Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR Dropper.gen (https://www.trojaner-board.de/98522-tr-dropper-gen.html)

Schuppe 30.04.2011 13:39
TR Dropper.gen
 
Hallo,

ich hatte den besagten Virus zu spät erkannt da der Dateiname sehr lang war und es keine exe sein sollte welches dann später ersichtlich war. :/

Durch Procmon konnte ich dann erkennen was da angerichtet wurde, habe die Datei per Antivir in Quarantäne verschoben, eine Datei namens regupdate (oder ähnlich) aus Appdata/roaming/local gelöscht und mein Registry-Backup von gestern drübergezogen :=)

Sonstige Maßnahmen: Vollscan Antivir-Prof, Malware-Bytes, CCleaner.

Sonstige neue Probleme: etas längeren schwarzen Boot-Bildschirm, Runterrasseln von DLLS nach dem Bios.. verlängerte Bootzeit nachdem ich es gestern frisch auf 30Seks optimiert habe.

Die Combofix-Logs hätte ich auch gern erledigt, allerdings bekomme ich direkt beim Start bei 100% vorbereitung "Page_pool" und Sonstige Blue-Screens.

MfG, Schuppe

Ist das nu erledigt ?

cosinus 01.05.2011 16:04
Wo sind die Logs von Malwarebytes, AntiVir usw? Bitte alles posten!!

Zitat:
Die Combofix-Logs hätte ich auch gern erledigt,
Hinweise ignoriert? => http://www.trojaner-board.de/95175-combofix.html

Schuppe 02.05.2011 17:43
also hier das File.. mbam hat was gefunden was antivir nicht fand .. hatte allerdings keinen FakeAlert.

Schuppe 02.05.2011 19:55
Zitat:
Zitat von Schuppe (Beitrag 651588)
also hier das File.. mbam hat was gefunden was antivir nicht fand .. hatte allerdings keinen FakeAlert.
hier nochmal richtig

cosinus 02.05.2011 20:31
Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Schuppe 03.05.2011 16:16
okay hier denn noch der Log von heute!

Schuppe 03.05.2011 18:46
achso sry hier nochmal der voll-log .. 0 gefunden ^^

cosinus 04.05.2011 10:37
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{dcd9604f-64fe-11df-8525-f44743a34c58}\Shell - "" = AutoRun
O33 - MountPoints2\{dcd9604f-64fe-11df-8525-f44743a34c58}\Shell\AutoRun\command - "" = I:\preinst.exe
O33 - MountPoints2\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\Shell - "" = AutoRun
O33 - MountPoints2\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\Shell - "" = AutoRun
O33 - MountPoints2\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6866BFC2
@Alternate Data Stream - 1317 bytes -> C:\Users\***\AppData\Local\Temp:ZHKMaX5qOR5AFpyA0QK552H6
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Schuppe 04.05.2011 16:18
Hier mal die Ausgabe:

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
E:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcd9604f-64fe-11df-8525-f44743a34c58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcd9604f-64fe-11df-8525-f44743a34c58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcd9604f-64fe-11df-8525-f44743a34c58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcd9604f-64fe-11df-8525-f44743a34c58}\ not found.
File I:\preinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
ADS C:\ProgramData\TEMP:6866BFC2 deleted successfully.
Unable to delete ADS C:\Users\***\AppData\Local\Temp:ZHKMaX5qOR5AFpyA0QK552H6 .
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Philipp
->Temp folder emptied: 257375 bytes
->Temporary Internet Files folder emptied: 16287215 bytes
->Java cache emptied: 5706 bytes
->FireFox cache emptied: 123315893 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2403 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3302 bytes
RecycleBin emptied: 17213025 bytes
 
Total Files Cleaned = 150,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 05042011_171402

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 04.05.2011 16:21
Zitat:
Unable to delete ADS C:\Users\***\AppData\Local\Temp:ZHKMaX5qOR5AFpyA0QK552H6 .
Du hast die Sternchen sicher vorher zurückeditiert? :pfeiff:

Schuppe 04.05.2011 16:58
jetzt ja..

