~????? N?????????????????????????????????????? 0??z???????????????????v???U??????????Sy??? ???????o???????????z??????????L???????????????????????t?????????????????????????????????????????L??t????????h??????????????????????????Z?????????????g ??????????????????:??t????????h?????system32\drivers\MSKSSRV.sys??????D??t?????????e????Microsoft Streaming Service Proxy???????????????????????????????????????? ???????o???????????p??????????\???????????? F?????? ???????m??LegacyDriver?????????????.??t???????????????t??????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???o????????????????????????????????????t???`???????? ???????o?????o???????????????????? ???????????? ???????o??????????????????????????????????\SystemRoot\system32\drivers\CompositeBus.sys???Busenumeratortreiber f?r Verbundger?te???v??\SystemRoot\System32\drivers\dxgkrnl.sys?????????|?|?????????&???????l???r???h??ODiag???????????????????Microsoft?????????????????? ??????l?l?m?o?o?l?o???????????r?r?????o??????????????@%SystemRoot%\system32\drivers\fileinfo.sys,-100????@%SystemRoot%\system32\drivers\fltmgr.sys,-10001????@%SystemRoot%\system32\drivers\fvevol.sys,-100??????????????\SystemRoot\system32\drivers\HDAudBus.sys???@%SystemRoot%\system32\drivers\http.sys,-1????????b??o?????????e??????????????????*??o?????????e??????????????????????T??p????????h??????p????0??o???w?????ewa??system32\drivers\HTTP.sys?????? ????????? p???p??8.0.219.0?????X??????&???&?????????????????s????????????????????GEAR ASPI Filter Driver??????????????p???y?z? ????????????4??o????????h?????0683??????<??o????????h???????<??p????????h????

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Eine Datei "Extra" wurde auch hier nicht abgelegt!

Alt 03.05.2013, 05:40   #2
Psychotic
/// Malwareteam
 
Trojaner MitB PC 2 - Standard

Trojaner MitB PC 2





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.




Schritt 1: Scan mit TDSS-Killer




Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 03.05.2013, 18:58   #3
daalbock
 
Trojaner MitB PC 2 - Standard

Trojaner MitB PC 2



#OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.05.2013 18:42:21 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,79% Memory free
3,93 Gb Paging File | 2,97 Gb Available in Paging File | 75,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 378,05 Gb Free Space | 81,19% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.02 18:26:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.02 16:37:08 | 001,668,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2012.11.02 16:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2012.01.23 04:06:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011.11.04 16:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.11.01 14:19:00 | 000,936,208 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2011.11.01 14:03:54 | 000,481,552 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011.10.20 13:09:32 | 000,363,584 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011.10.20 13:09:18 | 000,269,376 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe
PRC - [2011.10.20 13:09:16 | 000,134,208 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011.10.20 11:58:46 | 000,101,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe
PRC - [2011.07.12 19:03:34 | 000,064,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\LVOSDSVC.exe
PRC - [2011.07.12 17:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2011.07.12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.06.10 14:47:26 | 001,033,528 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2011.04.24 22:01:02 | 000,219,008 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHVE.EXE
PRC - [2011.04.24 22:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
PRC - [2011.03.08 14:21:18 | 000,138,168 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.23 14:29:44 | 000,586,280 | R--- | M] (Ericsson AB) -- C:\Programme\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.04.23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010.04.02 15:48:58 | 000,057,096 | ---- | M] (UPEK Inc.) -- C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe
PRC - [2009.04.15 17:00:42 | 000,208,896 | R--- | M] () -- C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe
PRC - [2009.04.15 16:41:22 | 000,315,392 | R--- | M] (Lenovo) -- C:\Programme\Lenovo\ATK Hotkey\LFKA.exe
PRC - [2009.04.15 15:57:58 | 000,077,824 | R--- | M] (ATK0101) -- C:\Programme\Lenovo\ATK Hotkey\LControl.exe
PRC - [2009.02.13 16:39:02 | 000,094,208 | R--- | M] () -- C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe
PRC - [2009.02.13 15:45:54 | 000,094,208 | R--- | M] () -- C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.23 04:06:00 | 000,054,784 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.03.09 16:16:52 | 000,106,496 | R--- | M] () -- C:\Programme\Lenovo\ATK Hotkey\AGFNEX.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.29 20:01:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.21 11:20:33 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.01.23 04:06:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012.01.23 04:06:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011.12.15 19:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.11.01 14:19:00 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.11.01 14:03:54 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.10.20 13:09:18 | 000,269,376 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011.10.20 13:09:16 | 000,134,208 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.12 17:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011.07.12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.06.10 14:47:26 | 001,033,528 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2011.04.24 22:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE -- (EPSON_PM_RPCV4_05)
SRV - [2011.02.23 14:29:44 | 000,586,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.15 17:00:42 | 000,208,896 | R--- | M] () [Auto | Running] -- C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe -- (LFKAS)
SRV - [2009.02.13 16:39:02 | 000,094,208 | R--- | M] () [Auto | Running] -- C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.02.13 15:45:54 | 000,094,208 | R--- | M] () [Auto | Running] -- C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETw5s32.sys -- (NETw5s32)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - [2013.04.27 09:53:47 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2013.04.27 09:53:47 | 000,044,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2013.04.27 09:53:46 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012.10.17 14:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.08.02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012.06.19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2012.02.21 16:19:46 | 000,032,824 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2012.01.23 04:06:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011.12.15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011.08.03 18:27:18 | 007,517,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2011.07.28 19:37:10 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.03.29 20:14:08 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011.03.29 20:12:16 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010.12.01 17:02:30 | 000,087,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l36wgps.sys -- (l36wgps)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.31 17:43:08 | 000,413,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV - [2010.10.31 17:43:08 | 000,396,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV - [2010.10.31 17:43:08 | 000,361,032 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV - [2010.10.31 17:43:08 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV - [2010.09.07 15:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010.06.17 17:13:08 | 000,045,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010.02.23 20:25:34 | 000,026,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wwanussf.sys -- (ecnssndisfltr)
DRV - [2010.02.23 20:25:32 | 000,023,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wwanuss.sys -- (ecnssndis)
DRV - [2009.10.13 16:12:02 | 000,220,200 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WwanUsbMp.sys -- (WwanUsbServ)
DRV - [2009.10.09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.09.15 13:30:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009.09.15 12:36:18 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009.09.07 18:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.06.04 22:44:28 | 000,014,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PuAcpi32.sys -- (MTsensor32)
DRV - [2009.03.13 13:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2008.10.21 11:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 11:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.10.21 11:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.10.21 11:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 11:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.10.21 11:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.10.21 11:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.05.16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2007.07.24 11:09:04 | 000,013,880 | R--- | M] () [Kernel | Auto | Running] -- C:\Programme\Lenovo\ATK Hotkey\ASMMAP.sys -- (ASMMAP)
DRV - [2000.01.01 02:00:00 | 000,127,488 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\SearchScopes,DefaultScope = {82ED8678-AED9-461C-A47F-19669953151F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{82ED8678-AED9-461C-A47F-19669953151F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.27 09:54:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.27 09:54:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.27 09:53:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.27 09:53:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.27 09:53:59 | 000,000,000 | ---D | M]
 
[2010.11.14 14:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
 
O1 HOSTS File: ([2012.03.01 11:14:56 | 000,000,929 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 192.168.205.10                 sbs-server.procmas.local
O1 - Hosts: 192.168.206.10		       pmsbs.procmas.local
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: googlemail.com ([]https in Trusted sites)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP12-14923/webex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FD1AAFB-A91B-4136-BA2C-ACB2CBCE54BC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88F98A2F-4E7A-4811-8503-DB4F4BC2A8EA}: NameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C294DF5B-8B9F-41FA-90BF-BF38FC055020}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E768B23C-01B1-4370-983F-D50096DED064}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ea9ae69b-64e4-11e0-9c43-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{ea9ae69b-64e4-11e0-9c43-028037ec0200}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.02 18:25:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.04.29 21:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.04.29 21:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.03 18:42:47 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 18:42:47 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 18:41:11 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3164677393-2529824498-908953145-1001UA.job
[2013.05.03 18:36:41 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013.05.03 18:34:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.03 18:34:41 | 1583,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.02 20:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.02 19:21:42 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable
[2013.05.02 19:20:52 | 000,377,856 | ---- | M] () -- C:\Users\*****\Desktop\gmer_2.1.19163.exe
[2013.05.02 19:20:15 | 000,050,477 | ---- | M] () -- C:\Users\*****\Desktop\Defogger.exe
[2013.05.02 18:26:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.04.30 05:58:29 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.04.29 21:19:21 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013.04.29 20:41:04 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3164677393-2529824498-908953145-1001Core.job
[2013.04.29 20:05:31 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.29 20:05:31 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.29 20:05:31 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.29 20:05:31 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.27 09:53:47 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kneps.sys
[2013.04.27 09:53:47 | 000,044,432 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kltdi.sys
[2013.04.27 09:53:46 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys
[2013.04.27 09:53:45 | 000,074,848 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klflt.sys
[2013.04.14 09:15:56 | 000,418,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.05.02 19:21:42 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable
[2013.05.02 19:20:51 | 000,377,856 | ---- | C] () -- C:\Users\*****\Desktop\gmer_2.1.19163.exe
[2013.05.02 19:20:15 | 000,050,477 | ---- | C] () -- C:\Users\*****\Desktop\Defogger.exe
[2013.04.30 05:58:29 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.04.29 21:19:21 | 000,002,455 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2012.12.21 15:14:31 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012.12.21 14:57:01 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.12.21 14:57:00 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2012.12.21 14:56:56 | 000,000,259 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.02.21 15:17:49 | 000,030,028 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat
[2011.10.29 11:42:05 | 000,007,619 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2011.10.28 08:14:12 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db
[2011.06.06 09:14:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.05.07 13:52:17 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.04 09:15:04 | 000,646,848 | ---- | C] () -- C:\Users\*****\AppData\Local\wanancsp.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.12.01 09:51:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Azureus
[2012.02.22 10:00:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited
[2011.12.01 09:51:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2010.07.30 15:19:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lenovo
[2012.02.20 19:51:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MyPhoneExplorer
[2012.10.06 13:45:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia
[2012.02.20 20:36:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia Suite
[2012.10.06 13:59:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC Suite
[2011.05.03 14:14:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PCDr
[2012.02.21 16:48:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PwrMgr
[2012.02.22 11:05:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer
[2011.05.03 14:06:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Update
[2012.01.20 12:55:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\VG Solutions
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-03 19:54:39
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-26A0RT0 rev.01.01A01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\*****\AppData\Local\Temp\pwdiypod.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwAdjustPrivilegesToken [0x8E6826BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwAlpcConnectPort [0x8E635C02]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwAlpcCreatePort [0x8E635F4A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwAlpcSendWaitReceivePort [0x8E636390]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwClose [0x8E61E28C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwConnectPort [0x8E6358DC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateEvent [0x8E61E804]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateMutant [0x8E61E6EA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreatePort [0x8E635DAE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateSection [0x8E685528]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateSemaphore [0x8E61E924]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateThread [0x8E6849BC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateThreadEx [0x8E684BFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateUserProcess [0x8E684660]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateWaitablePort [0x8E635E7C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwDebugActiveProcess [0x8E684506]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwDeviceIoControlFile [0x8E61E2D0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwDuplicateObject [0x8E6827FC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwLoadDriver [0x8E682464]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwMapViewOfSection [0x8E685320]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwNotifyChangeKey [0x8E63406C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenEvent [0x8E61E89A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenMutant [0x8E61E77A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenProcess [0x8E6840AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenSection [0x8E6857D4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenSemaphore [0x8E61E9BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenThread [0x8E684718]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwQueryDirectoryObject [0x8E61EA44]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwQueryObject [0x8E63427A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwQueueApcThread [0x8E6851D4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwReplyPort [0x8E636174]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwReplyWaitReceivePort [0x8E636002]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwReplyWaitReceivePortEx [0x8E6360B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwRequestWaitReplyPort [0x8E6361E4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwResumeThread [0x8E684EFE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSecureConnectPort [0x8E635A6A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSetContextThread [0x8E68505C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSetInformationToken [0x8E61EAE6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSetSystemInformation [0x8E68256E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSuspendProcess [0x8E68424E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSuspendThread [0x8E684DA6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSystemDebugControl [0x8E61EAF8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwTerminateProcess [0x8E6843AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwTerminateThread [0x8E6848B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwUnmapViewOfSection [0x8E68593C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwWriteVirtualMemory [0x8E685666]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         83881A09 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           838BB1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                              838C222C 4 Bytes  [BA, 26, 68, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                              838C2254 8 Bytes  [02, 5C, 63, 8E, 4A, 5F, 63, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                              838C2298 4 Bytes  [90, 63, 63, 8E] {NOP ; ARPL [EBX-0x72], SP}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                              838C22C4 4 Bytes  [8C, E2, 61, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                              838C22E8 4 Bytes  [DC, 58, 63, 8E]
.text           ...                                                                                              

