| |
| |||||||
Log-Analyse und Auswertung: Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.07.2011, 13:34
| #1 |
 |  Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bit Guten Tag, normalerweise würde ich in einem Fall wie diesem den PC Formatieren und neu Aufspielen, jedoch ist die Lage diesmal etwas anders. Informationen vorab: Der Virenscanner (Antivir Free) meldet natürlich nichts. Als Browser wurde ein aktueller Firefox mit Adblock und NoScript verwendet, momentan schreibe ich von meinem Linux System  Wie kam es zu dem Verdacht: Da ich eine Ausbildung im IT bereich gemacht habe und bereits Kenntnisse mit Viren und anderen Bedrohungen habe, verwende ich auch auf meinen PC Systemen Programme welche mehr Funktionalität bieten als der normale Taskmanager. Im Process Hacker (einem security task manager) werden außer den Prozessen auch weitere informationen angezeigt, unter anderem auch die offenen Netzwerkverbindungen... Normalerweise wird angegeben zu welchem Programm eine Verbindung gehört, bei 2 Einträgen sah ich allerdings nur "Unknown process - *IP Adresse* - Port 80 - Last ACK". Nachdem ich in Firefox ein Whois zu der ersten Adresse gestartet hatte und zurück im Process Hacker war verschwand der Eintrag unerwartet (geschlossene Verbindungen werden normalerweise rot gekennzeichnet und verschwinden dann erst, diese verschwanden einfach). Nachdem ich den whois zur zweiten Verbindung gestartet hatte war auch dieser während ich den Process Hacker offen hatter nach kurzer zeit einfach weg... Die whois Einträge haben mich zu 2 verschiedenen deutschen Werbeagenturen geführt (normale Unternehmenswebseiten), wodurch ich realisiert habe, dass ich Teil einer DDoS Attacke sein könnte. ------------------------------------------- Kurz darauf habe ich die Internetverbindung getrennt und mit meinem Linux System die Mail Passwörter zurückgesetzt, welche ich vorher im PC eingegeben hatte (noch bevor mir die Verbindungen aufgefallen waren). Jetzt gerade schreibe ich hier.. und scanne weiter den PC Hijackthis Logs habe ich 2 (einmal vor der Reinigung von seltsamen Einträgen und einmal danach) diese werde ich später posten. Wenn jemand eine Idee zu diesem Fall hat: Hilfe ist sehr willkommen. MfG Close1
__________________ Freundliche Grüße Close1 -- [leichenwagen@twitter] Erst wenn der letzte Programmierer eingesperrt und die letzte Idee patentiert ist, werdet ihr merken, daß Anwälte nicht programmieren können. Geändert von close1 (15.07.2011 um 13:39 Uhr) Grund: Rechtschreibung |
|
15.07.2011, 14:37
| #2 |
| | Hijackthis, OTL, Defogger zum bestehenden Thread Hier die Logs zum Thread (http://www.trojaner-board.de/101352-...tml#post683072)
__________________Bitte nicht in diesem Thread posten, ich hänge die Logs hier an da ich den Thread nicht mehr editieren kann und nicht pushen möchte.
__________________ |
|
15.07.2011, 15:22
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bit Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
15.07.2011, 15:23
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bit Wozu ein neuer Thread dafür?   Ich werd die gleich mal zusammenlegen...
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.07.2011, 21:36
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bit So, hab die Threads nun zusammengelegt. Mach bitte den Vollscan mit Malwarebytes und den CustomScan mit OTL.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.07.2011, 05:51
| #6 | |
| | Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bitZitat:
Hier nun die Logs von Malwarebytes (Vollscan) und custom OTL. Dazu kommt noch ein Screenshot von einer auffälligen Anwendung im Process Hacker: Das linke Fenster im Vordergrund zeigt die Informationen vom Process Hacker an und das rechte Fenster die Dateiinformationen von Windows, erscheint mir zumindest sehr merkwürdig. Hoffentlich helfen die Informationen.
__________________ --> Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bit |
|
16.07.2011, 16:02
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bit Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.07.22 01:12:03 | 000,045,056 | R--- | M] () - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005.12.15 04:52:59 | 000,000,152 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{33f3fd24-efd6-11df-a608-00261841d65e}\Shell - "" = AutoRun
O33 - MountPoints2\{33f3fd24-efd6-11df-a608-00261841d65e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{33f3fd48-efd6-11df-a608-00261841d65e}\Shell - "" = AutoRun
O33 - MountPoints2\{33f3fd48-efd6-11df-a608-00261841d65e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{613ac4fd-ea79-11df-9fc9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{613ac4fd-ea79-11df-9fc9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2003.07.22 01:12:03 | 000,045,056 | R--- | M] ()
O33 - MountPoints2\{93f8b931-f561-11df-a43c-00261841d65e}\Shell - "" = AutoRun
O33 - MountPoints2\{93f8b931-f561-11df-a43c-00261841d65e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{93f8b93d-f561-11df-a43c-00261841d65e}\Shell - "" = AutoRun
O33 - MountPoints2\{93f8b93d-f561-11df-a43c-00261841d65e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{9778af36-822b-11e0-bb0f-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{9778af36-822b-11e0-bb0f-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a9cec370-53d8-11e0-b420-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{a9cec370-53d8-11e0-b420-001e101fe5e1}\Shell\AutoRun\command - "" = G:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{d4dce76b-9e3c-11e0-b720-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{d4dce76b-9e3c-11e0-b720-001e101f79c9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fb8aed67-a49f-11e0-a7db-001e101f1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{fb8aed67-a49f-11e0-a7db-001e101f1f81}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fb8aed74-a49f-11e0-a7db-001e101f1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{fb8aed74-a49f-11e0-a7db-001e101f1f81}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.07.2011, 16:19
| #8 |
| | Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bit Hier der Log: Code:
ATTFilter ========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. F:\Autorun.exe scheduled to be moved on reboot.
File move failed. F:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33f3fd24-efd6-11df-a608-00261841d65e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33f3fd24-efd6-11df-a608-00261841d65e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33f3fd24-efd6-11df-a608-00261841d65e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33f3fd24-efd6-11df-a608-00261841d65e}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33f3fd48-efd6-11df-a608-00261841d65e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33f3fd48-efd6-11df-a608-00261841d65e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33f3fd48-efd6-11df-a608-00261841d65e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33f3fd48-efd6-11df-a608-00261841d65e}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{613ac4fd-ea79-11df-9fc9-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{613ac4fd-ea79-11df-9fc9-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{613ac4fd-ea79-11df-9fc9-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{613ac4fd-ea79-11df-9fc9-806e6f6e6963}\ not found.
