| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR Dropper.genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.04.2011, 13:39
| #1 |
 |  TR Dropper.gen Hallo, ich hatte den besagten Virus zu spät erkannt da der Dateiname sehr lang war und es keine exe sein sollte welches dann später ersichtlich war. :/ Durch Procmon konnte ich dann erkennen was da angerichtet wurde, habe die Datei per Antivir in Quarantäne verschoben, eine Datei namens regupdate (oder ähnlich) aus Appdata/roaming/local gelöscht und mein Registry-Backup von gestern drübergezogen :=) Sonstige Maßnahmen: Vollscan Antivir-Prof, Malware-Bytes, CCleaner. Sonstige neue Probleme: etas längeren schwarzen Boot-Bildschirm, Runterrasseln von DLLS nach dem Bios.. verlängerte Bootzeit nachdem ich es gestern frisch auf 30Seks optimiert habe. Die Combofix-Logs hätte ich auch gern erledigt, allerdings bekomme ich direkt beim Start bei 100% vorbereitung "Page_pool" und Sonstige Blue-Screens. MfG, Schuppe Ist das nu erledigt ? |
|
01.05.2011, 16:04
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR Dropper.gen Wo sind die Logs von Malwarebytes, AntiVir usw? Bitte alles posten!!
__________________Zitat:
__________________ |
|
02.05.2011, 17:43
| #3 |
| | TR Dropper.gen also hier das File.. mbam hat was gefunden was antivir nicht fand .. hatte allerdings keinen FakeAlert.
__________________Geändert von Schuppe (02.05.2011 um 18:07 Uhr) |
|
02.05.2011, 19:55
| #4 | |
| | TR Dropper.genZitat:
|
|
02.05.2011, 20:31
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR Dropper.genZitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.05.2011, 16:16
| #6 |
| | TR Dropper.gen okay hier denn noch der Log von heute! |
|
03.05.2011, 18:46
| #7 |
| | TR Dropper.gen achso sry hier nochmal der voll-log .. 0 gefunden ^^ |
|
04.05.2011, 10:37
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR Dropper.gen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{dcd9604f-64fe-11df-8525-f44743a34c58}\Shell - "" = AutoRun
O33 - MountPoints2\{dcd9604f-64fe-11df-8525-f44743a34c58}\Shell\AutoRun\command - "" = I:\preinst.exe
O33 - MountPoints2\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\Shell - "" = AutoRun
O33 - MountPoints2\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\Shell - "" = AutoRun
O33 - MountPoints2\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6866BFC2
@Alternate Data Stream - 1317 bytes -> C:\Users\***\AppData\Local\Temp:ZHKMaX5qOR5AFpyA0QK552H6
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2011, 16:18
| #9 |
| | TR Dropper.gen Hier mal die Ausgabe: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
E:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcd9604f-64fe-11df-8525-f44743a34c58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcd9604f-64fe-11df-8525-f44743a34c58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcd9604f-64fe-11df-8525-f44743a34c58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcd9604f-64fe-11df-8525-f44743a34c58}\ not found.
File I:\preinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
ADS C:\ProgramData\TEMP:6866BFC2 deleted successfully.
Unable to delete ADS C:\Users\***\AppData\Local\Temp:ZHKMaX5qOR5AFpyA0QK552H6 .
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Philipp
->Temp folder emptied: 257375 bytes
->Temporary Internet Files folder emptied: 16287215 bytes
->Java cache emptied: 5706 bytes
->FireFox cache emptied: 123315893 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2403 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3302 bytes
RecycleBin emptied: 17213025 bytes
Total Files Cleaned = 150,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 05042011_171402
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
04.05.2011, 16:21
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR Dropper.genZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2011, 16:58
| #11 |
| | TR Dropper.gen jetzt ja.. Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
File E:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcd9604f-64fe-11df-8525-f44743a34c58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcd9604f-64fe-11df-8525-f44743a34c58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcd9604f-64fe-11df-8525-f44743a34c58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcd9604f-64fe-11df-8525-f44743a34c58}\ not found.