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                          kltdi.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                          kltdi.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                        kltdi.sys

Device          \Driver\BTHUSB \Device\00000098                                                                  bthport.sys
Device          \Driver\BTHUSB \Device\0000009a                                                                  bthport.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20@001fe498e862         0xE6 0xBC 0x42 0xB8 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20@303855343428         0xE3 0xDD 0x40 0x6E ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607689c6b9                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607689c6b9@f81edf616114         0x2A 0xC8 0x58 0xD9 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                               ?????????????????????????????????????o??????????Microsoft????????m???????????????n??????????????????????????????????????????????????????6-21-2006????????????  ???????????????????N????????????D????????????????????????????????????????????????????????LegacyDriver?????????????????????????????????????????????????????e???????????????????????????4??s-???????????????????????l???????h??????????????????Mikrofon????machine.inf:INTEL_SYS.NTx86:PCI_DRV:6.1.7601.17514:pci\ven_8086&dev_2940????Intel(R) ICH9 Family PCI Express Root Port 1 - 2940?????? ?????????????????????1?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????#?????????????????????????????????????#???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                          ???p???????p????????????Microsoft????????u??? ???????p???????????n?9?????? ????? ????????????????p???q???????z??HIDClass?????????????p??????????TDI?????????????system32\drivers\rdprefmp.sys???Microsoft???? ???????o???????????|????????(?4?c???????????X??????l?????e&P???????????????????????????}??????????????????????????????????? 0??????????????????q??Tdx?nsi?????? ???????s?????p?????n?9????????H?????????????(?????????p???????????????????????????????????????????Sy??????????????t???? ???????o?????q????Pq?2??????$?h?d???????????N??p?????????e????@%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p?????h??p????????h?????%SystemRoot%\system32\svchost.exe -k NetworkService???????N??p?????????n????@%SystemRoot%\System32\dnsapi.dll,-102?????????q0????p??? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????q????TDI?????????????????t??????? ?????????????,? q???????????????????p???????????e??????????????????????? F??q???????????????q????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlo
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20@001fe498e862             0xE6 0xBC 0x42 0xB8 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20@303855343428             0xE3 0xDD 0x40 0x6E ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607689c6b9 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607689c6b9@f81edf616114             0x2A 0xC8 0x58 0xD9 ...
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                   ?????????????e???6???6??????????????????????7&2642e261&0??????????????????????N??????.?????.?.??oem34.inf???????????oem34.inf???? ???????t???????????t????????<????? ??????????????????????????e?????????????????????????e??????????????????????????????? ???????o???????????l??????????b???????????@%systemroot%\system32\drivers\mup.sys,-101???????2??u????????h?????\SystemRoot\system32\drivers\mpio.sys?????$??t??????p???Boot Bus Extender?????L??t???????????d??mpio.inf_x86_neutral_5406d6d4bb64c599??????????~????? N?????????????????????????????????????? 0??z???????????????????v???U??????????Sy??? ???????o???????????z??????????L???????????????????????t?????????????????????????????????????????L??t????????h??????????????????????????Z?????????????g??????????????????:??t????????h?????system32\drivers\MSKSSRV.sys??????D??t?????????e????Microsoft Streaming Service Proxy???????????????????????????????????????? ???????o???????????p??????????\???????????? F?????? ???????m??LegacyDriver?????????????.??t???????????????t?????P????
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                              ???o????????????????????????????????????t???`???????? ???????o?????o???????????????????? ???????????? ???????o??????????????????????????????????\SystemRoot\system32\drivers\CompositeBus.sys???Busenumeratortreiber f?r Verbundger?te???v??\SystemRoot\System32\drivers\dxgkrnl.sys?????????|?|?????????&???????l???r???h??ODiag???????????????????Microsoft????????????????????????l?l?m?o?o?l?o???????????r?r?????o??????????????@%SystemRoot%\system32\drivers\fileinfo.sys,-100????@%SystemRoot%\system32\drivers\fltmgr.sys,-10001????@%SystemRoot%\system32\drivers\fvevol.sys,-100??????????????\SystemRoot\system32\drivers\HDAudBus.sys???@%SystemRoot%\system32\drivers\http.sys,-1????????b??o?????????e??????????????????*??o?????????e??????????????????????T??p????????h??????p????0??o???w?????ewa??system32\drivers\HTTP.sys??????????????? p???p??8.0.219.0?????X??????&???&?????????????????s????????????????????GEAR ASPI Filter Driver??????????????p???y?z? ????????????4??o????????h?????ON????????<??o????????h???????<??p????????h????

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                            unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-03 19:54:39
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-26A0RT0 rev.01.01A01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\*****\AppData\Local\Temp\pwdiypod.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwAdjustPrivilegesToken [0x8E6826BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwAlpcConnectPort [0x8E635C02]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwAlpcCreatePort [0x8E635F4A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwAlpcSendWaitReceivePort [0x8E636390]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwClose [0x8E61E28C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwConnectPort [0x8E6358DC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateEvent [0x8E61E804]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateMutant [0x8E61E6EA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreatePort [0x8E635DAE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateSection [0x8E685528]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateSemaphore [0x8E61E924]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateThread [0x8E6849BC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateThreadEx [0x8E684BFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateUserProcess [0x8E684660]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateWaitablePort [0x8E635E7C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwDebugActiveProcess [0x8E684506]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwDeviceIoControlFile [0x8E61E2D0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwDuplicateObject [0x8E6827FC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwLoadDriver [0x8E682464]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwMapViewOfSection [0x8E685320]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwNotifyChangeKey [0x8E63406C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenEvent [0x8E61E89A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenMutant [0x8E61E77A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenProcess [0x8E6840AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenSection [0x8E6857D4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenSemaphore [0x8E61E9BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenThread [0x8E684718]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwQueryDirectoryObject [0x8E61EA44]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwQueryObject [0x8E63427A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwQueueApcThread [0x8E6851D4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwReplyPort [0x8E636174]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwReplyWaitReceivePort [0x8E636002]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwReplyWaitReceivePortEx [0x8E6360B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwRequestWaitReplyPort [0x8E6361E4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwResumeThread [0x8E684EFE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSecureConnectPort [0x8E635A6A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSetContextThread [0x8E68505C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSetInformationToken [0x8E61EAE6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSetSystemInformation [0x8E68256E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSuspendProcess [0x8E68424E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSuspendThread [0x8E684DA6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSystemDebugControl [0x8E61EAF8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwTerminateProcess [0x8E6843AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwTerminateThread [0x8E6848B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwUnmapViewOfSection [0x8E68593C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwWriteVirtualMemory [0x8E685666]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         83881A09 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           838BB1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                              838C222C 4 Bytes  [BA, 26, 68, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                              838C2254 8 Bytes  [02, 5C, 63, 8E, 4A, 5F, 63, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                              838C2298 4 Bytes  [90, 63, 63, 8E] {NOP ; ARPL [EBX-0x72], SP}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                              838C22C4 4 Bytes  [8C, E2, 61, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                              838C22E8 4 Bytes  [DC, 58, 63, 8E]
.text           ...                                                                                              

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                          kltdi.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                          kltdi.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                        kltdi.sys