File move failed. F:\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93f8b931-f561-11df-a43c-00261841d65e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93f8b931-f561-11df-a43c-00261841d65e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93f8b931-f561-11df-a43c-00261841d65e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93f8b931-f561-11df-a43c-00261841d65e}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93f8b93d-f561-11df-a43c-00261841d65e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93f8b93d-f561-11df-a43c-00261841d65e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93f8b93d-f561-11df-a43c-00261841d65e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93f8b93d-f561-11df-a43c-00261841d65e}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9778af36-822b-11e0-bb0f-001e101f50a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9778af36-822b-11e0-bb0f-001e101f50a4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9778af36-822b-11e0-bb0f-001e101f50a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9778af36-822b-11e0-bb0f-001e101f50a4}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9cec370-53d8-11e0-b420-001e101fe5e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9cec370-53d8-11e0-b420-001e101fe5e1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9cec370-53d8-11e0-b420-001e101fe5e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9cec370-53d8-11e0-b420-001e101fe5e1}\ not found.
File G:\NokiaPCIA_Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4dce76b-9e3c-11e0-b720-001e101f79c9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4dce76b-9e3c-11e0-b720-001e101f79c9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4dce76b-9e3c-11e0-b720-001e101f79c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4dce76b-9e3c-11e0-b720-001e101f79c9}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb8aed67-a49f-11e0-a7db-001e101f1f81}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb8aed67-a49f-11e0-a7db-001e101f1f81}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb8aed67-a49f-11e0-a7db-001e101f1f81}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb8aed67-a49f-11e0-a7db-001e101f1f81}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb8aed74-a49f-11e0-a7db-001e101f1f81}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb8aed74-a49f-11e0-a7db-001e101f1f81}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb8aed74-a49f-11e0-a7db-001e101f1f81}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb8aed74-a49f-11e0-a7db-001e101f1f81}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
ADS C:\ProgramData\TEMP:B606BA34 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.26.1 log created on 07162011_171335
Files\Folders moved on Reboot...
File move failed. F:\Autorun.exe scheduled to be moved on reboot.
File move failed. F:\Autorun.inf scheduled to be moved on reboot.
Registry entries deleted on Reboot...
__________________ Freundliche Grüße Close1 -- [leichenwagen@twitter] Erst wenn der letzte Programmierer eingesperrt und die letzte Idee patentiert ist, werdet ihr merken, daß Anwälte nicht programmieren können. Geändert von close1 (16.07.2011 um 16:31 Uhr) |
|
16.07.2011, 16:40
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bit Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.07.2011, 17:07
| #10 |
| | Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bit Habe zuerst skip gemacht, da ich den Log nicht anzeigen lassen konnte, danach aber gelöscht. Code:
ATTFilter 2011/07/16 17:55:49.0002 2116 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/16 17:55:49.0002 2116 ================================================================================
2011/07/16 17:55:49.0002 2116 SystemInfo:
2011/07/16 17:55:49.0002 2116
2011/07/16 17:55:49.0002 2116 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/16 17:55:49.0002 2116 Product type: Workstation
2011/07/16 17:55:49.0002 2116 ComputerName: GENESIS
2011/07/16 17:55:49.0002 2116 UserName: Samuel
2011/07/16 17:55:49.0002 2116 Windows directory: C:\Windows
2011/07/16 17:55:49.0002 2116 System windows directory: C:\Windows
2011/07/16 17:55:49.0002 2116 Running under WOW64
2011/07/16 17:55:49.0002 2116 Processor architecture: Intel x64
2011/07/16 17:55:49.0002 2116 Number of processors: 2
2011/07/16 17:55:49.0002 2116 Page size: 0x1000
2011/07/16 17:55:49.0002 2116 Boot type: Normal boot
2011/07/16 17:55:49.0002 2116 ================================================================================
2011/07/16 17:55:50.0484 2116 Initialize success
2011/07/16 17:55:52.0684 2888 ================================================================================
2011/07/16 17:55:52.0684 2888 Scan started
2011/07/16 17:55:52.0684 2888 Mode: Manual;
2011/07/16 17:55:52.0684 2888 ================================================================================
2011/07/16 17:55:53.0448 2888 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/07/16 17:55:53.0464 2888 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/07/16 17:55:53.0511 2888 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/07/16 17:55:53.0542 2888 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/16 17:55:53.0558 2888 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/16 17:55:53.0573 2888 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/16 17:55:53.0636 2888 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/07/16 17:55:53.0667 2888 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/07/16 17:55:53.0682 2888 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/07/16 17:55:53.0698 2888 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/07/16 17:55:53.0714 2888 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/16 17:55:53.0729 2888 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/16 17:55:53.0760 2888 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/07/16 17:55:53.0776 2888 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/16 17:55:53.0792 2888 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/07/16 17:55:53.0838 2888 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/07/16 17:55:53.0854 2888 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/16 17:55:53.0870 2888 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/16 17:55:53.0916 2888 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/16 17:55:53.0932 2888 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/07/16 17:55:53.0979 2888 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/16 17:55:53.0994 2888 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/16 17:55:54.0026 2888 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/16 17:55:54.0072 2888 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/16 17:55:54.0088 2888 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/16 17:55:54.0135 2888 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/16 17:55:54.0166 2888 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/16 17:55:54.0182 2888 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/16 17:55:54.0197 2888 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/16 17:55:54.0213 2888 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/16 17:55:54.0244 2888 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/16 17:55:54.0260 2888 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/16 17:55:54.0260 2888 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/16 17:55:54.0275 2888 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/16 17:55:54.0306 2888 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/16 17:55:54.0338 2888 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/16 17:55:54.0353 2888 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/16 17:55:54.0384 2888 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/16 17:55:54.0447 2888 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/16 17:55:54.0478 2888 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/07/16 17:55:54.0509 2888 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/07/16 17:55:54.0540 2888 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/16 17:55:54.0572 2888 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/16 17:55:54.0618 2888 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/16 17:55:54.0665 2888 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/07/16 17:55:54.0696 2888 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/16 17:55:54.0712 2888 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/16 17:55:54.0743 2888 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/16 17:55:54.0852 2888 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/16 17:55:54.0930 2888 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/16 17:55:55.0024 2888 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/16 17:55:55.0055 2888 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/07/16 17:55:55.0118 2888 ewusbnet (8adacffad67394c711698ea074ce3bab) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/07/16 17:55:55.0133 2888 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/16 17:55:55.0164 2888 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/16 17:55:55.0180 2888 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/16 17:55:55.0227 2888 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/16 17:55:55.0242 2888 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/16 17:55:55.0258 2888 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/16 17:55:55.0289 2888 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/07/16 17:55:55.0336 2888 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/16 17:55:55.0367 2888 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/16 17:55:55.0414 2888 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/16 17:55:55.0445 2888 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/16 17:55:55.0476 2888 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/16 17:55:55.0523 2888 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/07/16 17:55:55.0554 2888 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/16 17:55:55.0570 2888 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/16 17:55:55.0586 2888 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/16 17:55:55.0601 2888 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/16 17:55:55.0632 2888 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/16 17:55:55.0679 2888 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/16 17:55:55.0710 2888 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/07/16 17:55:55.0757 2888 hwdatacard (d969d0e26c5b1e813b17066a8318d5d4) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/07/16 17:55:55.0773 2888 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/16 17:55:55.0788 2888 hwusbdev (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys
2011/07/16 17:55:55.0804 2888 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/07/16 17:55:55.0851 2888 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/07/16 17:55:55.0882 2888 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/16 17:55:55.0944 2888 IntcAzAudAddService (56f859b7666ae843792a4231c8b6e6d6) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/16 17:55:55.0976 2888 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/07/16 17:55:56.0007 2888 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/16 17:55:56.0022 2888 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/16 17:55:56.0054 2888 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/16 17:55:56.0069 2888 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/16 17:55:56.0085 2888 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/16 17:55:56.0100 2888 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/07/16 17:55:56.0132 2888 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/07/16 17:55:56.0147 2888 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/16 17:55:56.0194 2888 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/16 17:55:56.0225 2888 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/16 17:55:56.0241 2888 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/16 17:55:56.0256 2888 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/16 17:55:56.0319 2888 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/16 17:55:56.0350 2888 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/16 17:55:56.0366 2888 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/16 17:55:56.0381 2888 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/16 17:55:56.0397 2888 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/16 17:55:56.0428 2888 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/16 17:55:56.0475 2888 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/16 17:55:56.0490 2888 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/16 17:55:56.0522 2888 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/16 17:55:56.0537 2888 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/16 17:55:56.0568 2888 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/16 17:55:56.0600 2888 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/16 17:55:56.0631 2888 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/07/16 17:55:56.0662 2888 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/07/16 17:55:56.0678 2888 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/16 17:55:56.0693 2888 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/07/16 17:55:56.0724 2888 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/16 17:55:56.0756 2888 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/16 17:55:56.0787 2888 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/16 17:55:56.0818 2888 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/07/16 17:55:56.0834 2888 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/07/16 17:55:56.0865 2888 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/16 17:55:56.0880 2888 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/16 17:55:56.0896 2888 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/07/16 17:55:56.0927 2888 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/16 17:55:56.0943 2888 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/16 17:55:56.0958 2888 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/16 17:55:56.0990 2888 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/07/16 17:55:57.0021 2888 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/07/16 17:55:57.0036 2888 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/16 17:55:57.0068 2888 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/16 17:55:57.0099 2888 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/07/16 17:55:57.0114 2888 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/16 17:55:57.0161 2888 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/16 17:55:57.0208 2888 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/07/16 17:55:57.0239 2888 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/16 17:55:57.0255 2888 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/16 17:55:57.0286 2888 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/16 17:55:57.0333 2888 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/16 17:55:57.0364 2888 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/07/16 17:55:57.0411 2888 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/16 17:55:57.0442 2888 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/16 17:55:57.0536 2888 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
2011/07/16 17:55:57.0567 2888 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/16 17:55:57.0582 2888 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/16 17:55:57.0645 2888 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/16 17:55:57.0692 2888 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/07/16 17:55:57.0754 2888 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/16 17:55:57.0785 2888 NVHDA (ed9380f201c8126425c09bed96dbe1e5) C:\Windows\system32\drivers\nvhda64v.sys
2011/07/16 17:55:58.0019 2888 nvlddmkm (ac8cbe9a0663e88f6429ee5530d5e32b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/16 17:55:58.0097 2888 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/07/16 17:55:58.0113 2888 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/07/16 17:55:58.0144 2888 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/07/16 17:55:58.0160 2888 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/07/16 17:55:58.0191 2888 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/16 17:55:58.0222 2888 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/07/16 17:55:58.0253 2888 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/07/16 17:55:58.0269 2888 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/16 17:55:58.0284 2888 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/16 17:55:58.0300 2888 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/16 17:55:58.0331 2888 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/16 17:55:58.0425 2888 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/16 17:55:58.0456 2888 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/16 17:55:58.0503 2888 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/16 17:55:58.0550 2888 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/16 17:55:58.0565 2888 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/16 17:55:58.0596 2888 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/16 17:55:58.0612 2888 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/16 17:55:58.0628 2888 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/16 17:55:58.0659 2888 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/16 17:55:58.0674 2888 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/16 17:55:58.0706 2888 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/16 17:55:58.0737 2888 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/16 17:55:58.0752 2888 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/16 17:55:58.0768 2888 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/16 17:55:58.0799 2888 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/16 17:55:58.0815 2888 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/16 17:55:58.0846 2888 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/07/16 17:55:58.0877 2888 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/07/16 17:55:58.0908 2888 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/16 17:55:58.0940 2888 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/16 17:55:58.0971 2888 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/16 17:55:59.0002 2888 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/16 17:55:59.0033 2888 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/16 17:55:59.0064 2888 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/16 17:55:59.0080 2888 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/16 17:55:59.0111 2888 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/07/16 17:55:59.0142 2888 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/16 17:55:59.0142 2888 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/16 17:55:59.0174 2888 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/16 17:55:59.0205 2888 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/16 17:55:59.0220 2888 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/16 17:55:59.0236 2888 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/16 17:55:59.0267 2888 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/16 17:55:59.0330 2888 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/07/16 17:55:59.0330 2888 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/07/16 17:55:59.0330 2888 sptd - detected LockedFile.Multi.Generic (1)