File I:\preinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6db7d79-66aa-11e0-9266-d5d4299a40d6}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee55c9e7-59f9-11df-a2ab-af179c3efe06}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Unable to delete ADS C:\ProgramData\TEMP:05EE1EEF .
Unable to delete ADS C:\ProgramData\TEMP:6866BFC2 .
ADS C:\Users\Philipp\AppData\Local\Temp:ZHKMaX5qOR5AFpyA0QK552H6 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:D1B5B4F1 .
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Philipp
->Temp folder emptied: 527596 bytes
->Temporary Internet Files folder emptied: 739840 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38493575 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1033 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 38,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 05042011_175349
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
04.05.2011, 18:04
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR Dropper.gen Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2011, 18:26
| #13 |
| | TR Dropper.genCode:
ATTFilter 2011/05/04 19:22:42.0850 5936 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/04 19:22:43.0007 5936 ================================================================================
2011/05/04 19:22:43.0007 5936 SystemInfo:
2011/05/04 19:22:43.0007 5936
2011/05/04 19:22:43.0007 5936 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/04 19:22:43.0007 5936 Product type: Workstation
2011/05/04 19:22:43.0007 5936 ComputerName: PHILIPP-PC
2011/05/04 19:22:43.0007 5936 UserName: Philipp
2011/05/04 19:22:43.0007 5936 Windows directory: C:\Windows
2011/05/04 19:22:43.0007 5936 System windows directory: C:\Windows
2011/05/04 19:22:43.0008 5936 Processor architecture: Intel x86
2011/05/04 19:22:43.0008 5936 Number of processors: 4
2011/05/04 19:22:43.0008 5936 Page size: 0x1000
2011/05/04 19:22:43.0008 5936 Boot type: Normal boot
2011/05/04 19:22:43.0008 5936 ================================================================================
2011/05/04 19:22:43.0304 5936 Initialize success
2011/05/04 19:22:48.0644 5172 ================================================================================
2011/05/04 19:22:48.0644 5172 Scan started
2011/05/04 19:22:48.0644 5172 Mode: Manual;
2011/05/04 19:22:48.0644 5172 ================================================================================
2011/05/04 19:22:49.0181 5172 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/04 19:22:49.0235 5172 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/04 19:22:49.0257 5172 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/04 19:22:49.0280 5172 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/04 19:22:49.0306 5172 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/04 19:22:49.0361 5172 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/04 19:22:49.0394 5172 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/04 19:22:49.0423 5172 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/04 19:22:49.0442 5172 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/04 19:22:49.0464 5172 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/04 19:22:49.0478 5172 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/04 19:22:49.0490 5172 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/04 19:22:49.0514 5172 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/04 19:22:49.0675 5172 amdkmdag (8fd111119be6924b1b8c3976fac1b535) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/04 19:22:49.0749 5172 amdkmdap (c9b705ff53b15dd71f6a4d4f45396edd) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/05/04 19:22:49.0850 5172 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/04 19:22:49.0872 5172 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/04 19:22:49.0907 5172 AsIO (663f2fb92608073824ee3106886120f3) C:\Windows\system32\drivers\AsIO.sys
2011/05/04 19:22:49.0942 5172 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/04 19:22:49.0964 5172 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/04 19:22:50.0007 5172 AtiHDAudioService (0c3c2e9136397e1aaa9033dcae25ced2) C:\Windows\system32\drivers\AtihdLH3.sys
2011/05/04 19:22:50.0039 5172 AtiHdmiService (f48d470154cc58cd6520771464fbec3f) C:\Windows\system32\drivers\AtiHdmi.sys
2011/05/04 19:22:50.0184 5172 atikmdag (8fd111119be6924b1b8c3976fac1b535) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/04 19:22:50.0254 5172 ATITool (d4ed96ac2fafee2c697436b9a2871cd3) C:\Windows\system32\DRIVERS\ATITool.sys
2011/05/04 19:22:50.0286 5172 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/04 19:22:50.0322 5172 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/04 19:22:50.0350 5172 AVMUNET (077b3692f4376d1539755761feef659a) C:\Windows\system32\DRIVERS\avmunet.sys
2011/05/04 19:22:50.0391 5172 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/04 19:22:50.0423 5172 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/04 19:22:50.0451 5172 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/04 19:22:50.0473 5172 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/04 19:22:50.0490 5172 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/04 19:22:50.0515 5172 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/04 19:22:50.0526 5172 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/04 19:22:50.0544 5172 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/04 19:22:50.0561 5172 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/04 19:22:50.0572 5172 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/04 19:22:50.0617 5172 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\Windows\system32\DRIVERS\Camdrl.sys