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
File E:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcd9604f-64fe-11df-8525-f44743a34c58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcd9604f-64fe-11df-8525-f44743a34c58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcd9604f-64fe-11df-8525-f44743a34c58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcd9604f-64fe-11df-8525-f44743a34c58}\ not found.
File I:\preinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Unable to delete ADS C:\ProgramData\TEMP:05EE1EEF .
Unable to delete ADS C:\ProgramData\TEMP:6866BFC2 .
ADS C:\Users\Philipp\AppData\Local\Temp:ZHKMaX5qOR5AFpyA0QK552H6 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:D1B5B4F1 .
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Philipp
->Temp folder emptied: 527596 bytes
->Temporary Internet Files folder emptied: 739840 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38493575 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1033 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 38,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 05042011_175349

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 04.05.2011 18:04
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Schuppe 04.05.2011 18:26
Code:
2011/05/04 19:22:42.0850 5936        TDSS rootkit removing tool 2.5.0.0 May  1 2011 14:20:16
2011/05/04 19:22:43.0007 5936        ================================================================================
2011/05/04 19:22:43.0007 5936        SystemInfo:
2011/05/04 19:22:43.0007 5936       
2011/05/04 19:22:43.0007 5936        OS Version: 6.0.6002 ServicePack: 2.0
2011/05/04 19:22:43.0007 5936        Product type: Workstation
2011/05/04 19:22:43.0007 5936        ComputerName: PHILIPP-PC
2011/05/04 19:22:43.0007 5936        UserName: Philipp
2011/05/04 19:22:43.0007 5936        Windows directory: C:\Windows
2011/05/04 19:22:43.0007 5936        System windows directory: C:\Windows
2011/05/04 19:22:43.0008 5936        Processor architecture: Intel x86
2011/05/04 19:22:43.0008 5936        Number of processors: 4
2011/05/04 19:22:43.0008 5936        Page size: 0x1000
2011/05/04 19:22:43.0008 5936        Boot type: Normal boot
2011/05/04 19:22:43.0008 5936        ================================================================================
2011/05/04 19:22:43.0304 5936        Initialize success
2011/05/04 19:22:48.0644 5172        ================================================================================
2011/05/04 19:22:48.0644 5172        Scan started
2011/05/04 19:22:48.0644 5172        Mode: Manual;
2011/05/04 19:22:48.0644 5172        ================================================================================
2011/05/04 19:22:49.0181 5172        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/04 19:22:49.0235 5172        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/04 19:22:49.0257 5172        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/04 19:22:49.0280 5172        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/04 19:22:49.0306 5172        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/04 19:22:49.0361 5172        AFD            (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/04 19:22:49.0394 5172        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/04 19:22:49.0423 5172        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/04 19:22:49.0442 5172        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/04 19:22:49.0464 5172        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/04 19:22:49.0478 5172        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/04 19:22:49.0490 5172        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/04 19:22:49.0514 5172        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/04 19:22:49.0675 5172        amdkmdag        (8fd111119be6924b1b8c3976fac1b535) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/04 19:22:49.0749 5172        amdkmdap        (c9b705ff53b15dd71f6a4d4f45396edd) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/05/04 19:22:49.0850 5172        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/04 19:22:49.0872 5172        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/04 19:22:49.0907 5172        AsIO            (663f2fb92608073824ee3106886120f3) C:\Windows\system32\drivers\AsIO.sys
2011/05/04 19:22:49.0942 5172        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/04 19:22:49.0964 5172        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/04 19:22:50.0007 5172        AtiHDAudioService (0c3c2e9136397e1aaa9033dcae25ced2) C:\Windows\system32\drivers\AtihdLH3.sys
2011/05/04 19:22:50.0039 5172        AtiHdmiService  (f48d470154cc58cd6520771464fbec3f) C:\Windows\system32\drivers\AtiHdmi.sys
2011/05/04 19:22:50.0184 5172        atikmdag        (8fd111119be6924b1b8c3976fac1b535) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/04 19:22:50.0254 5172        ATITool        (d4ed96ac2fafee2c697436b9a2871cd3) C:\Windows\system32\DRIVERS\ATITool.sys
2011/05/04 19:22:50.0286 5172        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/04 19:22:50.0322 5172        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/04 19:22:50.0350 5172        AVMUNET        (077b3692f4376d1539755761feef659a) C:\Windows\system32\DRIVERS\avmunet.sys
2011/05/04 19:22:50.0391 5172        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/04 19:22:50.0423 5172        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/04 19:22:50.0451 5172        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/04 19:22:50.0473 5172        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/04 19:22:50.0490 5172        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/04 19:22:50.0515 5172        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/04 19:22:50.0526 5172        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/04 19:22:50.0544 5172        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/04 19:22:50.0561 5172        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/04 19:22:50.0572 5172        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/04 19:22:50.0617 5172        CamDrL          (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\Windows\system32\DRIVERS\Camdrl.sys