Device          \Driver\BTHUSB \Device\00000098                                                                  bthport.sys
Device          \Driver\BTHUSB \Device\0000009a                                                                  bthport.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20@001fe498e862         0xE6 0xBC 0x42 0xB8 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cb1a20@303855343428         0xE3 0xDD 0x40 0x6E ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607689c6b9                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607689c6b9@f81edf616114         0x2A 0xC8 0x58 0xD9 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                               ?????????????????????????????????????o??????????Microsoft????????m???????????????n??????????????????????????????????????????????????????6-21-2006????????????  ???????????????????N????????????D????????????????????????????????????????????????????????LegacyDriver?????????????????????????????????????????????????????e???????????????????????????4??s-???????????????????????l???????h??????????????????Mikrofon????machine.inf:INTEL_SYS.NTx86:PCI_DRV:6.1.7601.17514:pci\ven_8086&dev_2940????Intel(R) ICH9 Family PCI Express Root Port 1 - 2940?????? ?????????????????????1?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????#?????????????????????????????????????#???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                          ???p???????p????????????Microsoft????????u??? ???????p???????????n?9?????? ????? ????????????????p???q???????z??HIDClass?????????????p??????????TDI?????????????system32\drivers\rdprefmp.sys???Microsoft???? ???????o???????????|????????(?4?c???????????X??????l?????e&P???????????????????????????}??????????????????????????????????? 0??????????????????q??Tdx?nsi?????? ???????s?????p?????n?9????????H?????????????(?????????p???????????????????????????????????????????Sy??????????????t???? ???????o?????q????Pq?2??????$?h?d???????????N??p?????????e????@%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p?????h??p????????h?????%SystemRoot%\system32\svchost.exe -k NetworkService???????N??p?????????n????@%SystemRoot%\System32\dnsapi.dll,-102?????????q0????p??? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????q????TDI?????????????????t??????? ?????????????,? q???????????????????p???????????e??????????????????????? F??q???????????????q????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlo
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20@001fe498e862             0xE6 0xBC 0x42 0xB8 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cb1a20@303855343428             0xE3 0xDD 0x40 0x6E ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607689c6b9 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607689c6b9@f81edf616114             0x2A 0xC8 0x58 0xD9 ...
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                   ?????????????e???6???6??????????????????????7&2642e261&0??????????????????????N??????.?????.?.??oem34.inf???????????oem34.inf???? ???????t???????????t????????<????? ??????????????????????????e?????????????????????????e??????????????????????????????? ???????o???????????l??????????b???????????@%systemroot%\system32\drivers\mup.sys,-101???????2??u????????h?????\SystemRoot\system32\drivers\mpio.sys?????$??t??????p???Boot Bus Extender?????L??t???????????d??mpio.inf_x86_neutral_5406d6d4bb64c599??????????~????? N?????????????????????????????????????? 0??z???????????????????v???U??????????Sy??? ???????o???????????z??????????L???????????????????????t?????????????????????????????????????????L??t????????h??????????????????????????Z?????????????g??????????????????:??t????????h?????system32\drivers\MSKSSRV.sys??????D??t?????????e????Microsoft Streaming Service Proxy???????????????????????????????????????? ???????o???????????p??????????\???????????? F?????? ???????m??LegacyDriver?????????????.??t???????????????t?????P????
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                              ???o????????????????????????????????????t???`???????? ???????o?????o???????????????????? ???????????? ???????o??????????????????????????????????\SystemRoot\system32\drivers\CompositeBus.sys???Busenumeratortreiber f?r Verbundger?te???v??\SystemRoot\System32\drivers\dxgkrnl.sys?????????|?|?????????&???????l???r???h??ODiag???????????????????Microsoft????????????????????????l?l?m?o?o?l?o???????????r?r?????o??????????????@%SystemRoot%\system32\drivers\fileinfo.sys,-100????@%SystemRoot%\system32\drivers\fltmgr.sys,-10001????@%SystemRoot%\system32\drivers\fvevol.sys,-100??????????????\SystemRoot\system32\drivers\HDAudBus.sys???@%SystemRoot%\system32\drivers\http.sys,-1????????b??o?????????e??????????????????*??o?????????e??????????????????????T??p????????h??????p????0??o???w?????ewa??system32\drivers\HTTP.sys??????????????? p???p??8.0.219.0?????X??????&???&?????????????????s????????????????????GEAR ASPI Filter Driver??????????????p???y?z? ????????????4??o????????h?????ON????????<??o????????h???????<??p????????h????

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                            unknown MBR code

---- EOF - GMER 2.1 ----
         
__________________

Geändert von daalbock (03.05.2013 um 19:12 Uhr)