2011/05/04 19:22:50.0635 5172 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/04 19:22:50.0665 5172 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/04 19:22:50.0712 5172 cFosSpeed (3cd947a26cb3fe8bfc81e746cff88877) C:\Windows\system32\DRIVERS\cfosspeed.sys
2011/05/04 19:22:50.0738 5172 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/04 19:22:50.0768 5172 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/04 19:22:50.0799 5172 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/04 19:22:50.0812 5172 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/05/04 19:22:50.0827 5172 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/04 19:22:50.0855 5172 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/04 19:22:50.0896 5172 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\Windows\system32\drivers\CT20XUT.SYS
2011/05/04 19:22:50.0923 5172 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\Windows\System32\drivers\CT20XUT.SYS
2011/05/04 19:22:50.0958 5172 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\Windows\system32\drivers\ctac32k.sys
2011/05/04 19:22:50.0994 5172 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\Windows\system32\drivers\ctaud2k.sys
2011/05/04 19:22:51.0032 5172 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\Windows\system32\drivers\ctdvda2k.sys
2011/05/04 19:22:51.0074 5172 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/05/04 19:22:51.0124 5172 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/05/04 19:22:51.0168 5172 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/05/04 19:22:51.0183 5172 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/05/04 19:22:51.0207 5172 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\Windows\system32\drivers\ctprxy2k.sys
2011/05/04 19:22:51.0228 5172 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\Windows\system32\drivers\ctsfm2k.sys
2011/05/04 19:22:51.0270 5172 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/04 19:22:51.0314 5172 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/04 19:22:51.0375 5172 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/04 19:22:51.0413 5172 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/04 19:22:51.0454 5172 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/04 19:22:51.0488 5172 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/04 19:22:51.0531 5172 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/04 19:22:51.0566 5172 emupia (04afe5c11777e33178ec11e1fac47b07) C:\Windows\system32\drivers\emupia2k.sys
2011/05/04 19:22:51.0598 5172 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
2011/05/04 19:22:51.0613 5172 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/04 19:22:51.0664 5172 ESLvnic1 (3f3126a8f73e92f8eb369d54977d9e15) C:\Windows\system32\DRIVERS\ESLvnic.sys
2011/05/04 19:22:51.0709 5172 ESLWireAC (47d9bed54cd3ff24b9c17a730f89c711) C:\Windows\system32\drivers\ESLWireACD.sys
2011/05/04 19:22:51.0760 5172 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/04 19:22:51.0792 5172 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/04 19:22:51.0816 5172 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/04 19:22:51.0845 5172 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/04 19:22:51.0865 5172 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/04 19:22:51.0889 5172 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/04 19:22:51.0918 5172 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/04 19:22:51.0960 5172 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/04 19:22:51.0982 5172 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/04 19:22:52.0015 5172 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/04 19:22:52.0051 5172 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/05/04 19:22:52.0077 5172 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/05/04 19:22:52.0149 5172 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\Windows\system32\drivers\ha20x2k.sys
2011/05/04 19:22:52.0191 5172 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/05/04 19:22:52.0253 5172 HCW85BDA (09139afcf7697461059eec49a8fe66a2) C:\Windows\system32\drivers\HCW85BDA.sys
2011/05/04 19:22:52.0295 5172 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/05/04 19:22:52.0334 5172 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/04 19:22:52.0368 5172 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/04 19:22:52.0385 5172 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/04 19:22:52.0427 5172 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/04 19:22:52.0451 5172 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/04 19:22:52.0487 5172 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/04 19:22:52.0510 5172 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/04 19:22:52.0530 5172 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/04 19:22:52.0557 5172 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/04 19:22:52.0598 5172 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/04 19:22:52.0659 5172 IntcAzAudAddService (97cac2a7e92ffcb30c15101ab002ed30) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/04 19:22:52.0694 5172 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/04 19:22:52.0712 5172 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/04 