2011/05/04 19:22:50.0635 5172        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/04 19:22:50.0665 5172        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/04 19:22:50.0712 5172        cFosSpeed      (3cd947a26cb3fe8bfc81e746cff88877) C:\Windows\system32\DRIVERS\cfosspeed.sys
2011/05/04 19:22:50.0738 5172        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/04 19:22:50.0768 5172        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/04 19:22:50.0799 5172        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/04 19:22:50.0812 5172        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/05/04 19:22:50.0827 5172        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/04 19:22:50.0855 5172        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/04 19:22:50.0896 5172        CT20XUT        (134cdd242af1ae9961f065fba3508a7b) C:\Windows\system32\drivers\CT20XUT.SYS
2011/05/04 19:22:50.0923 5172        CT20XUT.SYS    (134cdd242af1ae9961f065fba3508a7b) C:\Windows\System32\drivers\CT20XUT.SYS
2011/05/04 19:22:50.0958 5172        ctac32k        (93439baf09ce3c6d4ce55da5b07d1b6a) C:\Windows\system32\drivers\ctac32k.sys
2011/05/04 19:22:50.0994 5172        ctaud2k        (6ab74512f09d673452d63ddec9014db5) C:\Windows\system32\drivers\ctaud2k.sys
2011/05/04 19:22:51.0032 5172        ctdvda2k        (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\Windows\system32\drivers\ctdvda2k.sys
2011/05/04 19:22:51.0074 5172        CTEXFIFX        (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/05/04 19:22:51.0124 5172        CTEXFIFX.SYS    (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/05/04 19:22:51.0168 5172        CTHWIUT        (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/05/04 19:22:51.0183 5172        CTHWIUT.SYS    (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/05/04 19:22:51.0207 5172        ctprxy2k        (d42b84671f2193330215d3c375a2e948) C:\Windows\system32\drivers\ctprxy2k.sys
2011/05/04 19:22:51.0228 5172        ctsfm2k        (974cfcbe3206367bec1d527d9dade998) C:\Windows\system32\drivers\ctsfm2k.sys
2011/05/04 19:22:51.0270 5172        DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/04 19:22:51.0314 5172        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/04 19:22:51.0375 5172        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/04 19:22:51.0413 5172        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/04 19:22:51.0454 5172        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/04 19:22:51.0488 5172        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/04 19:22:51.0531 5172        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/04 19:22:51.0566 5172        emupia          (04afe5c11777e33178ec11e1fac47b07) C:\Windows\system32\drivers\emupia2k.sys
2011/05/04 19:22:51.0598 5172        ENTECH          (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
2011/05/04 19:22:51.0613 5172        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/04 19:22:51.0664 5172        ESLvnic1        (3f3126a8f73e92f8eb369d54977d9e15) C:\Windows\system32\DRIVERS\ESLvnic.sys
2011/05/04 19:22:51.0709 5172        ESLWireAC      (47d9bed54cd3ff24b9c17a730f89c711) C:\Windows\system32\drivers\ESLWireACD.sys
2011/05/04 19:22:51.0760 5172        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/04 19:22:51.0792 5172        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/04 19:22:51.0816 5172        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/04 19:22:51.0845 5172        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/04 19:22:51.0865 5172        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/04 19:22:51.0889 5172        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/04 19:22:51.0918 5172        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/04 19:22:51.0960 5172        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/04 19:22:51.0982 5172        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/04 19:22:52.0015 5172        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/04 19:22:52.0051 5172        ggflt          (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/05/04 19:22:52.0077 5172        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/05/04 19:22:52.0149 5172        ha20x2k        (41fce1833d8f659acc56cb0ee43b2ced) C:\Windows\system32\drivers\ha20x2k.sys
2011/05/04 19:22:52.0191 5172        hamachi        (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/05/04 19:22:52.0253 5172        HCW85BDA        (09139afcf7697461059eec49a8fe66a2) C:\Windows\system32\drivers\HCW85BDA.sys
2011/05/04 19:22:52.0295 5172        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/05/04 19:22:52.0334 5172        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/04 19:22:52.0368 5172        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/04 19:22:52.0385 5172        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/04 19:22:52.0427 5172        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/04 19:22:52.0451 5172        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/04 19:22:52.0487 5172        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/04 19:22:52.0510 5172        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/04 19:22:52.0530 5172        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/04 19:22:52.0557 5172        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/04 19:22:52.0598 5172        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/04 19:22:52.0659 5172        IntcAzAudAddService (97cac2a7e92ffcb30c15101ab002ed30) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/04 19:22:52.0694 