Alt 03.05.2013, 19:11   #4
daalbock
 
Trojaner MitB PC 2 - Standard

Trojaner MitB PC 2



Code:
ATTFilter
20:01:24.0459 4344  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:01:24.0506 4344  ============================================================
20:01:24.0506 4344  Current date / time: 2013/05/03 20:01:24.0506
20:01:24.0506 4344  SystemInfo:
20:01:24.0506 4344  
20:01:24.0506 4344  OS Version: 6.1.7601 ServicePack: 1.0
20:01:24.0506 4344  Product type: Workstation
20:01:24.0506 4344  ComputerName: *****-PC
20:01:24.0506 4344  UserName: *****
20:01:24.0506 4344  Windows directory: C:\Windows
20:01:24.0506 4344  System windows directory: C:\Windows
20:01:24.0506 4344  Processor architecture: Intel x86
20:01:24.0506 4344  Number of processors: 2
20:01:24.0506 4344  Page size: 0x1000
20:01:24.0506 4344  Boot type: Normal boot
20:01:24.0506 4344  ============================================================
20:01:25.0848 4344  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:01:25.0848 4344  ============================================================
20:01:25.0848 4344  \Device\Harddisk0\DR0:
20:01:25.0848 4344  MBR partitions:
20:01:25.0848 4344  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:01:25.0848 4344  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
20:01:25.0848 4344  ============================================================
20:01:26.0128 4344  C: <-> \Device\Harddisk0\DR0\Partition2
20:01:26.0128 4344  ============================================================
20:01:26.0128 4344  Initialize success
20:01:26.0128 4344  ============================================================
20:01:28.0141 4240  ============================================================
20:01:28.0141 4240  Scan started
20:01:28.0141 4240  Mode: Manual; 
20:01:28.0141 4240  ============================================================
20:01:29.0794 4240  ================ Scan system memory ========================
20:01:29.0794 4240  System memory - ok
20:01:29.0794 4240  ================ Scan services =============================
20:01:30.0294 4240  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:01:30.0309 4240  1394ohci - ok
20:01:30.0356 4240  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:01:30.0356 4240  ACPI - ok
20:01:30.0387 4240  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:01:30.0387 4240  AcpiPmi - ok
20:01:30.0512 4240  [ 1933DB4808793F3BD7AB34A39A809425 ] AcPrfMgrSvc     C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
20:01:30.0512 4240  AcPrfMgrSvc - ok
20:01:30.0543 4240  [ E7AF543334B21D84124709061A9AE4D7 ] AcSvc           C:\Program Files\Lenovo\Access Connections\AcSvc.exe
20:01:30.0543 4240  AcSvc - ok
20:01:30.0652 4240  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:01:30.0652 4240  AdobeARMservice - ok
20:01:30.0746 4240  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:01:30.0762 4240  AdobeFlashPlayerUpdateSvc - ok
20:01:30.0808 4240  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:01:30.0824 4240  adp94xx - ok
20:01:30.0871 4240  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:01:30.0871 4240  adpahci - ok
20:01:30.0902 4240  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:01:30.0918 4240  adpu320 - ok
20:01:30.0949 4240  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:01:30.0949 4240  AeLookupSvc - ok
20:01:31.0011 4240  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
20:01:31.0011 4240  AFD - ok
20:01:31.0058 4240  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
20:01:31.0058 4240  agp440 - ok
20:01:31.0105 4240  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
20:01:31.0105 4240  aic78xx - ok
20:01:31.0136 4240  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
20:01:31.0136 4240  ALG - ok
20:01:31.0167 4240  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:01:31.0167 4240  aliide - ok
20:01:31.0214 4240  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:01:31.0214 4240  amdagp - ok
20:01:31.0230 4240  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:01:31.0230 4240  amdide - ok
20:01:31.0261 4240  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:01:31.0261 4240  AmdK8 - ok
20:01:31.0276 4240  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:01:31.0276 4240  AmdPPM - ok
20:01:31.0339 4240  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:01:31.0339 4240  amdsata - ok
20:01:31.0354 4240  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:01:31.0354 4240  amdsbs - ok
20:01:31.0370 4240  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:01:31.0370 4240  amdxata - ok
20:01:31.0432 4240  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
20:01:31.0432 4240  AppID - ok
20:01:31.0464 4240  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:01:31.0464 4240  AppIDSvc - ok
20:01:31.0510 4240  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
20:01:31.0510 4240  Appinfo - ok
20:01:31.0620 4240  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:01:31.0620 4240  Apple Mobile Device - ok
20:01:31.0651 4240  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:01:31.0651 4240  AppMgmt - ok
20:01:31.0682 4240  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:01:31.0682 4240  arc - ok
20:01:31.0713 4240  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:01:31.0713 4240  arcsas - ok
20:01:31.0760 4240  [ AD699ABB71C9BEA804D5FE02CC32708B ] ASLDRService    C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
20:01:31.0760 4240  ASLDRService - ok
20:01:31.0776 4240  [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP          C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
20:01:31.0776 4240  ASMMAP - ok
20:01:31.0807 4240  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:01:31.0807 4240  AsyncMac - ok
20:01:31.0838 4240  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
20:01:31.0838 4240  atapi - ok
20:01:31.0916 4240  [ 614A60AEE03A6151FDCBAC295854A9CB ] athr            C:\Windows\system32\DRIVERS\athr.sys
20:01:31.0932 4240  athr - ok
20:01:31.0947 4240  [ F62CA1881D057A98AB8C4BA2020D3D0E ] ATKGFNEXSrv     C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
20:01:31.0963 4240  ATKGFNEXSrv - ok
20:01:32.0010 4240  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:01:32.0010 4240  AudioEndpointBuilder - ok
20:01:32.0025 4240  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:01:32.0025 4240  Audiosrv - ok
20:01:32.0119 4240  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
20:01:32.0134 4240  AVP - ok
20:01:32.0181 4240  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:01:32.0181 4240  AxInstSV - ok
20:01:32.0244 4240  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
20:01:32.0244 4240  b06bdrv - ok
20:01:32.0290 4240  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
20:01:32.0290 4240  b57nd60x - ok
20:01:32.0353 4240  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:01:32.0353 4240  BDESVC - ok
20:01:32.0384 4240  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:01:32.0384 4240  Beep - ok
20:01:32.0431 4240  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
20:01:32.0431 4240  BFE - ok
20:01:32.0493 4240  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
20:01:32.0493 4240  BITS - ok
20:01:32.0524 4240  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:01:32.0524 4240  blbdrive - ok
20:01:32.0618 4240  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:01:32.0618 4240  Bonjour Service - ok
20:01:32.0665 4240  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:01:32.0665 4240  bowser - ok
20:01:32.0696 4240  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:01:32.0696 4240  BrFiltLo - ok
20:01:32.0712 4240  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:01:32.0712 4240  BrFiltUp - ok
20:01:32.0758 4240  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
20:01:32.0758 4240  Browser - ok
20:01:32.0790 4240  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:01:32.0790 4240  Brserid - ok
20:01:32.0821 4240  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:01:32.0821 4240  BrSerWdm - ok
20:01:32.0868 4240  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:01:32.0868 4240  BrUsbMdm - ok
20:01:32.0883 4240  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:01:32.0883 4240  BrUsbSer - ok
20:01:32.0930 4240  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
20:01:32.0930 4240  BthEnum - ok
20:01:32.0946 4240  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:01:32.0946 4240  BTHMODEM - ok
20:01:32.0977 4240  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
20:01:32.0977 4240  BthPan - ok
20:01:33.0008 4240  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
20:01:33.0008 4240  BTHPORT - ok
20:01:33.0039 4240  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
20:01:33.0039 4240  bthserv - ok
20:01:33.0055 4240  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
20:01:33.0055 4240  BTHUSB - ok
20:01:33.0102 4240  [ DD5361CF05025BD61A5D0115ECC2566F ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
20:01:33.0102 4240  btusbflt - ok
20:01:33.0133 4240  btwavdt - ok
20:01:33.0148 4240  btwl2cap - ok
20:01:33.0164 4240  btwrchid - ok
20:01:33.0195 4240  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:01:33.0195 4240  cdfs - ok
20:01:33.0273 4240  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
20:01:33.0273 4240  cdrom - ok
20:01:33.0320 4240  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:01:33.0320 4240  CertPropSvc - ok
20:01:33.0336 4240  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:01:33.0336 4240  circlass - ok
20:01:33.0382 4240  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
20:01:33.0382 4240  CLFS - ok
20:01:33.0460 4240  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:01:33.0460 4240  clr_optimization_v2.0.50727_32 - ok
20:01:33.0523 4240  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:01:33.0538 4240  clr_optimization_v4.0.30319_32 - ok
20:01:33.0554 4240  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:01:33.0554 4240  CmBatt - ok
20:01:33.0601 4240  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:01:33.0601 4240  cmdide - ok
20:01:33.0648 4240  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:01:33.0663 4240  CNG - ok
20:01:33.0694 4240  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:01:33.0694 4240  Compbatt - ok
20:01:33.0726 4240  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:01:33.0726 4240  CompositeBus - ok
20:01:33.0741 4240  COMSysApp - ok
20:01:33.0788 4240  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:01:33.0788 4240  crcdisk - ok
20:01:33.0835 4240  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:01:33.0835 4240  CryptSvc - ok
20:01:33.0882 4240  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
20:01:33.0882 4240  CSC - ok
20:01:33.0960 4240  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
20:01:33.0960 4240  CscService - ok
20:01:34.0038 4240  [ 90F8539FA0DE4AAFE4FDBE7F95D6A512 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
20:01:34.0053 4240  dc3d - ok
20:01:34.0084 4240  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:01:34.0084 4240  DcomLaunch - ok
20:01:34.0131 4240  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:01:34.0131 4240  defragsvc - ok
20:01:34.0178 4240  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:01:34.0178 4240  DfsC - ok
20:01:34.0240 4240  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:01:34.0240 4240  Dhcp - ok
20:01:34.0272 4240  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
20:01:34.0272 4240  discache - ok
20:01:34.0287 4240  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:01:34.0303 4240  Disk - ok
20:01:34.0318 4240  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:01:34.0334 4240  Dnscache - ok
20:01:34.0365 4240  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:01:34.0365 4240  dot3svc - ok
20:01:34.0412 4240  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
20:01:34.0412 4240  DPS - ok
20:01:34.0443 4240  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:01:34.0443 4240  drmkaud - ok
20:01:34.0506 4240  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:01:34.0506 4240  DXGKrnl - ok
20:01:34.0537 4240  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
20:01:34.0552 4240  EapHost - ok
20:01:34.0646 4240  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
20:01:34.0724 4240  ebdrv - ok
20:01:34.0771 4240  [ E922BC274FBD736B41020872C8AAC390 ] ecnssndis       C:\Windows\system32\Drivers\wwanuss.sys
20:01:34.0771 4240  ecnssndis - ok
20:01:34.0802 4240  [ 15CA5CD73A30398C89247B3C5E933044 ] ecnssndisfltr   C:\Windows\system32\Drivers\wwanussf.sys
20:01:34.0802 4240  ecnssndisfltr - ok
20:01:34.0833 4240  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
20:01:34.0833 4240  EFS - ok
20:01:34.0911 4240  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:01:34.0911 4240  ehRecvr - ok
20:01:34.0942 4240  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
20:01:34.0942 4240  ehSched - ok
20:01:34.0989 4240  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:01:34.0989 4240  elxstor - ok
20:01:35.0052 4240  [ CEF06A8DF4BA42673F3297759FD62E80 ] EPSON_PM_RPCV4_05 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
20:01:35.0052 4240  EPSON_PM_RPCV4_05 - ok
20:01:35.0098 4240  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:01:35.0098 4240  ErrDev - ok
20:01:35.0145 4240  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
20:01:35.0145 4240  EventSystem - ok
20:01:35.0348 4240  [ 67FAAD0A3C1257646E2B6C5027DB6193 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:01:35.0364 4240  EvtEng - ok
20:01:35.0395 4240  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
20:01:35.0395 4240  exfat - ok
20:01:35.0442 4240  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:01:35.0442 4240  fastfat - ok
20:01:35.0488 4240  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
20:01:35.0504 4240  Fax - ok
20:01:35.0520 4240  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:01:35.0520 4240  fdc - ok
20:01:35.0551 4240  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
20:01:35.0551 4240  fdPHost - ok
20:01:35.0566 4240  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
20:01:35.0566 4240  FDResPub - ok
20:01:35.0582 4240  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:01:35.0582 4240  FileInfo - ok
