Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.03.2012, 18:42   #1
Fresh_Win
 
Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M - Standard

Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M



Hallo zusammen,

ich habe heute den alten Rechner von einem Freund bekommen da dort der "Bundespolizei" Trojaner/Virus drauf ist. Hab bereits einige Anleitungen hier gelesen und es auch geschafft den PC wieder normal zu benutzen. Habe anschließend aswMBR laufen lassen welcher ein Rootkit fand: BOO/TDss.M

Habe dann weiter mich hier umgesehen um Lösungen zu finden. Hat aber nichts geholfen. Deswegen eröffne ich nun einen Threat in der Hoffnung die restlichen Rückstände auch noch entfernen zu können.

Habe keine Windows CD vorliegen sowie an dem infizierten System KEIN Internet. Hier sind ein paar logs :
Code:
ATTFilter
16:05:27.0218 4976	TDSS rootkit removing tool 2.7.21.0 Mar 21 2012 09:06:51
16:05:27.0328 4976	============================================================
16:05:27.0328 4976	Current date / time: 2012/03/21 16:05:27.0328
16:05:27.0328 4976	SystemInfo:
16:05:27.0328 4976	
16:05:27.0328 4976	OS Version: 5.1.2600 ServicePack: 3.0
16:05:27.0328 4976	Product type: Workstation
16:05:27.0328 4976	ComputerName: DELL
16:05:27.0328 4976	UserName: Rasmus Hersland
16:05:27.0328 4976	Windows directory: C:\WINDOWS
16:05:27.0328 4976	System windows directory: C:\WINDOWS
16:05:27.0328 4976	Processor architecture: Intel x86
16:05:27.0328 4976	Number of processors: 2
16:05:27.0328 4976	Page size: 0x1000
16:05:27.0328 4976	Boot type: Normal boot
16:05:27.0328 4976	============================================================
16:05:27.0984 4976	Drive \Device\Harddisk0\DR0 - Size: 0x4A81300000 (298.02 Gb), SectorSize: 0x200, Cylinders: 0x97F7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:05:28.0031 4976	Drive \Device\Harddisk5\DR20 - Size: 0x1DCD80000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:05:28.0031 4976	\Device\Harddisk0\DR0:
16:05:28.0031 4976	MBR used
16:05:28.0031 4976	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x24A9E051
16:05:28.0031 4976	\Device\Harddisk5\DR20:
16:05:28.0031 4976	MBR used
16:05:28.0031 4976	\Device\Harddisk5\DR20\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE6BE0
16:05:28.0062 4976	Initialize success
16:05:28.0062 4976	============================================================
16:05:29.0968 5408	============================================================
16:05:29.0968 5408	Scan started
16:05:29.0968 5408	Mode: Manual; 
16:05:29.0968 5408	============================================================
16:05:30.0671 5408	Abiosdsk - ok
16:05:30.0718 5408	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:05:30.0718 5408	abp480n5 - ok
16:05:30.0781 5408	acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\WINDOWS\system32\drivers\acedrv11.sys
16:05:30.0781 5408	acedrv11 - ok
16:05:30.0828 5408	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:05:30.0828 5408	ACPI - ok
16:05:30.0859 5408	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:05:30.0875 5408	ACPIEC - ok
16:05:30.0906 5408	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:05:30.0906 5408	adpu160m - ok
16:05:30.0937 5408	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:05:30.0953 5408	aec - ok
16:05:31.0031 5408	AFD             (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
16:05:31.0031 5408	AFD - ok
16:05:31.0093 5408	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:05:31.0093 5408	agp440 - ok
16:05:31.0109 5408	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:05:31.0109 5408	agpCPQ - ok
16:05:31.0125 5408	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:05:31.0125 5408	Aha154x - ok
16:05:31.0140 5408	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:05:31.0140 5408	aic78u2 - ok
16:05:31.0156 5408	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:05:31.0156 5408	aic78xx - ok
16:05:31.0171 5408	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:05:31.0171 5408	AliIde - ok
16:05:31.0234 5408	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:05:31.0234 5408	alim1541 - ok