5172        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/04 19:22:52.0712 5172        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/04 19:22:52.0734 5172        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/04 19:22:52.0778 5172        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/04 19:22:52.0803 5172        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/04 19:22:52.0828 5172        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/04 19:22:52.0843 5172        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/04 19:22:52.0868 5172        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/04 19:22:52.0882 5172        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/04 19:22:52.0899 5172        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/04 19:22:52.0917 5172        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/04 19:22:52.0947 5172        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/04 19:22:52.0988 5172        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/04 19:22:53.0046 5172        L8042Kbd        (dc61f15187372d164769c841655e58f3) C:\Windows\system32\DRIVERS\L8042Kbd.sys
2011/05/04 19:22:53.0073 5172        L8042mou        (cb6e007d3a67cb80ee9df2afd4b0fc9d) C:\Windows\system32\DRIVERS\L8042mou.Sys
2011/05/04 19:22:53.0109 5172        LHidFilt        (dd83dc92463fce6324fd30a13d17d0da) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/05/04 19:22:53.0143 5172        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/04 19:22:53.0172 5172        LMouFilt        (8fe0008e183ff0293a925b78a5581c5f) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/05/04 19:22:53.0193 5172        LMouKE          (58597a99792461e89bb5c44e17508d70) C:\Windows\system32\DRIVERS\LMouKE.Sys
2011/05/04 19:22:53.0220 5172        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/04 19:22:53.0237 5172        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/04 19:22:53.0257 5172        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/04 19:22:53.0269 5172        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/04 19:22:53.0302 5172        LVUSBSta        (64bc29c3a0388bfc580bb8b1346f7659) C:\Windows\system32\DRIVERS\LVUSBSta.sys
2011/05/04 19:22:53.0344 5172        massfilter      (f0435fe3c1ec2659d2bbf073ca0752ee) C:\Windows\system32\DRIVERS\massfilter.sys
2011/05/04 19:22:53.0439 5172        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/04 19:22:53.0526 5172        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/04 19:22:53.0550 5172        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/04 19:22:53.0575 5172        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/04 19:22:53.0598 5172        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/04 19:22:53.0622 5172        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/04 19:22:53.0636 5172        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/04 19:22:53.0668 5172        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/04 19:22:53.0694 5172        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/04 19:22:53.0717 5172        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/04 19:22:53.0734 5172        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/04 19:22:53.0754 5172        mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/04 19:22:53.0790 5172        mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/04 19:22:53.0814 5172        mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/04 19:22:53.0833 5172        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/04 19:22:53.0848 5172        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/04 19:22:53.0870 5172        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/04 19:22:53.0899 5172        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/04 19:22:53.0927 5172        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/04 19:22:53.0944 5172        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/04 19:22:53.0958 5172        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/04 19:22:53.0979 5172        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/04 19:22:54.0000 5172        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/04 19:22:54.0027 5172        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/04 19:22:54.0061 5172        MTsensor        (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/05/04 19:22:54.0078 5172        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/04 19:22:54.0113 5172        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/04 19:22:54.0140 5172        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/04 19:22:54.0162 5172        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/04 19:22:54.0176 5172        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/04 19:22:54.0195 5172        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/04 19:22:54.0214 5172        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/04 19:22:54.0227 5172        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/04 19:22:54.0249 5172        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/04 19:22:54.0283 5172        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/04 19:22:54.0298 5172        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/04 19:22:54.0322 5172        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/04 19:22:54.0365 5172        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/04 19:22:54.0391 5172        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/04 19:22:54.0410 5172        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/04 19:22:54.0432 5172        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/04 19:22:54.0448 5172        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/04 19:22:54.0472 5172        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/04 19:22:54.0527 5172        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/04 19:22:54.0552 5172        ossrv          (11b3328d84ed6c11baf4f4f115459ab6) C:\Windows\system32\drivers\ctoss2k.sys