2011/07/16 17:55:59.0376 2888 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/07/16 17:55:59.0408 2888 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/16 17:55:59.0439 2888 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/16 17:55:59.0532 2888 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/16 17:55:59.0564 2888 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/07/16 17:55:59.0626 2888 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/07/16 17:55:59.0704 2888 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/16 17:55:59.0735 2888 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/16 17:55:59.0766 2888 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/16 17:55:59.0782 2888 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/16 17:55:59.0813 2888 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/16 17:55:59.0829 2888 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/07/16 17:55:59.0876 2888 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/16 17:55:59.0907 2888 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/16 17:55:59.0938 2888 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/16 17:55:59.0969 2888 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/16 17:56:00.0000 2888 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/16 17:56:00.0032 2888 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/16 17:56:00.0047 2888 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/07/16 17:56:00.0078 2888 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/16 17:56:00.0094 2888 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/16 17:56:00.0125 2888 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/07/16 17:56:00.0156 2888 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/16 17:56:00.0172 2888 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/16 17:56:00.0203 2888 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/16 17:56:00.0203 2888 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/16 17:56:00.0234 2888 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/16 17:56:00.0250 2888 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/16 17:56:00.0281 2888 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/16 17:56:00.0312 2888 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/16 17:56:00.0312 2888 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/16 17:56:00.0344 2888 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/07/16 17:56:00.0359 2888 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/07/16 17:56:00.0375 2888 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/07/16 17:56:00.0406 2888 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/07/16 17:56:00.0437 2888 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/07/16 17:56:00.0484 2888 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/16 17:56:00.0500 2888 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/16 17:56:00.0515 2888 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/16 17:56:00.0531 2888 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/16 17:56:00.0562 2888 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/16 17:56:00.0578 2888 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/16 17:56:00.0593 2888 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/16 17:56:00.0624 2888 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/16 17:56:00.0671 2888 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/16 17:56:00.0687 2888 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/16 17:56:00.0749 2888 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/16 17:56:00.0780 2888 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/16 17:56:00.0812 2888 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/16 17:56:00.0858 2888 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/07/16 17:56:00.0874 2888 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/16 17:56:00.0921 2888 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/07/16 17:56:01.0014 2888 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/16 17:56:01.0030 2888 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
2011/07/16 17:56:01.0046 2888 Boot (0x1200) (5298e6304403eb5e75911c2bf4154ec6) \Device\Harddisk0\DR0\Partition0
2011/07/16 17:56:01.0061 2888 Boot (0x1200) (2864136b0d9b51cfb6a2d9c5af3d2c95) \Device\Harddisk0\DR0\Partition1
2011/07/16 17:56:01.0077 2888 Boot (0x1200) (aaa6bb6c5eee587ded109627cfcb46bc) \Device\Harddisk0\DR0\Partition2
2011/07/16 17:56:01.0108 2888 Boot (0x1200) (c7ad9ba252fc9ea1a623a2512b9d0751) \Device\Harddisk0\DR0\Partition3
2011/07/16 17:56:01.0108 2888 Boot (0x1200) (d0fa23695f5e0f895323f12832082cb1) \Device\Harddisk1\DR1\Partition0
2011/07/16 17:56:01.0124 2888 ================================================================================
2011/07/16 17:56:01.0124 2888 Scan finished
2011/07/16 17:56:01.0124 2888 ================================================================================
2011/07/16 17:56:01.0124 2084 Detected object count: 1
2011/07/16 17:56:01.0124 2084 Actual detected object count: 1
2011/07/16 17:57:23.0960 2084 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/16 17:59:02.0911 1152 ================================================================================
2011/07/16 17:59:02.0911 1152 Scan started
2011/07/16 17:59:02.0911 1152 Mode: Manual;
2011/07/16 17:59:02.0911 1152 ================================================================================
2011/07/16 17:59:03.0613 1152 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/07/16 17:59:03.0644 1152 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/07/16 17:59:03.0675 1152 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/07/16 17:59:03.0706 1152 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/16 17:59:03.0738 1152 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/16 17:59:03.0753 1152 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/16 17:59:03.0784 1152 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/07/16 17:59:03.0816 1152 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/07/16 17:59:03.0831 1152 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/07/16 17:59:03.0847 1152 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/07/16 17:59:03.0862 1152 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/16 17:59:03.0878 1152 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/16 17:59:03.0909 1152 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/07/16 17:59:03.0925 1152 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/16 17:59:03.0940 1152 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/07/16 17:59:03.0972 1152 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/07/16 17:59:03.0987 1152 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/16 17:59:04.0003 1152 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/16 17:59:04.0034 1152 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/16 17:59:04.0050 1152 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/07/16 17:59:04.0065 1152 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/16 17:59:04.0096 1152 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/16 17:59:04.0128 1152 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/16 17:59:04.0143 1152 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/16 17:59:04.0159 1152 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/16 17:59:04.0190 1152 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/16 17:59:04.0206 1152 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/16 17:59:04.0221 1152 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/16 17:59:04.0237 1152 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/16 17:59:04.0268 1152 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/16 17:59:04.0284 1152 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/16 17:59:04.0299 1152 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/16 17:59:04.0315 1152 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/16 17:59:04.0330 1152 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/16 17:59:04.0362 1152 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/16 17:59:04.0377 1152 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/16 17:59:04.0393 1152 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/16 17:59:04.0408 1152 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/16 17:59:04.0440 1152 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/16 17:59:04.0455 1152 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/07/16 17:59:04.0486 1152 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/07/16 17:59:04.0502 1152 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/16 17:59:04.0518 1152 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/16 17:59:04.0580 1152 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/16 17:59:04.0627 1152 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/07/16 17:59:04.0658 1152 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/16 17:59:04.0674 1152 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/16 17:59:04.0705 1152 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/16 17:59:04.0783 1152 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/16 