16:05:31.0250 5408	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:05:31.0250 5408	amdagp - ok
16:05:31.0265 5408	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:05:31.0265 5408	amsint - ok
16:05:31.0328 5408	AnyDVD          (9410a723f054537b3304b30d0680b0ec) C:\WINDOWS\system32\Drivers\AnyDVD.sys
16:05:31.0343 5408	AnyDVD - ok
16:05:31.0375 5408	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:05:31.0375 5408	asc - ok
16:05:31.0406 5408	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:05:31.0406 5408	asc3350p - ok
16:05:31.0421 5408	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:05:31.0421 5408	asc3550 - ok
16:05:31.0484 5408	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:05:31.0484 5408	AsyncMac - ok
16:05:31.0515 5408	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:05:31.0531 5408	atapi - ok
16:05:31.0531 5408	Atdisk - ok
16:05:31.0578 5408	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:05:31.0593 5408	Atmarpc - ok
16:05:31.0625 5408	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:05:31.0625 5408	audstub - ok
16:05:31.0734 5408	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
16:05:31.0734 5408	avgio - ok
16:05:31.0765 5408	avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:05:31.0781 5408	avgntflt - ok
16:05:31.0812 5408	avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:05:31.0812 5408	avipbb - ok
16:05:31.0906 5408	bdfdll          (ed2179e5cd86eabfdc227601c3094c64) C:\Programme\Softwin\BitDefender9\bdfdll.sys
16:05:31.0906 5408	bdfdll - ok
16:05:31.0921 5408	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:05:31.0921 5408	Beep - ok
16:05:31.0968 5408	BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
16:05:31.0968 5408	BrScnUsb - ok
16:05:32.0062 5408	BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
16:05:32.0062 5408	BthEnum - ok
16:05:32.0109 5408	BTHMODEM        (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
16:05:32.0109 5408	BTHMODEM - ok
16:05:32.0140 5408	BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
16:05:32.0140 5408	BthPan - ok
16:05:32.0203 5408	BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
16:05:32.0203 5408	BTHPORT - ok
16:05:32.0281 5408	BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
16:05:32.0281 5408	BTHUSB - ok
16:05:32.0296 5408	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:05:32.0296 5408	cbidf - ok
16:05:32.0296 5408	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:05:32.0296 5408	cbidf2k - ok
16:05:32.0328 5408	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:05:32.0328 5408	CCDECODE - ok
16:05:32.0406 5408	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:05:32.0406 5408	cd20xrnt - ok
16:05:32.0437 5408	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:05:32.0437 5408	Cdaudio - ok
16:05:32.0484 5408	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:05:32.0484 5408	Cdfs - ok
16:05:32.0531 5408	Cdrom           (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:05:32.0531 5408	Cdrom - ok
16:05:32.0531 5408	Changer - ok
16:05:32.0578 5408	CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:05:32.0578 5408	CmdIde - ok
16:05:32.0671 5408	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:05:32.0671 5408	Cpqarray - ok
16:05:32.0812 5408	cpuz135         (0283b43c6bc965175a1c92b255d39556) C:\Programme\CPUID\PC Wizard 2012\pcwiz_x32.sys
16:05:32.0828 5408	cpuz135 - ok
16:05:32.0890 5408	ctac32k         (177bc4ee3840119a780eafad5a010f8f) C:\WINDOWS\system32\drivers\ctac32k.sys
16:05:32.0906 5408	ctac32k - ok
16:05:32.0968 5408	ctaud2k         (eb0c0d62d8d2b8f41da149c866e93397) C:\WINDOWS\system32\drivers\ctaud2k.sys
16:05:32.0968 5408	ctaud2k - ok
16:05:33.0015 5408	ctdvda2k        (5a0eeb00b02fc78605aa9d3590b24978) C:\WINDOWS\system32\drivers\ctdvda2k.sys
16:05:33.0031 5408	ctdvda2k - ok
16:05:33.0062 5408	ctprxy2k        (7d7eea7ffbc19e1b712d241490be51ed) C:\WINDOWS\system32\drivers\ctprxy2k.sys
16:05:33.0062 5408	ctprxy2k - ok
16:05:33.0093 5408	ctsfm2k         (538122d33dd4b04cc189d5ca72bd6706) C:\WINDOWS\system32\drivers\ctsfm2k.sys
16:05:33.0093 5408	ctsfm2k - ok
16:05:33.0125 5408	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:05:33.0125 5408	dac2w2k - ok