2011/05/04 19:22:54.0575 5172        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/04 19:22:54.0596 5172        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/04 19:22:54.0638 5172        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/04 19:22:54.0657 5172        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/04 19:22:54.0687 5172        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/04 19:22:54.0706 5172        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/04 19:22:54.0747 5172        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/04 19:22:54.0814 5172        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/04 19:22:54.0837 5172        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/04 19:22:54.0876 5172        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/04 19:22:54.0921 5172        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/04 19:22:54.0944 5172        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/04 19:22:54.0965 5172        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/04 19:22:54.0977 5172        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/04 19:22:55.0003 5172        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/04 19:22:55.0039 5172        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/04 19:22:55.0054 5172        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/04 19:22:55.0085 5172        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/04 19:22:55.0106 5172        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/04 19:22:55.0136 5172        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/04 19:22:55.0169 5172        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/04 19:22:55.0203 5172        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/04 19:22:55.0245 5172        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/04 19:22:55.0286 5172        s0017bus        (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys
2011/05/04 19:22:55.0313 5172        s0017mdfl      (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys
2011/05/04 19:22:55.0339 5172        s0017mdm        (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys
2011/05/04 19:22:55.0368 5172        s0017mgmt      (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys
2011/05/04 19:22:55.0385 5172        s0017nd5        (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys
2011/05/04 19:22:55.0414 5172        s0017obex      (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys
2011/05/04 19:22:55.0435 5172        s0017unic      (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys
2011/05/04 19:22:55.0452 5172        s117bus        (1f561844318914e7eb6e54673a4cc54c) C:\Windows\system32\DRIVERS\s117bus.sys
2011/05/04 19:22:55.0471 5172        s117mdfl        (ba93eec3cdf6a63b77ae66221aa4f902) C:\Windows\system32\DRIVERS\s117mdfl.sys
2011/05/04 19:22:55.0492 5172        s117mdm        (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\Windows\system32\DRIVERS\s117mdm.sys
2011/05/04 19:22:55.0506 5172        s117mgmt        (bd6483e64b1da17e812b34bcdefd9459) C:\Windows\system32\DRIVERS\s117mgmt.sys
2011/05/04 19:22:55.0534 5172        s117nd5        (c7ca36c3054b4cd47a1f6611b046e2f9) C:\Windows\system32\DRIVERS\s117nd5.sys
2011/05/04 19:22:55.0555 5172        s117obex        (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\Windows\system32\DRIVERS\s117obex.sys
2011/05/04 19:22:55.0578 5172        s117unic        (5c4d1ba23c7511ac880e8ba7baa80dba) C:\Windows\system32\DRIVERS\s117unic.sys
2011/05/04 19:22:55.0601 5172        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/04 19:22:55.0642 5172        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/04 19:22:55.0677 5172        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/04 19:22:55.0700 5172        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/05/04 19:22:55.0718 5172        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/04 19:22:55.0753 5172        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/04 19:22:55.0768 5172        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/04 19:22:55.0782 5172        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/04 19:22:55.0794 5172        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/04 19:22:55.0833 5172        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/04 19:22:55.0857 5172        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/04 19:22:55.0881 5172        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/04 19:22:55.0914 5172        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/04 19:22:55.0960 5172        snpstd          (d08d19ee68cb88ab1bc5da3081505847) C:\Windows\system32\DRIVERS\snpstd.sys
2011/05/04 19:22:55.0988 5172        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/04 19:22:56.0031 5172        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/05/04 19:22:56.0032 5172        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/05/04 19:22:56.0036 5172        sptd - detected LockedFile.Multi.Generic (1)