20:01:35.0598 4240  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:01:35.0613 4240  Filetrace - ok
20:01:35.0629 4240  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:01:35.0629 4240  flpydisk - ok
20:01:35.0644 4240  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:01:35.0644 4240  FltMgr - ok
20:01:35.0722 4240  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
20:01:35.0738 4240  FontCache - ok
20:01:35.0800 4240  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:01:35.0800 4240  FontCache3.0.0.0 - ok
20:01:35.0816 4240  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:01:35.0816 4240  FsDepends - ok
20:01:35.0863 4240  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:01:35.0863 4240  Fs_Rec - ok
20:01:35.0910 4240  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:01:35.0910 4240  fvevol - ok
20:01:35.0941 4240  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:01:35.0941 4240  gagp30kx - ok
20:01:36.0003 4240  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:01:36.0003 4240  GEARAspiWDM - ok
20:01:36.0066 4240  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:01:36.0066 4240  gpsvc - ok
20:01:36.0128 4240  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:01:36.0128 4240  hcw85cir - ok
20:01:36.0175 4240  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:01:36.0190 4240  HdAudAddService - ok
20:01:36.0222 4240  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:01:36.0222 4240  HDAudBus - ok
20:01:36.0253 4240  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:01:36.0253 4240  HidBatt - ok
20:01:36.0268 4240  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:01:36.0268 4240  HidBth - ok
20:01:36.0300 4240  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:01:36.0300 4240  HidIr - ok
20:01:36.0331 4240  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
20:01:36.0331 4240  hidserv - ok
20:01:36.0378 4240  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:01:36.0378 4240  HidUsb - ok
20:01:36.0409 4240  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:01:36.0424 4240  hkmsvc - ok
20:01:36.0456 4240  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:01:36.0456 4240  HomeGroupListener - ok
20:01:36.0502 4240  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:01:36.0502 4240  HomeGroupProvider - ok
20:01:36.0565 4240  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:01:36.0565 4240  HpSAMD - ok
20:01:36.0612 4240  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:01:36.0612 4240  HTTP - ok
20:01:36.0658 4240  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:01:36.0674 4240  hwpolicy - ok
20:01:36.0705 4240  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:01:36.0705 4240  i8042prt - ok
20:01:36.0768 4240  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:01:36.0783 4240  iaStorV - ok
20:01:36.0830 4240  [ 4A8AB38FDF3649C1FE3E9D16BF79927D ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
20:01:36.0830 4240  IBMPMDRV - ok
20:01:36.0830 4240  [ BB5CB196922C9F57598AE98C036DE246 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
20:01:36.0830 4240  IBMPMSVC - ok
20:01:36.0939 4240  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:01:36.0955 4240  IDriverT - ok
20:01:37.0033 4240  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:01:37.0048 4240  idsvc - ok
20:01:37.0282 4240  [ 1EC36A3CA56B0A31B4920399EE6D77EB ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
20:01:37.0470 4240  igfx - ok
20:01:37.0501 4240  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:01:37.0501 4240  iirsp - ok
20:01:37.0563 4240  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:01:37.0579 4240  IKEEXT - ok
20:01:37.0641 4240  [ 81486F0EB4238B65C317F97DE246C4AC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
20:01:37.0641 4240  IntcHdmiAddService - ok
20:01:37.0657 4240  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:01:37.0657 4240  intelide - ok
20:01:37.0704 4240  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:01:37.0704 4240  intelppm - ok
20:01:37.0735 4240  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:01:37.0750 4240  IPBusEnum - ok
20:01:37.0766 4240  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:01:37.0766 4240  IpFilterDriver - ok
20:01:37.0813 4240  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:01:37.0828 4240  iphlpsvc - ok
20:01:37.0860 4240  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:01:37.0875 4240  IPMIDRV - ok
20:01:37.0891 4240  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:01:37.0891 4240  IPNAT - ok
20:01:38.0047 4240  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:01:38.0062 4240  iPod Service - ok
20:01:38.0140 4240  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:01:38.0140 4240  IRENUM - ok
20:01:38.0265 4240  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:01:38.0265 4240  isapnp - ok
20:01:38.0343 4240  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:01:38.0343 4240  iScsiPrt - ok
20:01:38.0406 4240  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:01:38.0406 4240  kbdclass - ok
20:01:38.0437 4240  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:01:38.0437 4240  kbdhid - ok
20:01:38.0499 4240  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
20:01:38.0499 4240  KeyIso - ok
20:01:38.0764 4240  [ EA26CB00F83686856F2C79673C00C686 ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
20:01:38.0764 4240  kl1 - ok
20:01:39.0170 4240  [ BE21AC70BB25B9BA0D79AA510D6BBFCB ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
20:01:39.0186 4240  KLIF - ok
20:01:39.0326 4240  [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
20:01:39.0326 4240  KLIM6 - ok
20:01:39.0576 4240  [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
20:01:39.0576 4240  klkbdflt - ok
20:01:39.0841 4240  [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
20:01:39.0841 4240  klmouflt - ok
20:01:39.0981 4240  [ E7EFE379B05BB01F13885C5DBE5A4E64 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
20:01:39.0981 4240  kltdi - ok
20:01:40.0044 4240  [ 8F932DF10408BCABA2FCF6163C843F8E ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
20:01:40.0059 4240  kneps - ok
20:01:40.0106 4240  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:01:40.0122 4240  KSecDD - ok
20:01:40.0168 4240  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:01:40.0168 4240  KSecPkg - ok
20:01:40.0200 4240  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:01:40.0215 4240  KtmRm - ok
20:01:40.0246 4240  [ 31C584C4F630B253CCEAEA12AB930B64 ] l36wgps         C:\Windows\system32\DRIVERS\l36wgps.sys
20:01:40.0262 4240  l36wgps - ok
20:01:40.0387 4240  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:01:40.0402 4240  LanmanServer - ok
20:01:40.0512 4240  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:01:40.0512 4240  LanmanWorkstation - ok
20:01:40.0574 4240  [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi      C:\Windows\system32\DRIVERS\smiif32.sys
20:01:40.0574 4240  lenovo.smi - ok
20:01:40.0636 4240  [ 158B67696EC8602CE71F9AA4F14AA96F ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
20:01:40.0636 4240  Lenovo.VIRTSCRLSVC - ok
20:01:40.0652 4240  [ 270723E97CA3B26B82700DC02F082C9F ] LFKAS           C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
20:01:40.0652 4240  LFKAS - ok
20:01:40.0824 4240  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:01:40.0824 4240  lltdio - ok
20:01:40.0870 4240  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:01:40.0870 4240  lltdsvc - ok
20:01:40.0886 4240  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:01:40.0886 4240  lmhosts - ok
20:01:40.0933 4240  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:01:40.0948 4240  LSI_FC - ok
20:01:40.0948 4240  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:01:40.0948 4240  LSI_SAS - ok
20:01:40.0980 4240  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:01:40.0980 4240  LSI_SAS2 - ok
20:01:41.0011 4240  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:01:41.0011 4240  LSI_SCSI - ok
20:01:41.0026 4240  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
20:01:41.0026 4240  luafv - ok
20:01:41.0058 4240  [ 25A7192E0C9224841216F2992E188A6D ] Mbm3CBus        C:\Windows\system32\DRIVERS\Mbm3CBus.sys
20:01:41.0073 4240  Mbm3CBus - ok
20:01:41.0120 4240  [ 61CE3D382021A5A6E9826F0F77D7029A ] Mbm3DevMt       C:\Windows\system32\DRIVERS\Mbm3DevMt.sys
20:01:41.0120 4240  Mbm3DevMt - ok
20:01:41.0167 4240  [ EAF4A90BBE5B4E5C02FDFFAC86E7A981 ] Mbm3mdfl        C:\Windows\system32\DRIVERS\Mbm3mdfl.sys
20:01:41.0167 4240  Mbm3mdfl - ok
20:01:41.0198 4240  [ 6BE23F21DC769DB3D7A2D6C19434AB8E ] Mbm3Mdm         C:\Windows\system32\DRIVERS\Mbm3Mdm.sys
20:01:41.0214 4240  Mbm3Mdm - ok
20:01:41.0260 4240  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:01:41.0276 4240  Mcx2Svc - ok
20:01:41.0307 4240  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:01:41.0307 4240  megasas - ok
20:01:41.0338 4240  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:01:41.0338 4240  MegaSR - ok
20:01:41.0385 4240  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
20:01:41.0385 4240  MMCSS - ok
20:01:41.0385 4240  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
20:01:41.0385 4240  Modem - ok
20:01:41.0432 4240  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:01:41.0432 4240  monitor - ok
20:01:41.0479 4240  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:01:41.0479 4240  mouclass - ok
20:01:41.0510 4240  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:01:41.0510 4240  mouhid - ok
20:01:41.0541 4240  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:01:41.0541 4240  mountmgr - ok
20:01:41.0588 4240  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:01:41.0588 4240  mpio - ok
20:01:41.0604 4240  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:01:41.0619 4240  mpsdrv - ok
20:01:41.0666 4240  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:01:41.0666 4240  MpsSvc - ok
20:01:41.0713 4240  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:01:41.0713 4240  MRxDAV - ok
20:01:41.0760 4240  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:01:41.0760 4240  mrxsmb - ok
20:01:41.0806 4240  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:01:41.0806 4240  mrxsmb10 - ok
20:01:41.0853 4240  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:01:41.0853 4240  mrxsmb20 - ok
20:01:41.0884 4240  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
20:01:41.0900 4240  msahci - ok
20:01:41.0916 4240  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:01:41.0916 4240  msdsm - ok
20:01:41.0947 4240  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
20:01:41.0947 4240  MSDTC - ok
20:01:41.0994 4240  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:01:41.0994 4240  Msfs - ok
20:01:42.0009 4240  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:01:42.0009 4240  mshidkmdf - ok
20:01:42.0040 4240  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:01:42.0040 4240  msisadrv - ok
20:01:42.0087 4240  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:01:42.0087 4240  MSiSCSI - ok
20:01:42.0087 4240  msiserver - ok
20:01:42.0118 4240  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:01:42.0134 4240  MSKSSRV - ok
20:01:42.0150 4240  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:01:42.0150 4240  MSPCLOCK - ok
20:01:42.0165 4240  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:01:42.0165 4240  MSPQM - ok
20:01:42.0181 4240  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:01:42.0181 4240  MsRPC - ok
20:01:42.0228 4240  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:01:42.0228 4240  mssmbios - ok
20:01:42.0243 4240  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:01:42.0243 4240  MSTEE - ok
20:01:42.0259 4240  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:01:42.0259 4240  MTConfig - ok
20:01:42.0290 4240  [ 648CBE572FFE978BF33B8D7E60AC441B ] MTsensor32      C:\Windows\system32\DRIVERS\PuAcpi32.sys
20:01:42.0290 4240  MTsensor32 - ok
20:01:42.0306 4240  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:01:42.0306 4240  Mup - ok
20:01:42.0352 4240  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
20:01:42.0352 4240  napagent - ok
20:01:42.0399 4240  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:01:42.0399 4240  NativeWifiP - ok
20:01:42.0462 4240  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:01:42.0477 4240  NDIS - ok
20:01:42.0493 4240  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:01:42.0493 4240  NdisCap - ok
20:01:42.0524 4240  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:01:42.0524 4240  NdisTapi - ok
20:01:42.0571 4240  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:01:42.0571 4240  Ndisuio - ok
20:01:42.0602 4240  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:01:42.0602 4240  NdisWan - ok
20:01:42.0633 4240  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:01:42.0633 4240  NDProxy - ok
20:01:42.0680 4240  [ 1352E1648213551923A0A822E441553C ] Netaapl         C:\Windows\system32\DRIVERS\netaapl.sys
20:01:42.0680 4240  Netaapl - ok
20:01:42.0727 4240  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:01:42.0727 4240  NetBIOS - ok
20:01:42.0774 4240  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:01:42.0774 4240  NetBT - ok
20:01:42.0774 4240  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
20:01:42.0789 4240  Netlogon - ok
20:01:42.0836 4240  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
20:01:42.0836 4240  Netman - ok
20:01:42.0852 4240  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
20:01:42.0867 4240  netprofm - ok
20:01:42.0898 4240  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:01:42.0898 4240  NetTcpPortSharing - ok
20:01:42.0930 4240  NETw5s32 - ok
20:01:43.0039 4240  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
20:01:43.0132 4240  netw5v32 - ok
20:01:43.0351 4240  [ 5C979C481981E04919ECBB3B88D54B34 ] NETwNs32        C:\Windows\system32\DRIVERS\NETwNs32.sys
20:01:43.0522 4240  NETwNs32 - ok
20:01:43.0569 4240  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:01:43.0569 4240  nfrd960 - ok
20:01:43.0600 4240  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:01:43.0616 4240  NlaSvc - ok
20:01:43.0632 4240  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:01:43.0632 4240  Npfs - ok