19:22:52.0734 5172 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/04 19:22:52.0778 5172 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/04 19:22:52.0803 5172 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/04 19:22:52.0828 5172 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/04 19:22:52.0843 5172 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/04 19:22:52.0868 5172 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/04 19:22:52.0882 5172 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/04 19:22:52.0899 5172 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/04 19:22:52.0917 5172 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/04 19:22:52.0947 5172 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/04 19:22:52.0988 5172 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/04 19:22:53.0046 5172 L8042Kbd (dc61f15187372d164769c841655e58f3) C:\Windows\system32\DRIVERS\L8042Kbd.sys
2011/05/04 19:22:53.0073 5172 L8042mou (cb6e007d3a67cb80ee9df2afd4b0fc9d) C:\Windows\system32\DRIVERS\L8042mou.Sys
2011/05/04 19:22:53.0109 5172 LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/05/04 19:22:53.0143 5172 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/04 19:22:53.0172 5172 LMouFilt (8fe0008e183ff0293a925b78a5581c5f) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/05/04 19:22:53.0193 5172 LMouKE (58597a99792461e89bb5c44e17508d70) C:\Windows\system32\DRIVERS\LMouKE.Sys
2011/05/04 19:22:53.0220 5172 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/04 19:22:53.0237 5172 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/04 19:22:53.0257 5172 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/04 19:22:53.0269 5172 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/04 19:22:53.0302 5172 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\Windows\system32\DRIVERS\LVUSBSta.sys
2011/05/04 19:22:53.0344 5172 massfilter (f0435fe3c1ec2659d2bbf073ca0752ee) C:\Windows\system32\DRIVERS\massfilter.sys
2011/05/04 19:22:53.0439 5172 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/04 19:22:53.0526 5172 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/04 19:22:53.0550 5172 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/04 19:22:53.0575 5172 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/04 19:22:53.0598 5172 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/04 19:22:53.0622 5172 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/04 19:22:53.0636 5172 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/04 19:22:53.0668 5172 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/04 19:22:53.0694 5172 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/04 19:22:53.0717 5172 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/04 19:22:53.0734 5172 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/04 19:22:53.0754 5172 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/04 19:22:53.0790 5172 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/04 19:22:53.0814 5172 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/04 19:22:53.0833 5172 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/04 19:22:53.0848 5172 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/04 19:22:53.0870 5172 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/04 19:22:53.0899 5172 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/04 19:22:53.0927 5172 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/04 19:22:53.0944 5172 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/04 19:22:53.0958 5172 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/04 19:22:53.0979 5172 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/04 19:22:54.0000 5172 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/04 19:22:54.0027 5172 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/04 19:22:54.0061 5172 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/05/04 19:22:54.0078 5172 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/04 19:22:54.0113 5172 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/04 19:22:54.0140 5172 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/04 19:22:54.0162 5172 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/04 19:22:54.0176 5172 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/04 19:22:54.0195 5172 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/04 19:22:54.0214 5172 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/04 19:22:54.0227 5172 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/04 19:22:54.0249 5172 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/04 19:22:54.0283 5172 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/04 19:22:54.0298 5172 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/04 19:22:54.0322 5172 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/04 19:22:54.0365 5172 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/04 19:22:54.0391 5172 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/04 19:22:54.0410 5172 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/04 19:22:54.0432 5172 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/04 19:22:54.0448 5172 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/04 19:22:54.0472 5172 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/04 19:22:54.0527 5172 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/04 19:22:54.0552 5172 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\Windows\system32\drivers\ctoss2k.sys