17:59:04.0861 1152 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/16 17:59:04.0908 1152 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/16 17:59:04.0939 1152 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/07/16 17:59:04.0970 1152 ewusbnet (8adacffad67394c711698ea074ce3bab) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/07/16 17:59:04.0986 1152 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/16 17:59:05.0001 1152 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/16 17:59:05.0032 1152 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/16 17:59:05.0048 1152 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/16 17:59:05.0064 1152 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/16 17:59:05.0095 1152 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/16 17:59:05.0110 1152 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/07/16 17:59:05.0126 1152 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/16 17:59:05.0157 1152 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/16 17:59:05.0188 1152 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/16 17:59:05.0204 1152 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/16 17:59:05.0220 1152 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/16 17:59:05.0251 1152 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/07/16 17:59:05.0282 1152 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/16 17:59:05.0298 1152 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/16 17:59:05.0313 1152 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/16 17:59:05.0329 1152 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/16 17:59:05.0360 1152 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/16 17:59:05.0391 1152 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/16 17:59:05.0422 1152 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/07/16 17:59:05.0454 1152 hwdatacard (d969d0e26c5b1e813b17066a8318d5d4) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/07/16 17:59:05.0469 1152 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/16 17:59:05.0485 1152 hwusbdev (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys
2011/07/16 17:59:05.0500 1152 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/07/16 17:59:05.0532 1152 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/07/16 17:59:05.0563 1152 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/16 17:59:05.0610 1152 IntcAzAudAddService (56f859b7666ae843792a4231c8b6e6d6) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/16 17:59:05.0625 1152 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/07/16 17:59:05.0656 1152 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/16 17:59:05.0672 1152 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/16 17:59:05.0703 1152 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/16 17:59:05.0719 1152 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/16 17:59:05.0734 1152 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/16 17:59:05.0766 1152 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/07/16 17:59:05.0781 1152 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/07/16 17:59:05.0797 1152 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/16 17:59:05.0812 1152 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/16 17:59:05.0859 1152 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/16 17:59:05.0875 1152 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/16 17:59:05.0890 1152 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/16 17:59:05.0922 1152 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/16 17:59:05.0953 1152 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/16 17:59:05.0953 1152 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/16 17:59:05.0984 1152 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/16 17:59:06.0000 1152 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/16 17:59:06.0015 1152 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/16 17:59:06.0046 1152 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/16 17:59:06.0078 1152 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/16 17:59:06.0093 1152 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/16 17:59:06.0109 1152 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/16 17:59:06.0140 1152 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/16 17:59:06.0140 1152 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/16 17:59:06.0171 1152 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/07/16 17:59:06.0202 1152 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/07/16 17:59:06.0218 1152 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/16 17:59:06.0234 1152 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/07/16 17:59:06.0265 1152 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/16 17:59:06.0296 1152 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/16 17:59:06.0312 1152 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/16 17:59:06.0343 1152 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/07/16 17:59:06.0358 1152 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/07/16 17:59:06.0374 1152 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/16 17:59:06.0405 1152 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/16 17:59:06.0421 1152 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/07/16 17:59:06.0436 1152 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/16 17:59:06.0452 1152 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/16 17:59:06.0452 1152 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/16 17:59:06.0499 1152 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/07/16 17:59:06.0530 1152 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/07/16 17:59:06.0546 1152 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/16 17:59:06.0608 1152 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/16 17:59:06.0655 1152 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/07/16 17:59:06.0670 1152 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/16 17:59:06.0702 1152 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/16 17:59:06.0733 1152 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/07/16 17:59:06.0748 1152 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/16 17:59:06.0764 1152 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/16 17:59:06.0795 1152 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/16 17:59:06.0826 1152 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/16 17:59:06.0858 1152 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/07/16 17:59:06.0889 1152 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/16 17:59:06.0920 1152 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/16 17:59:06.0967 1152 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
2011/07/16 17:59:06.0998 1152 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/16 17:59:07.0014 1152 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/16 17:59:07.0060 1152 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/16 17:59:07.0107 1152 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/07/16 17:59:07.0138 1152 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/16 17:59:07.0170 1152 NVHDA (ed9380f201c8126425c09bed96dbe1e5) C:\Windows\system32\drivers\nvhda64v.sys
2011/07/16 17:59:07.0404 1152 nvlddmkm (ac8cbe9a0663e88f6429ee5530d5e32b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/16 17:59:07.0466 1152 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/07/16 17:59:07.0497 1152 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/07/16 17:59:07.0513 1152 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/07/16 17:59:07.0544 1152 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/07/16 17:59:07.0560 1152 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/16 17:59:07.0591 1152 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/07/16 17:59:07.0622 1152 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/07/16 17:59:07.0638 1152 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/16 17:59:07.0653 1152 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/16 17:59:07.0669 1152 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/16 17:59:07.0700 1152 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/16 17:59:07.0778 1152 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/16 17:59:07.0794 1152 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/16 17:59:07.0825 1152 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/16 17:59:07.0856 1152 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/16 17:59:07.0887 1152 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/16 17:59:07.0903 1152 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/16 17:59:07.0918 1152 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/16 17:59:07.0934 1152 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/16 17:59:07.0965 1152 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/16 17:59:07.0981 1152 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/16 17:59:08.0012 1152 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/16 17:59:08.0028 1152 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/16 17:59:08.0043 1152 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/16 17:59:08.0074 1152 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/16 17:59:08.0090 1152 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/16 17:59:08.0106 1152 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/16 17:59:08.0137 1152 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/07/16 17:59:08.0168 1152 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/07/16 17:59:08.0199 1152 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/16 17:59:08.0230 1152 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/16 17:59:08.0262 1152 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/16 17:59:08.0277 1152 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/16 17:59:08.0308 1152 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/16 17:59:08.0324 1152 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/16 17:59:08.0340 1152 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/16 17:59:08.0371 1152 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/07/16 17:59:08.0402 1152 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/16 17:59:08.0402 1152 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/16 17:59:08.0433 1152 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/16 17:59:08.0449 1152 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/16 17:59:08.0464 1152 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/16 17:59:08.0480 1152 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/16 17:59:08.0511 1152 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/16 17:59:08.0574 1152 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/07/16 17:59:08.0574 1152 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/07/16 17:59:08.0574 1152 sptd - detected LockedFile.Multi.Generic (1)