20:01:43.0678 4240  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
20:01:43.0678 4240  nsi - ok
20:01:43.0678 4240  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:01:43.0678 4240  nsiproxy - ok
20:01:43.0741 4240  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:01:43.0788 4240  Ntfs - ok
20:01:43.0803 4240  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
20:01:43.0803 4240  Null - ok
20:01:43.0834 4240  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:01:43.0834 4240  nvraid - ok
20:01:43.0866 4240  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:01:43.0866 4240  nvstor - ok
20:01:43.0928 4240  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:01:43.0928 4240  nv_agp - ok
20:01:44.0037 4240  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:01:44.0037 4240  odserv - ok
20:01:44.0084 4240  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:01:44.0084 4240  ohci1394 - ok
20:01:44.0162 4240  [ EC322186D8FCE3D632F3F597D67747DD ] OpenVPNService  C:\Program Files\OpenVPN\bin\openvpnserv.exe
20:01:44.0162 4240  OpenVPNService - ok
20:01:44.0256 4240  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:01:44.0271 4240  ose - ok
20:01:44.0302 4240  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:01:44.0302 4240  p2pimsvc - ok
20:01:44.0318 4240  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:01:44.0334 4240  p2psvc - ok
20:01:44.0365 4240  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:01:44.0365 4240  Parport - ok
20:01:44.0396 4240  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:01:44.0412 4240  partmgr - ok
20:01:44.0427 4240  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
20:01:44.0427 4240  Parvdm - ok
20:01:44.0458 4240  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:01:44.0458 4240  PcaSvc - ok
20:01:44.0505 4240  [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
20:01:44.0505 4240  pccsmcfd - ok
20:01:44.0536 4240  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
20:01:44.0536 4240  pci - ok
20:01:44.0583 4240  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
20:01:44.0583 4240  pciide - ok
20:01:44.0630 4240  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:01:44.0630 4240  pcmcia - ok
20:01:44.0646 4240  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
20:01:44.0646 4240  pcw - ok
20:01:44.0677 4240  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:01:44.0692 4240  PEAUTH - ok
20:01:44.0739 4240  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:01:44.0755 4240  PeerDistSvc - ok
20:01:44.0833 4240  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
20:01:44.0880 4240  pla - ok
20:01:44.0942 4240  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:01:44.0942 4240  PlugPlay - ok
20:01:44.0973 4240  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:01:44.0973 4240  PNRPAutoReg - ok
20:01:44.0989 4240  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:01:45.0004 4240  PNRPsvc - ok
20:01:45.0068 4240  [ 083075543F8E696600CE4761087D3FA9 ] Point32         C:\Windows\system32\DRIVERS\point32.sys
20:01:45.0068 4240  Point32 - ok
20:01:45.0115 4240  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:01:45.0115 4240  PolicyAgent - ok
20:01:45.0161 4240  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
20:01:45.0161 4240  Power - ok
20:01:45.0239 4240  [ 6F51482ADCED13CEBFE0F1054F2116F2 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
20:01:45.0239 4240  Power Manager DBC Service - ok
20:01:45.0271 4240  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:01:45.0286 4240  PptpMiniport - ok
20:01:45.0302 4240  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:01:45.0302 4240  Processor - ok
20:01:45.0349 4240  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
20:01:45.0364 4240  ProfSvc - ok
20:01:45.0364 4240  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:01:45.0364 4240  ProtectedStorage - ok
20:01:45.0411 4240  [ C0446279CF577EFF7EF2A6E0714DA503 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
20:01:45.0411 4240  psadd - ok
20:01:45.0458 4240  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:01:45.0458 4240  Psched - ok
20:01:45.0489 4240  [ AF8B60D65F8B39C4FAC6BE8641923F37 ] PwmEWSvc        C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
20:01:45.0489 4240  PwmEWSvc - ok
20:01:45.0567 4240  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:01:45.0598 4240  ql2300 - ok
20:01:45.0629 4240  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:01:45.0629 4240  ql40xx - ok
20:01:45.0661 4240  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
20:01:45.0676 4240  QWAVE - ok
20:01:45.0692 4240  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:01:45.0692 4240  QWAVEdrv - ok
20:01:45.0707 4240  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:01:45.0707 4240  RasAcd - ok
20:01:45.0739 4240  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:01:45.0739 4240  RasAgileVpn - ok
20:01:45.0754 4240  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
20:01:45.0754 4240  RasAuto - ok
20:01:45.0785 4240  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:01:45.0785 4240  Rasl2tp - ok
20:01:45.0832 4240  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
20:01:45.0832 4240  RasMan - ok
20:01:45.0848 4240  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:01:45.0848 4240  RasPppoe - ok
20:01:45.0863 4240  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:01:45.0863 4240  RasSstp - ok
20:01:45.0910 4240  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:01:45.0910 4240  rdbss - ok
20:01:45.0941 4240  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:01:45.0941 4240  rdpbus - ok
20:01:45.0973 4240  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:01:45.0973 4240  RDPCDD - ok
20:01:46.0019 4240  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:01:46.0019 4240  RDPDR - ok
20:01:46.0035 4240  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:01:46.0035 4240  RDPENCDD - ok
20:01:46.0051 4240  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:01:46.0051 4240  RDPREFMP - ok
20:01:46.0129 4240  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:01:46.0129 4240  RdpVideoMiniport - ok
20:01:46.0160 4240  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:01:46.0175 4240  RDPWD - ok
20:01:46.0207 4240  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:01:46.0207 4240  rdyboost - ok
20:01:46.0347 4240  [ 640B77265CE0225ECE46512813F293EA ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:01:46.0347 4240  RegSrvc - ok
20:01:46.0378 4240  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:01:46.0378 4240  RemoteAccess - ok
20:01:46.0425 4240  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:01:46.0425 4240  RemoteRegistry - ok
20:01:46.0456 4240  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
20:01:46.0472 4240  RFCOMM - ok
20:01:46.0503 4240  [ D65AC8797F0286ED269500747D6290A4 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
20:01:46.0519 4240  rimmptsk - ok
20:01:46.0550 4240  [ 49EC82B44EB93374ED9988DA7E0E0151 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
20:01:46.0550 4240  rimsptsk - ok
20:01:46.0565 4240  [ 3F400C3CCD0818858602DDB37B5DE719 ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
20:01:46.0581 4240  rismxdp - ok
20:01:46.0628 4240  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:01:46.0628 4240  RpcEptMapper - ok
20:01:46.0659 4240  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
20:01:46.0659 4240  RpcLocator - ok
20:01:46.0675 4240  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
20:01:46.0690 4240  RpcSs - ok
20:01:46.0721 4240  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:01:46.0721 4240  rspndr - ok
20:01:46.0784 4240  [ 442F90838EA6D95080C557A16363A71B ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
20:01:46.0784 4240  RTL8167 - ok
20:01:46.0862 4240  [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
20:01:46.0862 4240  s0016bus - ok
20:01:46.0909 4240  [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
20:01:46.0909 4240  s0016mdfl - ok
20:01:46.0940 4240  [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
20:01:46.0955 4240  s0016mdm - ok
20:01:46.0987 4240  [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
20:01:46.0987 4240  s0016mgmt - ok
20:01:47.0018 4240  [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
20:01:47.0018 4240  s0016nd5 - ok
20:01:47.0065 4240  [ 36792935847143E4A3CDA0DC87248487 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
20:01:47.0080 4240  s0016obex - ok
20:01:47.0111 4240  [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
20:01:47.0111 4240  s0016unic - ok
20:01:47.0158 4240  [ 594FF5620661D1386475406E78CB6F2F ] s0017bus        C:\Windows\system32\DRIVERS\s0017bus.sys
20:01:47.0158 4240  s0017bus - ok
20:01:47.0205 4240  [ 7258F550419D543BC5C8E80C578A5D54 ] s0017mdfl       C:\Windows\system32\DRIVERS\s0017mdfl.sys
20:01:47.0205 4240  s0017mdfl - ok
20:01:47.0236 4240  [ 1DE4F6607FEB17A15DBD4F1B139E6D2F ] s0017mdm        C:\Windows\system32\DRIVERS\s0017mdm.sys
20:01:47.0236 4240  s0017mdm - ok
20:01:47.0252 4240  [ 9814E6BACC06D2526CD52981C7EEEDF0 ] s0017mgmt       C:\Windows\system32\DRIVERS\s0017mgmt.sys
20:01:47.0267 4240  s0017mgmt - ok
20:01:47.0314 4240  [ 2C62CD58225973F26682CD4F783DDEDE ] s0017nd5        C:\Windows\system32\DRIVERS\s0017nd5.sys
20:01:47.0314 4240  s0017nd5 - ok
20:01:47.0330 4240  [ F87C3422E84B2FB1B43E0A26247AD5A5 ] s0017obex       C:\Windows\system32\DRIVERS\s0017obex.sys
20:01:47.0330 4240  s0017obex - ok
20:01:47.0345 4240  [ DF5E7360A0AFA5956BF75DA683D0679F ] s0017unic       C:\Windows\system32\DRIVERS\s0017unic.sys
20:01:47.0345 4240  s0017unic - ok
20:01:47.0392 4240  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:01:47.0392 4240  s3cap - ok
20:01:47.0408 4240  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
20:01:47.0408 4240  SamSs - ok
20:01:47.0455 4240  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:01:47.0455 4240  sbp2port - ok
20:01:47.0486 4240  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:01:47.0486 4240  SCardSvr - ok
20:01:47.0517 4240  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:01:47.0517 4240  scfilter - ok
20:01:47.0564 4240  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
20:01:47.0579 4240  Schedule - ok
20:01:47.0611 4240  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:01:47.0611 4240  SCPolicySvc - ok
20:01:47.0657 4240  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
20:01:47.0657 4240  sdbus - ok
20:01:47.0689 4240  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:01:47.0689 4240  SDRSVC - ok
20:01:47.0735 4240  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:01:47.0735 4240  secdrv - ok
20:01:47.0751 4240  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
20:01:47.0767 4240  seclogon - ok
20:01:47.0782 4240  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
20:01:47.0782 4240  SENS - ok
20:01:47.0813 4240  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:01:47.0829 4240  SensrSvc - ok
20:01:47.0860 4240  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:01:47.0860 4240  Serenum - ok
20:01:47.0891 4240  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:01:47.0891 4240  Serial - ok
20:01:47.0938 4240  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:01:47.0938 4240  sermouse - ok
20:01:48.0047 4240  [ 289E853881E688286AD24299FCC485D8 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:01:48.0063 4240  ServiceLayer - ok
20:01:48.0110 4240  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:01:48.0125 4240  SessionEnv - ok
20:01:48.0141 4240  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
20:01:48.0157 4240  sffdisk - ok
20:01:48.0172 4240  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:01:48.0172 4240  sffp_mmc - ok
20:01:48.0188 4240  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
20:01:48.0188 4240  sffp_sd - ok
20:01:48.0203 4240  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:01:48.0219 4240  sfloppy - ok
20:01:48.0250 4240  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:01:48.0250 4240  SharedAccess - ok
20:01:48.0281 4240  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:01:48.0281 4240  ShellHWDetection - ok
20:01:48.0328 4240  [ 1624530D05155F4E5A4736531523BFF5 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx86.sys
20:01:48.0328 4240  Shockprf - ok
20:01:48.0375 4240  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:01:48.0375 4240  sisagp - ok
20:01:48.0406 4240  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:01:48.0406 4240  SiSRaid2 - ok
20:01:48.0437 4240  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:01:48.0437 4240  SiSRaid4 - ok
20:01:48.0453 4240  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:01:48.0453 4240  Smb - ok
20:01:48.0500 4240  [ 0B9C01236D25BDCB37AA79DC59DFB7D3 ] smihlp          C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
20:01:48.0500 4240  smihlp - ok
20:01:48.0547 4240  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:01:48.0562 4240  SNMPTRAP - ok
20:01:48.0625 4240  [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
20:01:48.0625 4240  Sony Ericsson PCCompanion - ok
20:01:48.0656 4240  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:01:48.0656 4240  spldr - ok
20:01:48.0703 4240  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
20:01:48.0703 4240  Spooler - ok
20:01:48.0812 4240  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
20:01:48.0905 4240  sppsvc - ok
20:01:48.0952 4240  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:01:48.0952 4240  sppuinotify - ok
20:01:48.0983 4240  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:01:48.0983 4240  srv - ok
20:01:49.0030 4240  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:01:49.0030 4240  srv2 - ok
20:01:49.0061 4240  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:01:49.0077 4240  SrvHsfHDA - ok
20:01:49.0108 4240  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:01:49.0139 4240  SrvHsfV92 - ok
20:01:49.0171 4240  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
20:01:49.0171 4240  SrvHsfWinac - ok
20:01:49.0202 4240  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:01:49.0202 4240  srvnet - ok