2011/05/04 19:22:54.0575 5172 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/04 19:22:54.0596 5172 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/04 19:22:54.0638 5172 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/04 19:22:54.0657 5172 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/04 19:22:54.0687 5172 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/04 19:22:54.0706 5172 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/04 19:22:54.0747 5172 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/04 19:22:54.0814 5172 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/04 19:22:54.0837 5172 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/04 19:22:54.0876 5172 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/04 19:22:54.0921 5172 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/04 19:22:54.0944 5172 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/04 19:22:54.0965 5172 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/04 19:22:54.0977 5172 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/04 19:22:55.0003 5172 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/04 19:22:55.0039 5172 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/04 19:22:55.0054 5172 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/04 19:22:55.0085 5172 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/04 19:22:55.0106 5172 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/04 19:22:55.0136 5172 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/04 19:22:55.0169 5172 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/04 19:22:55.0203 5172 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/04 19:22:55.0245 5172 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/04 19:22:55.0286 5172 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys
2011/05/04 19:22:55.0313 5172 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys
2011/05/04 19:22:55.0339 5172 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys
2011/05/04 19:22:55.0368 5172 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys
2011/05/04 19:22:55.0385 5172 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys
2011/05/04 19:22:55.0414 5172 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys
2011/05/04 19:22:55.0435 5172 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys
2011/05/04 19:22:55.0452 5172 s117bus (1f561844318914e7eb6e54673a4cc54c) C:\Windows\system32\DRIVERS\s117bus.sys
2011/05/04 19:22:55.0471 5172 s117mdfl (ba93eec3cdf6a63b77ae66221aa4f902) C:\Windows\system32\DRIVERS\s117mdfl.sys
2011/05/04 19:22:55.0492 5172 s117mdm (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\Windows\system32\DRIVERS\s117mdm.sys
2011/05/04 19:22:55.0506 5172 s117mgmt (bd6483e64b1da17e812b34bcdefd9459) C:\Windows\system32\DRIVERS\s117mgmt.sys
2011/05/04 19:22:55.0534 5172 s117nd5 (c7ca36c3054b4cd47a1f6611b046e2f9) C:\Windows\system32\DRIVERS\s117nd5.sys
2011/05/04 19:22:55.0555 5172 s117obex (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\Windows\system32\DRIVERS\s117obex.sys
2011/05/04 19:22:55.0578 5172 s117unic (5c4d1ba23c7511ac880e8ba7baa80dba) C:\Windows\system32\DRIVERS\s117unic.sys
2011/05/04 19:22:55.0601 5172 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/04 19:22:55.0642 5172 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/04 19:22:55.0677 5172 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/04 19:22:55.0700 5172 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/05/04 19:22:55.0718 5172 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/04 19:22:55.0753 5172 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/04 19:22:55.0768 5172 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/04 19:22:55.0782 5172 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/04 19:22:55.0794 5172 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/04 19:22:55.0833 5172 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/04 19:22:55.0857 5172 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/04 19:22:55.0881 5172 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/04 19:22:55.0914 5172 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/04 19:22:55.0960 5172 snpstd (d08d19ee68cb88ab1bc5da3081505847) C:\Windows\system32\DRIVERS\snpstd.sys
2011/05/04 19:22:55.0988 5172 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/04 19:22:56.0031 5172 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/05/04 19:22:56.0032 5172 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/05/04 19:22:56.0036 5172 sptd - detected LockedFile.Multi.Generic (1)
2011/05/04 19:22:56.0060 5172 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/04 19:22:56.0093 5172 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/04 19:22:56.0125 5172 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/04 19:22:56.0154 5172 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/04 19:22:56.0200 5172 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/04 19:22:56.0228 5172 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/04 19:22:56.0252 5172 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/04 19:22:56.0272 5172 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/04 19:22:56.0346 5172 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/05/04 19:22:56.0388 5172 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/04 19:22:56.0413 5172 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/04 19:22:56.0441 5172 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/04 