2011/05/04 19:22:56.0060 5172        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/04 19:22:56.0093 5172        srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/04 19:22:56.0125 5172        srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/04 19:22:56.0154 5172        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/04 19:22:56.0200 5172        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/04 19:22:56.0228 5172        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/04 19:22:56.0252 5172        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/04 19:22:56.0272 5172        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/04 19:22:56.0346 5172        Tcpip          (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/05/04 19:22:56.0388 5172        Tcpip6          (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/04 19:22:56.0413 5172        tcpipreg        (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/04 19:22:56.0441 5172        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/04 19:22:56.0459 5172        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/04 19:22:56.0490 5172        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/04 19:22:56.0536 5172        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/04 19:22:56.0582 5172        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/04 19:22:56.0594 5172        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/04 19:22:56.0629 5172        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/04 19:22:56.0652 5172        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/04 19:22:56.0680 5172        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/04 19:22:56.0712 5172        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/04 19:22:56.0733 5172        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/04 19:22:56.0746 5172        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/04 19:22:56.0765 5172        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/04 19:22:56.0786 5172        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/04 19:22:56.0860 5172        UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/05/04 19:22:56.0904 5172        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/04 19:22:56.0931 5172        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/04 19:22:56.0958 5172        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/04 19:22:56.0978 5172        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/04 19:22:57.0011 5172        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/04 19:22:57.0029 5172        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/04 19:22:57.0048 5172        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/04 19:22:57.0066 5172        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/04 19:22:57.0087 5172        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/04 19:22:57.0116 5172        VBoxDrv        (bb2bf5e7078f05bac1e3dd523cb150f6) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/05/04 19:22:57.0137 5172        VBoxNetAdp      (87f80943992bda64bc2208f3ccd0d38a) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/05/04 19:22:57.0156 5172        VBoxNetFlt      (779a92465beb0f2a1ed180c09f0ffc0e) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/05/04 19:22:57.0178 5172        VBoxUSBMon      (b6879530399e6a7c769f87467ba62b29) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/05/04 19:22:57.0202 5172        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/04 19:22:57.0217 5172        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/04 19:22:57.0239 5172        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/04 19:22:57.0260 5172        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/04 19:22:57.0280 5172        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/04 19:22:57.0296 5172        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/04 19:22:57.0313 5172        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/04 19:22:57.0335 5172        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/04 19:22:57.0357 5172        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/04 19:22:57.0394 5172        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/04 19:22:57.0413 5172        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/04 19:22:57.0422 5172        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/04 19:22:57.0470 5172        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/04 19:22:57.0489 5172        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/04 19:22:57.0584 5172        WmBEnum        (59c90bc8317bd3f6e5559a4deaf35090) C:\Windows\system32\drivers\WmBEnum.sys
2011/05/04 19:22:57.0621 5172        WmFilter        (999a4539ad634a741afd357e290bd461) C:\Windows\system32\drivers\WmFilter.sys
2011/05/04 19:22:57.0640 5172        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/04 19:22:57.0673 5172        WmVirHid        (0b8c64b13776f17537f0705fe62799c6) C:\Windows\system32\drivers\WmVirHid.sys
2011/05/04 19:22:57.0691 5172        WmXlCore        (8d388aeb1a12c1192aa9b4ebceabcba6) C:\Windows\system32\drivers\WmXlCore.sys
2011/05/04 19:22:57.0729 5172        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/04 19:22:57.0762 5172        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/04 19:22:57.0799 5172        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/04 19:22:57.0838 5172        yukonwlh        (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/05/04 19:22:57.0880 5172        ZTEusbmdm6k    (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/05/04 19:22:57.0910 5172        ZTEusbnet      (9862f9d2ff50ae748ed42c022e6aac15) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
2011/05/04 19:22:57.0929 5172        ZTEusbnmea      (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/05/04 19:22:57.0953 5172        ZTEusbser6k    (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/05/04 19:22:57.0981 5172        ZTEusbvoice    (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
2011/05/04 19:22:58.0080 5172        ================================================================================
2011/05/04 19:22:58.0080 5172        Scan finished
2011/05/04 19:22:58.0080 5172        ================================================================================
2011/05/04 19:22:58.0091 5360        Detected object count: 1
2011/05/04 19:22:59.0655 5360        LockedFile.Multi.Generic(sptd) - User select action: Skip

cosinus 04.05.2011 18:56
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:04 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55