20:01:49.0233 4240  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:01:49.0233 4240  SSDPSRV - ok
20:01:49.0249 4240  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:01:49.0264 4240  SstpSvc - ok
20:01:49.0280 4240  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:01:49.0295 4240  stexstor - ok
20:01:49.0327 4240  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
20:01:49.0342 4240  StiSvc - ok
20:01:49.0373 4240  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:01:49.0389 4240  storflt - ok
20:01:49.0405 4240  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
20:01:49.0405 4240  StorSvc - ok
20:01:49.0436 4240  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:01:49.0436 4240  storvsc - ok
20:01:49.0483 4240  [ 6EA2F517373771CAC5188E82617C9C0B ] SUService       C:\Program Files\Lenovo\System Update\SUService.exe
20:01:49.0483 4240  SUService - ok
20:01:49.0529 4240  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:01:49.0529 4240  swenum - ok
20:01:49.0561 4240  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
20:01:49.0576 4240  swprv - ok
20:01:49.0639 4240  [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:01:49.0639 4240  SynTP - ok
20:01:49.0701 4240  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
20:01:49.0748 4240  SysMain - ok
20:01:49.0779 4240  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:01:49.0795 4240  TabletInputService - ok
20:01:49.0841 4240  [ 8CF6E2AE1707D82E904ECCA68CEF8B87 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
20:01:49.0841 4240  tap0901 - ok
20:01:49.0888 4240  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:01:49.0888 4240  TapiSrv - ok
20:01:49.0919 4240  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
20:01:49.0935 4240  TBS - ok
20:01:49.0997 4240  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:01:50.0044 4240  Tcpip - ok
20:01:50.0075 4240  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:01:50.0075 4240  TCPIP6 - ok
20:01:50.0122 4240  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:01:50.0122 4240  tcpipreg - ok
20:01:50.0169 4240  [ 56F3F2EA80865A888192F556DDA98155 ] TcUsb           C:\Windows\system32\Drivers\tcusb.sys
20:01:50.0169 4240  TcUsb - ok
20:01:50.0216 4240  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:01:50.0216 4240  TDPIPE - ok
20:01:50.0247 4240  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:01:50.0247 4240  TDTCP - ok
20:01:50.0294 4240  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:01:50.0294 4240  tdx - ok
20:01:50.0325 4240  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:01:50.0325 4240  TermDD - ok
20:01:50.0372 4240  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
20:01:50.0387 4240  TermService - ok
20:01:50.0403 4240  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
20:01:50.0419 4240  Themes - ok
20:01:50.0481 4240  [ 6EF4145EC552A95E01BE4EA31A9AC21F ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
20:01:50.0512 4240  ThinkVantage Registry Monitor Service - ok
20:01:50.0528 4240  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
20:01:50.0528 4240  THREADORDER - ok
20:01:50.0543 4240  [ D2378FBBD668D9FE9B6B5E3139D506D3 ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM86.sys
20:01:50.0543 4240  TPDIGIMN - ok
20:01:50.0559 4240  [ A34A1E6B5461273846D30F5898602A72 ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG.exe
20:01:50.0559 4240  TPHDEXLGSVC - ok
20:01:50.0637 4240  [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
20:01:50.0637 4240  TPHKSVC - ok
20:01:50.0653 4240  [ C16EC6A5390904D3971179553852025B ] TPPWRIF         C:\Windows\system32\drivers\Tppwr32v.sys
20:01:50.0653 4240  TPPWRIF - ok
20:01:50.0684 4240  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
20:01:50.0684 4240  TrkWks - ok
20:01:50.0746 4240  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:01:50.0762 4240  TrustedInstaller - ok
20:01:50.0855 4240  [ 57138BEEDEA832293291036DDF611569 ] TSSCoreService  C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
20:01:50.0887 4240  TSSCoreService - ok
20:01:50.0918 4240  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:01:50.0918 4240  tssecsrv - ok
20:01:50.0965 4240  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:01:50.0965 4240  TsUsbFlt - ok
20:01:51.0011 4240  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:01:51.0011 4240  tunnel - ok
20:01:51.0105 4240  [ 4581A61AD590BC3CCDF2759D0BDD69FC ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
20:01:51.0152 4240  TVT Backup Service - ok
20:01:51.0183 4240  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:01:51.0183 4240  uagp35 - ok
20:01:51.0214 4240  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:01:51.0214 4240  udfs - ok
20:01:51.0261 4240  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:01:51.0261 4240  UI0Detect - ok
20:01:51.0292 4240  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:01:51.0292 4240  uliagpkx - ok
20:01:51.0355 4240  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:01:51.0355 4240  umbus - ok
20:01:51.0386 4240  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:01:51.0386 4240  UmPass - ok
20:01:51.0433 4240  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
20:01:51.0433 4240  UmRdpService - ok
20:01:51.0464 4240  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
20:01:51.0464 4240  upnphost - ok
20:01:51.0511 4240  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
20:01:51.0511 4240  USBAAPL - ok
20:01:51.0542 4240  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:01:51.0542 4240  usbccgp - ok
20:01:51.0589 4240  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:01:51.0589 4240  usbcir - ok
20:01:51.0635 4240  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:01:51.0651 4240  usbehci - ok
20:01:51.0667 4240  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:01:51.0667 4240  usbhub - ok
20:01:51.0698 4240  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:01:51.0698 4240  usbohci - ok
20:01:51.0729 4240  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:01:51.0729 4240  usbprint - ok
20:01:51.0776 4240  [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser          C:\Windows\system32\drivers\usbser.sys
20:01:51.0791 4240  usbser - ok
20:01:51.0807 4240  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:01:51.0807 4240  USBSTOR - ok
20:01:51.0854 4240  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:01:51.0854 4240  usbuhci - ok
20:01:51.0916 4240  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:01:51.0916 4240  usbvideo - ok
20:01:51.0947 4240  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
20:01:51.0947 4240  UxSms - ok
20:01:51.0963 4240  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
20:01:51.0979 4240  VaultSvc - ok
20:01:51.0994 4240  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:01:51.0994 4240  vdrvroot - ok
20:01:52.0041 4240  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
20:01:52.0057 4240  vds - ok
20:01:52.0088 4240  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:01:52.0088 4240  vga - ok
20:01:52.0103 4240  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:01:52.0103 4240  VgaSave - ok
20:01:52.0150 4240  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:01:52.0166 4240  vhdmp - ok
20:01:52.0181 4240  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:01:52.0181 4240  viaagp - ok
20:01:52.0197 4240  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
20:01:52.0197 4240  ViaC7 - ok
20:01:52.0244 4240  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
20:01:52.0244 4240  viaide - ok
20:01:52.0275 4240  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:01:52.0275 4240  vmbus - ok
20:01:52.0291 4240  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:01:52.0291 4240  VMBusHID - ok
20:01:52.0306 4240  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:01:52.0322 4240  volmgr - ok
20:01:52.0337 4240  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:01:52.0337 4240  volmgrx - ok
20:01:52.0369 4240  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:01:52.0369 4240  volsnap - ok
20:01:52.0400 4240  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:01:52.0400 4240  vsmraid - ok
20:01:52.0447 4240  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
20:01:52.0493 4240  VSS - ok
20:01:52.0509 4240  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:01:52.0509 4240  vwifibus - ok
20:01:52.0525 4240  [ 7090D3436EEB4E7DA3373090A23448F7 ] VWiFiFlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:01:52.0540 4240  VWiFiFlt - ok
20:01:52.0556 4240  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:01:52.0556 4240  vwifimp - ok
20:01:52.0603 4240  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
20:01:52.0603 4240  W32Time - ok
20:01:52.0634 4240  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:01:52.0634 4240  WacomPen - ok
20:01:52.0681 4240  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:01:52.0681 4240  WANARP - ok
20:01:52.0681 4240  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:01:52.0681 4240  Wanarpv6 - ok
20:01:52.0759 4240  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
20:01:52.0805 4240  wbengine - ok
20:01:52.0837 4240  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:01:52.0837 4240  WbioSrvc - ok
20:01:52.0883 4240  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:01:52.0883 4240  wcncsvc - ok
20:01:52.0899 4240  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:01:52.0899 4240  WcsPlugInService - ok
20:01:52.0930 4240  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:01:52.0930 4240  Wd - ok
20:01:52.0977 4240  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:01:52.0993 4240  Wdf01000 - ok
20:01:53.0008 4240  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:01:53.0008 4240  WdiServiceHost - ok
20:01:53.0008 4240  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:01:53.0024 4240  WdiSystemHost - ok
20:01:53.0055 4240  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
20:01:53.0055 4240  WebClient - ok
20:01:53.0086 4240  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:01:53.0086 4240  Wecsvc - ok
20:01:53.0117 4240  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:01:53.0117 4240  wercplsupport - ok
20:01:53.0164 4240  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:01:53.0164 4240  WerSvc - ok
20:01:53.0195 4240  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:01:53.0195 4240  WfpLwf - ok
20:01:53.0227 4240  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:01:53.0227 4240  WIMMount - ok
20:01:53.0273 4240  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:01:53.0289 4240  WinDefend - ok
20:01:53.0305 4240  WinHttpAutoProxySvc - ok
20:01:53.0367 4240  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:01:53.0383 4240  Winmgmt - ok
20:01:53.0429 4240  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
20:01:53.0476 4240  WinRM - ok
20:01:53.0539 4240  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
20:01:53.0539 4240  WinUsb - ok
20:01:53.0585 4240  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:01:53.0601 4240  Wlansvc - ok
20:01:53.0710 4240  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:01:53.0757 4240  wlidsvc - ok
20:01:53.0835 4240  WMCoreService - ok
20:01:53.0866 4240  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:01:53.0866 4240  WmiAcpi - ok
20:01:53.0897 4240  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:01:53.0897 4240  wmiApSrv - ok
20:01:53.0975 4240  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:01:54.0022 4240  WMPNetworkSvc - ok
20:01:54.0038 4240  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:01:54.0038 4240  WPCSvc - ok
20:01:54.0069 4240  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:01:54.0085 4240  WPDBusEnum - ok
20:01:54.0116 4240  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:01:54.0116 4240  ws2ifsl - ok
20:01:54.0131 4240  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
20:01:54.0131 4240  wscsvc - ok
20:01:54.0163 4240  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
20:01:54.0163 4240  WSDPrintDevice - ok
20:01:54.0225 4240  [ 7DC0270CFD4A05B4112E3EBBF083B595 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
20:01:54.0225 4240  WSDScan - ok
20:01:54.0225 4240  WSearch - ok
20:01:54.0303 4240  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
20:01:54.0350 4240  wuauserv - ok
20:01:54.0397 4240  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:01:54.0397 4240  WudfPf - ok
20:01:54.0412 4240  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:01:54.0412 4240  WUDFRd - ok
20:01:54.0443 4240  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:01:54.0443 4240  wudfsvc - ok
20:01:54.0475 4240  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:01:54.0475 4240  WwanSvc - ok
20:01:54.0521 4240  [ 9A11DECE3BE7DB6443272395F97497D5 ] WwanUsbServ     C:\Windows\system32\DRIVERS\WwanUsbMp.sys
20:01:54.0521 4240  WwanUsbServ - ok
20:01:54.0646 4240  ================ Scan global ===============================
20:01:54.0693 4240  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:01:54.0740 4240  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:01:54.0755 4240  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:01:54.0787 4240  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:01:54.0818 4240  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:01:54.0818 4240  [Global] - ok
20:01:54.0833 4240  ================ Scan MBR ==================================
20:01:54.0849 4240  [ EE8A217915EB08AE1C3A5DD48A8FCA82 ] \Device\Harddisk0\DR0
20:01:55.0083 4240  \Device\Harddisk0\DR0 - ok
20:01:55.0083 4240  ================ Scan VBR ==================================
20:01:55.0099 4240  [ 44A677013A49D02061235D998949F6F9 ] \Device\Harddisk0\DR0\Partition1
20:01:55.0099 4240  \Device\Harddisk0\DR0\Partition1 - ok
20:01:55.0130 4240  [ 058F1726B6CC8479D489A117219374CF ] \Device\Harddisk0\DR0\Partition2
20:01:55.0130 4240  \Device\Harddisk0\DR0\Partition2 - ok
20:01:55.0130 4240  ============================================================
20:01:55.0130 4240  Scan finished
20:01:55.0130 4240  ============================================================
20:01:55.0145 4272  Detected object count: 0
20:01:55.0145 4272  Actual detected object count: 0
20:01:58.0047 2708  Deinitialize success
         