2011/07/16 17:59:08.0605 1152 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/07/16 17:59:08.0636 1152 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/16 17:59:08.0652 1152 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/16 17:59:08.0683 1152 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/16 17:59:08.0714 1152 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/07/16 17:59:08.0776 1152 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/07/16 17:59:08.0808 1152 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/16 17:59:08.0839 1152 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/16 17:59:08.0854 1152 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/16 17:59:08.0870 1152 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/16 17:59:08.0901 1152 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/16 17:59:08.0901 1152 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/07/16 17:59:08.0948 1152 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/16 17:59:08.0964 1152 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/16 17:59:08.0995 1152 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/16 17:59:08.0995 1152 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/16 17:59:09.0042 1152 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/16 17:59:09.0057 1152 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/16 17:59:09.0073 1152 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/07/16 17:59:09.0088 1152 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/16 17:59:09.0104 1152 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/16 17:59:09.0135 1152 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/07/16 17:59:09.0151 1152 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/16 17:59:09.0182 1152 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/16 17:59:09.0198 1152 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/16 17:59:09.0213 1152 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/16 17:59:09.0260 1152 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/16 17:59:09.0276 1152 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/16 17:59:09.0291 1152 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/16 17:59:09.0322 1152 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/16 17:59:09.0338 1152 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/16 17:59:09.0354 1152 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/07/16 17:59:09.0369 1152 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/07/16 17:59:09.0400 1152 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/07/16 17:59:09.0416 1152 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/07/16 17:59:09.0447 1152 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/07/16 17:59:09.0478 1152 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/16 17:59:09.0494 1152 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/16 17:59:09.0510 1152 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/16 17:59:09.0525 1152 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/16 17:59:09.0556 1152 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/16 17:59:09.0572 1152 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/16 17:59:09.0588 1152 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/16 17:59:09.0619 1152 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/16 17:59:09.0650 1152 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/16 17:59:09.0666 1152 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/16 17:59:09.0728 1152 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/16 17:59:09.0744 1152 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/16 17:59:09.0775 1152 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/16 17:59:09.0806 1152 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/07/16 17:59:09.0837 1152 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/16 17:59:09.0868 1152 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/07/16 17:59:09.0915 1152 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/16 17:59:09.0946 1152 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
2011/07/16 17:59:09.0946 1152 Boot (0x1200) (5298e6304403eb5e75911c2bf4154ec6) \Device\Harddisk0\DR0\Partition0
2011/07/16 17:59:09.0962 1152 Boot (0x1200) (2864136b0d9b51cfb6a2d9c5af3d2c95) \Device\Harddisk0\DR0\Partition1
2011/07/16 17:59:09.0978 1152 Boot (0x1200) (aaa6bb6c5eee587ded109627cfcb46bc) \Device\Harddisk0\DR0\Partition2
2011/07/16 17:59:10.0009 1152 Boot (0x1200) (c7ad9ba252fc9ea1a623a2512b9d0751) \Device\Harddisk0\DR0\Partition3
2011/07/16 17:59:10.0024 1152 Boot (0x1200) (d0fa23695f5e0f895323f12832082cb1) \Device\Harddisk1\DR1\Partition0
2011/07/16 17:59:10.0024 1152 ================================================================================
2011/07/16 17:59:10.0024 1152 Scan finished
2011/07/16 17:59:10.0024 1152 ================================================================================
2011/07/16 17:59:10.0024 1932 Detected object count: 1
2011/07/16 17:59:10.0024 1932 Actual detected object count: 1
2011/07/16 17:59:13.0690 1932 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/07/16 17:59:13.0722 1932 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/07/16 17:59:13.0737 1932 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/07/16 17:59:13.0737 1932 LockedFile.Multi.Generic(sptd) - User select action: Delete
2011/07/16 17:59:16.0920 2852 Deinitialize success
__________________ Freundliche Grüße Close1 -- [leichenwagen@twitter] Erst wenn der letzte Programmierer eingesperrt und die letzte Idee patentiert ist, werdet ihr merken, daß Anwälte nicht programmieren können. |
|
16.07.2011, 17:10
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bit Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.07.2011, 17:45
| #12 |
| | Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bit Hier der Combofix Log: Code:
ATTFilter ComboFix 11-07-15.03 - ***USER*** 16.07.2011 18:32:15.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.3037 [GMT 2:00]
ausgeführt von:: c:\users\***USER***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Veoh Networks\VeohWebPlayer\ConduitInstaller_veoh.exe
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-16 bis 2011-07-16 ))))))))))))))))))))))))))))))
.
.
2011-07-16 15:13 . 2011-07-16 15:13 -------- d-----w- C:\_OTL
2011-07-15 19:00 . 2011-07-15 19:00 -------- d-----w- c:\users\***USER***\AppData\Roaming\Malwarebytes
2011-07-15 19:00 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-15 19:00 . 2011-07-15 19:00 -------- d-----w- c:\programdata\Malwarebytes
2011-07-15 19:00 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 11:00 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AEB424A-BD5A-417B-9E05-5347461345E9}\mpengine.dll
2011-07-13 15:35 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-07-09 14:37 . 2005-03-24 03:18 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-07-09 14:37 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-07-09 14:37 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-07-09 14:37 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-07-09 14:37 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-07-09 14:37 . 2011-07-09 14:37 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-07-09 14:37 . 2011-07-09 14:37 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-07-02 12:04 . 2009-12-07 17:53 117504 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-07-02 12:04 . 2009-12-07 17:36 246224 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-07-02 12:04 . 2009-10-12 13:23 114304 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2011-07-02 12:04 . 2007-08-09 02:10 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-06-29 06:36 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 06:36 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-06-29 06:36 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-06-29 06:36 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-06-29 06:36 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-06-26 22:27 . 2011-07-02 12:11 -------- d-----w- c:\program files (x86)\Giraffic
2011-06-26 22:27 . 2011-06-27 08:48 -------- d-----w- c:\programdata\Giraffic