19:22:56.0459 5172 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/04 19:22:56.0490 5172 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/04 19:22:56.0536 5172 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/04 19:22:56.0582 5172 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/04 19:22:56.0594 5172 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/04 19:22:56.0629 5172 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/04 19:22:56.0652 5172 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/04 19:22:56.0680 5172 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/04 19:22:56.0712 5172 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/04 19:22:56.0733 5172 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/04 19:22:56.0746 5172 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/04 19:22:56.0765 5172 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/04 19:22:56.0786 5172 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/04 19:22:56.0860 5172 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/05/04 19:22:56.0904 5172 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/04 19:22:56.0931 5172 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/04 19:22:56.0958 5172 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/04 19:22:56.0978 5172 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/04 19:22:57.0011 5172 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/04 19:22:57.0029 5172 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/04 19:22:57.0048 5172 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/04 19:22:57.0066 5172 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/04 19:22:57.0087 5172 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/04 19:22:57.0116 5172 VBoxDrv (bb2bf5e7078f05bac1e3dd523cb150f6) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/05/04 19:22:57.0137 5172 VBoxNetAdp (87f80943992bda64bc2208f3ccd0d38a) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/05/04 19:22:57.0156 5172 VBoxNetFlt (779a92465beb0f2a1ed180c09f0ffc0e) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/05/04 19:22:57.0178 5172 VBoxUSBMon (b6879530399e6a7c769f87467ba62b29) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/05/04 19:22:57.0202 5172 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/04 19:22:57.0217 5172 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/04 19:22:57.0239 5172 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/04 19:22:57.0260 5172 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/04 19:22:57.0280 5172 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/04 19:22:57.0296 5172 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/04 19:22:57.0313 5172 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/04 19:22:57.0335 5172 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/04 19:22:57.0357 5172 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/04 19:22:57.0394 5172 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/04 19:22:57.0413 5172 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/04 19:22:57.0422 5172 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/04 19:22:57.0470 5172 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/04 19:22:57.0489 5172 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/04 19:22:57.0584 5172 WmBEnum (59c90bc8317bd3f6e5559a4deaf35090) C:\Windows\system32\drivers\WmBEnum.sys
2011/05/04 19:22:57.0621 5172 WmFilter (999a4539ad634a741afd357e290bd461) C:\Windows\system32\drivers\WmFilter.sys
2011/05/04 19:22:57.0640 5172 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/04 19:22:57.0673 5172 WmVirHid (0b8c64b13776f17537f0705fe62799c6) C:\Windows\system32\drivers\WmVirHid.sys
2011/05/04 19:22:57.0691 5172 WmXlCore (8d388aeb1a12c1192aa9b4ebceabcba6) C:\Windows\system32\drivers\WmXlCore.sys
2011/05/04 19:22:57.0729 5172 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/04 19:22:57.0762 5172 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/04 19:22:57.0799 5172 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/04 19:22:57.0838 5172 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/05/04 19:22:57.0880 5172 ZTEusbmdm6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/05/04 19:22:57.0910 5172 ZTEusbnet (9862f9d2ff50ae748ed42c022e6aac15) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
2011/05/04 19:22:57.0929 5172 ZTEusbnmea (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/05/04 19:22:57.0953 5172 ZTEusbser6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/05/04 19:22:57.0981 5172 ZTEusbvoice (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
2011/05/04 19:22:58.0080 5172 ================================================================================
2011/05/04 19:22:58.0080 5172 Scan finished
2011/05/04 19:22:58.0080 5172 ================================================================================
2011/05/04 19:22:58.0091 5360 Detected object count: 1
2011/05/04 19:22:59.0655 5360 LockedFile.Multi.Generic(sptd) - User select action: Skip
|
|
04.05.2011, 18:56
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR Dropper.gen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR Dropper.gen |
| 100%, antivir, datei, dateiname, direkt, dropper.gen, erkannt, erkenne, erkennen, erledigt, ersichtlich, exe, frisch, gelöscht, gestern, konnte, maßnahme, namens, neue, probleme, quarantäne, schwarze, start, tr dropper.gen, verschoben, virus |
Linear-Darstellung