Alt 05.05.2013, 10:41   #5
daalbock
 
Trojaner MitB PC 2 - Standard

Trojaner MitB PC 2



Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.05.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
***** :: *****-PC [Administrator]

Schutz: Aktiviert

05.05.2013 09:52:18
MBAM-log-2013-05-05 (11-33-37)_PC2.txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 455351
Laufzeit: 1 Stunde(n), 19 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\ProgramData\MPK (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\CPDA (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\CPDM (Refog.Keylogger) -> Keine Aktion durchgeführt.

Infizierte Dateien: 2
C:\ProgramData\MPK\key.bin (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\S0000 (Refog.Keylogger) -> Keine Aktion durchgeführt.

(Ende)
         
hier gibt's 5 Funde... :-/

ESET Online Scanner

keine Ergebnisse


Alt 06.05.2013, 07:12   #6
Psychotic
/// Malwareteam
 
Trojaner MitB PC 2 - Standard

Trojaner MitB PC 2



hierbei handelt es sich um ein legitimes Programm...

Info



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
--> Trojaner MitB PC 2

Alt 08.05.2013, 11:56   #7
Psychotic
/// Malwareteam
 
Trojaner MitB PC 2 - Standard

Trojaner MitB PC 2



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 13.05.2013, 05:35   #8
Psychotic
/// Malwareteam
 
Trojaner MitB PC 2 - Standard

Trojaner MitB PC 2



Was ist mit diesem Rechner?
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 13.05.2013, 18:02   #9
daalbock
 
Trojaner MitB PC 2 - Standard

Trojaner MitB PC 2



So jetzt geht's hier weiter...AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 13/05/2013 um 19:00:17 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [1612 octets] - [29/04/2013 21:11:53]
AdwCleaner[R2].txt - [628 octets] - [13/05/2013 19:00:17]
AdwCleaner[S1].txt - [1674 octets] - [29/04/2013 21:12:32]

########## EOF - C:\AdwCleaner[R2].txt - [747 octets] ##########
         
--- --- ---


AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 13/05/2013 um 19:02:40 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [1612 octets] - [29/04/2013 21:11:53]
AdwCleaner[R2].txt - [815 octets] - [13/05/2013 19:00:17]
AdwCleaner[S1].txt - [1674 octets] - [29/04/2013 21:12:32]
AdwCleaner[S2].txt - [336 octets] - [13/05/2013 19:01:09]
AdwCleaner[S3].txt - [336 octets] - [13/05/2013 19:01:34]
AdwCleaner[S4].txt - [867 octets] - [13/05/2013 19:02:40]

########## EOF - C:\AdwCleaner[S4].txt - [926 octets] ##########
         
--- --- ---

Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Java 7 Update 21
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Alt 14.05.2013, 05:53   #10
Psychotic
/// Malwareteam
 
Trojaner MitB PC 2 - Standard

Trojaner MitB PC 2



Adobe Reader update


Dein Adobe Reader ist veraltet. Da einige Schädlinge die Schwachstellen in veralteten Versionen nutzen, werden wir sie aktualisieren.

  • Lade dir den aktuellen Adobe Reader von hier herunter. Wichtig: Entferne den Haken für optionale Software (z.B. Google Chrome), der auf der Seite angezeigt wird, bevor du auf "Jetzt herunterladen" klickst.
  • Starte die Installation und folge den Anweisungen auf dem Bildschirm.
  • Drücke die Windows- und die R-Taste, gib im folgenden Fenster appwiz.cpl ein und klicke auf OK.
  • Suche und entferne alle älteren Reader-Versionen.



Defogger re-enable

Starte bitte den Defogger und klicke den re-enable Button




Systemwiederherstellungspunkte löschen

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:Commands
[clearallrestorepoints]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.




OTL

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.




adwCleaner

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Hier noch ein paar Tipps zur Absicherung deines Systems.

Aktualität

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.
Antviren-Software
  • Gehe sicher immer eine Antiviren-Software installiert zu haben und dass diese auch up to date ist. Auch der beste Virenscanner ist sinnlos, wenn er nicht aktuell ist!
    Eine Auswahl kostenloser Antivirenprogramme:
Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.
Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner, um diesen zu AdBlockPlus hinzuzufügen, reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.
Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Sei mißtrauisch in sozialen Netzwerken (z.B. MeinVZ, Facebook, etc) - auch, wenn Nachrichten/Einträge scheinbar von einem deiner Freunde stammen, bedeutet das noch lange nicht, dass sie unschädlich sind (Malware kann seinen Rechner verseucht haben).
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 15.05.2013, 18:54   #11
daalbock
 
Trojaner MitB PC 2 - Standard

Trojaner MitB PC 2



So, auch das wäre erledigt. Abschließend vielen Dank!

Wo geht's hier zur Kaffeekasse? ;-)

Antwort

Themen zu Trojaner MitB PC 2
adobe, antivirus, bho, bonjour, defender, dnsapi.dll, ebanking, error, explorer, firefox, flash player, format, helper, internet security 2013, kaspersky, kaspersky internet security 2013, logfile, monitor, object, programme, registry, scan, security, software, svchost.exe, tastatur, trojaner, udp, windows



Ähnliche Themen: Trojaner MitB PC 2


  1. Hinweis der Sparkasse wegen MITB-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.06.2014 (13)
  2. Hinweis der Sparkasse wegen MITB-Trojaner
    Lob, Kritik und Wünsche - 23.06.2014 (0)
  3. Konten gesperrt - MITB Trojaner - mehrere Computer
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (8)
  4. Trojaner mitb entfernen - Sparkassen Info
    Plagegeister aller Art und deren Bekämpfung - 16.06.2014 (3)
  5. Trojaner "mitb" laut Sparkasse auf meinem Rechner
    Plagegeister aller Art und deren Bekämpfung - 08.06.2014 (15)
  6. Windows 7: mitb Trojaner - Onlinebanking wurde von Bank gesperrt
    Log-Analyse und Auswertung - 04.06.2014 (1)
  7. MITB Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.05.2014 (13)
  8. MITB - online Banking gesperrt - 1&1 meldet Zeus per Mail
    Plagegeister aller Art und deren Bekämpfung - 05.06.2013 (29)
  9. Online Banking gesperrt. PC mit mitb kompromittiert?
    Log-Analyse und Auswertung - 20.05.2013 (11)
  10. Trojaner MitB PC1
    Log-Analyse und Auswertung - 14.05.2013 (10)
  11. Trojaner MitB PC3
    Log-Analyse und Auswertung - 14.05.2013 (21)
  12. MITB Trojaner Online Banking gesperrt Avira Free Version findet nichts
    Plagegeister aller Art und deren Bekämpfung - 08.05.2013 (13)
  13. Trojaner MitB
    Log-Analyse und Auswertung - 05.05.2013 (11)
  14. Trojaner MitB
    Mülltonne - 03.05.2013 (1)
  15. Wegen "MitB" internetbanking von Sparkasse gesperrt.
    Log-Analyse und Auswertung - 04.02.2013 (9)

Zum Thema Trojaner MitB PC 2 - Und hier der Log des zweiten PCs OTL logfile created on: 02.05.2013 19:22:18 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop Professional Service Pack 1 (Version - Trojaner MitB PC 2...
Archiv
Du betrachtest: Trojaner MitB PC 2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.