2011-06-25 00:27 . 2011-06-25 00:27 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-25 00:27 . 2011-06-25 00:27 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-23 16:14 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-23 16:14 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-23 16:14 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-23 16:14 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-23 16:14 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-23 16:14 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-23 16:14 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-23 16:14 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-23 16:14 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-23 16:14 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-23 16:14 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-23 16:14 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-02 11:36 . 2010-11-06 22:57 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-02 11:36 . 2010-11-06 22:57 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-24 08:42 . 2011-05-18 14:38 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-05 20:15 . 2011-06-05 20:15 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-05 20:15 . 2011-06-05 20:15 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-05 20:15 . 2011-06-05 20:15 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-05 20:15 . 2011-06-05 20:15 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-05 20:15 . 2011-06-05 20:15 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-05 20:15 . 2011-06-05 20:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-05 20:15 . 2011-06-05 20:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-05 20:15 . 2011-06-05 20:15 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-05 20:15 . 2011-06-05 20:15 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-05 20:15 . 2011-06-05 20:15 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-05 20:15 . 2011-06-05 20:15 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-05 20:15 . 2011-06-05 20:15 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-05 20:15 . 2011-06-05 20:15 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-05 20:15 . 2011-06-05 20:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-05 20:15 . 2011-06-05 20:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-05 20:15 . 2011-06-05 20:15 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-05 20:15 . 2011-06-05 20:15 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-05 20:15 . 2011-06-05 20:15 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-05 20:15 . 2011-06-05 20:15 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-06-05 20:14 . 2011-06-05 20:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-05 20:14 . 2011-06-05 20:14 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-05 20:14 . 2011-06-05 20:14 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-06-05 20:14 . 2011-06-05 20:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-05 20:14 . 2011-06-05 20:14 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-05 20:14 . 2011-06-05 20:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-05 20:14 . 2011-06-05 20:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-05 20:14 . 2011-06-05 20:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-05 20:14 . 2011-06-05 20:14 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-05 20:14 . 2011-06-05 20:14 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-05 20:14 . 2011-06-05 20:14 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-05 20:14 . 2011-06-05 20:14 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-05 20:14 . 2011-06-05 20:14 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-05 20:14 . 2011-06-05 20:14 448512 ----a-w- c:\windows\system32\html.iec
2011-06-05 20:14 . 2011-06-05 20:14 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-05 20:14 . 2011-06-05 20:14 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-05 20:14 . 2011-06-05 20:14 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-05 20:14 . 2011-06-05 20:14 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-05 20:14 . 2011-06-05 20:14 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-24 17:14 . 2010-11-06 23:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-14 06:24 . 2011-07-13 15:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-04 02:52 . 2010-11-07 20:04 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-01 13:18 . 2011-05-01 13:18 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll
2011-05-01 13:18 . 2011-05-01 13:18 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2010-07-22 2624512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz134;cpuz134;c:\users\***USER***\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dump_wmimmc;dump_wmimmc;d:\program files (x86)\ijji\Gunz\GameGuard\dump_wmimmc.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 Giraffic;Giraffic Video Accelerator;c:\program files (x86)\Giraffic\GirafficWatchdog.exe [2011-06-27 2211984]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-04-23 5071360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{D2EA6C5B-9417-4925-B370-CA65B1CDFDDF}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\***USER***\AppData\Roaming\Mozilla\Firefox\Profiles\lk3f7ihj.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-80285507.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1843212304-3448961189-3793492660-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c1,08,dc,c9,f7,16,73,b2,3e,b7,d2,5f,11,6e,8f,fc,e1,8b,8a,e9,46,63,a5,
07,1a,35,9a,b0,98,e0,1d,df,40,0a,6b,ee,21,36,b4,7e,b0,c0,f9,9a,ce,2f,1f,d8,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-1843212304-3448961189-3793492660-1001\Software\SecuROM\License information*]
"datasecu"=hex:2d,d7,d1,d0,d0,b0,30,b4,55,e7,28,24,04,a6,f4,8f,98,9b,7a,5b,a2,
93,c3,3c,8e,0f,87,f3,be,81,d8,77,25,6b,4b,ce,03,56,44,b6,54,26,a8,e2,f4,94,\
"rkeysecu"=hex:7f,d1,5c,a5,bd,8b,0e,33,66,d9,8d,b3,2f,e5,73,29
.
[HKEY_USERS\S-1-5-21-1843212304-3448961189-3793492660-1001\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_0079&PID_0006\Calibration\0\Type\Axes]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-07-16 18:38:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-07-16 16:38
.
Vor Suchlauf: 10 Verzeichnis(se), 31.128.178.688 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 30.668.742.656 Bytes frei
.
- - End Of File - - 08C82DDC415E0F31206DEB5507BE1F4D
__________________ Freundliche Grüße Close1 -- [leichenwagen@twitter] Erst wenn der letzte Programmierer eingesperrt und die letzte Idee patentiert ist, werdet ihr merken, daß Anwälte nicht programmieren können. Geändert von close1 (16.07.2011 um 17:53 Uhr) Grund: Benutzernamen unkenntlich gemacht |
|
16.07.2011, 18:05
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bit Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.07.2011, 18:14
| #14 |
| | Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bit Hier der MBRCheck Log: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000023c
Kernel Drivers (total 189):
0x03017000 \SystemRoot\system32\ntoskrnl.exe
0x03600000 \SystemRoot\system32\hal.dll
0x00BC4000 \SystemRoot\system32\kdcom.dll
0x00CA7000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CF6000 \SystemRoot\system32\PSHED.dll
0x00D0A000 \SystemRoot\system32\CLFS.SYS
0x00EFA000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00D68000 \SystemRoot\system32\drivers\ACPI.sys
0x00EB3000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00EBC000 \SystemRoot\system32\drivers\msisadrv.sys
0x00EC6000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FBA000 \SystemRoot\system32\drivers\pci.sys
0x00ED3000 \SystemRoot\System32\drivers\partmgr.sys
0x00DBF000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EE8000 \SystemRoot\system32\drivers\pciide.sys
0x00FED000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
0x00EEF000 \SystemRoot\system32\drivers\atapi.sys
0x00C76000 \SystemRoot\system32\drivers\ataport.SYS
0x00DD4000 \SystemRoot\system32\drivers\amdxata.sys
0x010B3000 \SystemRoot\system32\drivers\fltmgr.sys
0x010FF000 \SystemRoot\system32\drivers\fileinfo.sys
0x0124C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01113000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01171000 \SystemRoot\System32\Drivers\cng.sys
0x0121B000 \SystemRoot\System32\drivers\pcw.sys
0x0122C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01418000 \SystemRoot\system32\drivers\ndis.sys
0x0150B000 \SystemRoot\system32\drivers\NETIO.SYS
0x0156B000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016C2000 \SystemRoot\System32\drivers\tcpip.sys
0x018C6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01910000 \SystemRoot\system32\drivers\volsnap.sys
0x0195C000 \SystemRoot\System32\Drivers\spldr.sys
0x01964000 \SystemRoot\System32\drivers\rdyboost.sys
0x0199E000 \SystemRoot\System32\Drivers\mup.sys
0x019B0000 \SystemRoot\System32\drivers\hwpolicy.sys
0x019B9000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01600000 \SystemRoot\system32\DRIVERS\disk.sys
0x01616000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0167C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x016A6000 \SystemRoot\System32\Drivers\Null.SYS
0x016AF000 \SystemRoot\System32\Drivers\Beep.SYS
0x01596000 \SystemRoot\System32\drivers\vga.sys
0x015A4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015C9000 \SystemRoot\System32\drivers\watchdog.sys
0x016B6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019F3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x015D9000 \SystemRoot\system32\drivers\rdprefmp.sys
0x015E2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x015ED000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01000000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01400000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01022000 \SystemRoot\system32\drivers\afd.sys
0x03A50000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03A95000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03A9E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03AC4000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03ADA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03AE9000 \SystemRoot\system32\DRIVERS\serial.sys
0x03B06000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03B21000 \SystemRoot\system32\drivers\termdd.sys
0x03B35000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03B86000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03B92000 \SystemRoot\system32\drivers\mssmbios.sys
0x03B9D000 \SystemRoot\System32\drivers\discache.sys
0x03BAC000 \SystemRoot\System32\Drivers\dfsc.sys
0x03BCA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03BDB000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x03A00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03A26000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F06B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FCC7000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x0FCC9000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0F000000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0F046000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0FDBD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03EB5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03F0B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03F1C000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x03F81000 \SystemRoot\system32\drivers\1394ohci.sys
0x03FBF000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x03FC7000 \SystemRoot\system32\drivers\i8042prt.sys
0x03FE5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03FF4000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03E00000 \SystemRoot\system32\drivers\CompositeBus.sys
0x03E10000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03E26000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03E4A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03E56000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E85000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0FDCA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x011E3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03EA0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03EAF000 \SystemRoot\system32\drivers\swenum.sys
0x0427A000 \SystemRoot\system32\drivers\ks.sys
0x042BD000 \SystemRoot\system32\drivers\umbus.sys
0x042CF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04329000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0433E000 \SystemRoot\system32\drivers\nvhda64v.sys
0x04367000 \SystemRoot\system32\drivers\portcls.sys
0x043A4000 \SystemRoot\system32\drivers\drmk.sys
0x043C6000 \SystemRoot\system32\drivers\ksthunk.sys
0x050D7000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x051DC000 \SystemRoot\System32\drivers\Dxapi.sys
0x051E8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005B0000 \SystemRoot\System32\TSDDD.dll
0x00740000 \SystemRoot\System32\cdd.dll
0x05000000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0501D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0501F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0502D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05046000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0504F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0505D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0506A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05087000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05095000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x050A1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x050AA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x043CC000 \SystemRoot\system32\drivers\luafv.sys
0x04200000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x0421F000 \SystemRoot\system32\drivers\WudfPf.sys
0x050BD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x066B5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06708000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0671B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06733000 \SystemRoot\system32\drivers\HTTP.sys
0x06600000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0661E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06636000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06663000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04240000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06CCD000 \SystemRoot\system32\drivers\peauth.sys
0x06D73000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06D7E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06DAF000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06C00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0709B000 \SystemRoot\System32\DRIVERS\srv.sys
0x07133000 \SystemRoot\system32\drivers\spsys.sys
0x071A4000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x071AF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x071CA000 \SystemRoot\System32\Drivers\fastfat.SYS
0x07000000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77540000 \Windows\System32\ntdll.dll
0x48080000 \Windows\System32\smss.exe
0xFF860000 \Windows\System32\apisetschema.dll
0xFF150000 \Windows\System32\autochk.exe
0xFF830000 \Windows\System32\imagehlp.dll
0x77420000 \Windows\System32\kernel32.dll
0xFF7C0000 \Windows\System32\gdi32.dll
0xFF690000 \Windows\System32\rpcrt4.dll
0xFF4B0000 \Windows\System32\setupapi.dll
0xFF450000 \Windows\System32\Wldap32.dll
0xFF3B0000 \Windows\System32\clbcatq.dll
0xFF310000 \Windows\System32\comdlg32.dll
0xFF300000 \Windows\System32\nsi.dll
0xFF280000 \Windows\System32\shlwapi.dll
0xFF1A0000 \Windows\System32\oleaut32.dll
0xFF170000 \Windows\System32\imm32.dll
0xFE3E0000 \Windows\System32\shell32.dll
0x77710000 \Windows\System32\normaliz.dll
0xFE310000 \Windows\System32\usp10.dll
0xFE2C0000 \Windows\System32\ws2_32.dll
0x77320000 \Windows\System32\user32.dll
0x771D0000 \Windows\System32\urlmon.dll
0x76FC0000 \Windows\System32\iertutil.dll
0xFE220000 \Windows\System32\msvcrt.dll
0xFE140000 \Windows\System32\advapi32.dll
0x76E60000 \Windows\System32\wininet.dll
0x77700000 \Windows\System32\psapi.dll
0xFE130000 \Windows\System32\lpk.dll
0xFE0B0000 \Windows\System32\difxapi.dll
0xFDEA0000 \Windows\System32\ole32.dll
0xFDD90000 \Windows\System32\msctf.dll
0xFDD70000 \Windows\System32\sechost.dll
0xFDD30000 \Windows\System32\cfgmgr32.dll
0xFDCC0000 \Windows\System32\KernelBase.dll
0xFDC20000 \Windows\System32\comctl32.dll
0xFDBE0000 \Windows\System32\wintrust.dll
0xFDBC0000 \Windows\System32\devobj.dll
0xFDA50000 \Windows\System32\crypt32.dll
0xFDA40000 \Windows\System32\msasn1.dll
0x76830000 \Windows\SysWOW64\normaliz.dll
Processes (total 46):
0 System Idle Process
4 System
264 C:\Windows\System32\smss.exe
416 csrss.exe
476 C:\Windows\System32\wininit.exe
496 csrss.exe
556 C:\Windows\System32\winlogon.exe
568 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
696 C:\Windows\System32\svchost.exe
760 C:\Windows\System32\nvvsvc.exe
804 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
316 C:\Windows\System32\svchost.exe
1064 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1076 C:\Windows\System32\nvvsvc.exe
1180 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\svchost.exe
1448 C:\Windows\System32\spoolsv.exe
1476 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1576 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1612 C:\Windows\System32\svchost.exe
1740 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1788 C:\Windows\System32\svchost.exe
1848 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1876 C:\Windows\System32\conhost.exe
2220 C:\Windows\System32\dwm.exe
2248 C:\Windows\explorer.exe
2280 C:\Windows\System32\taskhost.exe
2460 C:\Windows\RAVCpl64.exe
2472 C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
2620 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2656 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2824 C:\Windows\System32\SearchIndexer.exe
3068 C:\Windows\System32\sppsvc.exe
2092 C:\Windows\System32\svchost.exe
2316 C:\Windows\System32\audiodg.exe
2948 WUDFHost.exe
2364 C:\Windows\System32\SearchProtocolHost.exe
1972 C:\Windows\System32\SearchFilterHost.exe
272 C:\Users\***USER***\Desktop\beseitigung\MBRCheck.exe
2176 C:\Windows\System32\conhost.exe
2200 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000f`03d00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000073`03d00000 (NTFS)
PhysicalDrive0 Model Number: WDCWD10EADS-00L5B1, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
__________________ Freundliche Grüße Close1 -- [leichenwagen@twitter] Erst wenn der letzte Programmierer eingesperrt und die letzte Idee patentiert ist, werdet ihr merken, daß Anwälte nicht programmieren können. |
|
17.07.2011, 17:16
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bit Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bit |
| .html, adblock, antivir, bot, botnet, browser, defogger, firefox, formatieren, free, hacker, hijack, hijackthis, internetverbindung, ip adresse, linux, mail, neu, port, port 80, programme, prozesse, remote, remote access, rootkit, scan, security, system, systeme, tan, thread, verdacht, win7 |
Textbox.
.
Linear-Darstellung