16:05:33.0140 5408	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:05:33.0140 5408	dac960nt - ok
16:05:33.0203 5408	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:05:33.0203 5408	Disk - ok
16:05:33.0250 5408	DLABOIOM        (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
16:05:33.0250 5408	DLABOIOM - ok
16:05:33.0265 5408	DLACDBHM        (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
16:05:33.0265 5408	DLACDBHM - ok
16:05:33.0281 5408	DLADResN        (1fb7a7db89c16673a90d1f104455f38e) C:\WINDOWS\system32\DLA\DLADResN.SYS
16:05:33.0281 5408	DLADResN - ok
16:05:33.0312 5408	DLAIFS_M        (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
16:05:33.0312 5408	DLAIFS_M - ok
16:05:33.0328 5408	DLAOPIOM        (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
16:05:33.0328 5408	DLAOPIOM - ok
16:05:33.0343 5408	DLAPoolM        (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
16:05:33.0343 5408	DLAPoolM - ok
16:05:33.0343 5408	DLARTL_N        (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
16:05:33.0343 5408	DLARTL_N - ok
16:05:33.0359 5408	DLAUDFAM        (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
16:05:33.0359 5408	DLAUDFAM - ok
16:05:33.0375 5408	DLAUDF_M        (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
16:05:33.0375 5408	DLAUDF_M - ok
16:05:33.0421 5408	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
16:05:33.0437 5408	dmboot - ok
16:05:33.0515 5408	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
16:05:33.0515 5408	dmio - ok
16:05:33.0593 5408	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:05:33.0593 5408	dmload - ok
16:05:33.0640 5408	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:05:33.0640 5408	DMusic - ok
16:05:33.0703 5408	dot4            (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
16:05:33.0703 5408	dot4 - ok
16:05:33.0750 5408	Dot4Print       (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
16:05:33.0750 5408	Dot4Print - ok
16:05:33.0781 5408	dot4usb         (29e86af2f3457d0441348020fe3cfbd0) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
16:05:33.0781 5408	dot4usb - ok
16:05:33.0812 5408	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:05:33.0812 5408	dpti2o - ok
16:05:33.0843 5408	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:05:33.0843 5408	drmkaud - ok
16:05:33.0859 5408	DRVMCDB         (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
16:05:33.0859 5408	DRVMCDB - ok
16:05:33.0859 5408	DRVNDDM         (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
16:05:33.0859 5408	DRVNDDM - ok
16:05:33.0890 5408	E100B           (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:05:33.0890 5408	E100B - ok
16:05:34.0015 5408	e1express       (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:05:34.0031 5408	e1express - ok
16:05:34.0093 5408	efipsk - ok
16:05:34.0171 5408	ELacpi          (1976fedf6d7f87135c9b7f5cb4c8c868) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
16:05:34.0171 5408	ELacpi - ok
16:05:34.0203 5408	ElbyCDIO        (084a13f18856d610d44d3109a9d2acde) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
16:05:34.0203 5408	ElbyCDIO - ok
16:05:34.0250 5408	ELhid           (ae65c02444907966378454138b9f99f0) C:\WINDOWS\system32\DRIVERS\ELhid.sys
16:05:34.0250 5408	ELhid - ok
16:05:34.0265 5408	ELkbd           (e485c3ba1daddeef3e14fea1e8fda6e1) C:\WINDOWS\system32\DRIVERS\ELkbd.sys
16:05:34.0265 5408	ELkbd - ok
16:05:34.0296 5408	ELmon           (0d87cb825ed6cb2ebcc147a10a42f1d6) C:\WINDOWS\system32\DRIVERS\ELmon.sys
16:05:34.0296 5408	ELmon - ok
16:05:34.0296 5408	ELmou           (a4add3847b67bacab6fc851a2b60fdb3) C:\WINDOWS\system32\DRIVERS\ELmou.sys
16:05:34.0296 5408	ELmou - ok
16:05:34.0343 5408	emupia          (8e0eb62be9f9bee7c2e4c50685038e8d) C:\WINDOWS\system32\drivers\emupia2k.sys
16:05:34.0343 5408	emupia - ok
16:05:34.0406 5408	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:05:34.0406 5408	Fastfat - ok
16:05:34.0437 5408	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:05:34.0437 5408	Fdc - ok
16:05:34.0468 5408	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
16:05:34.0468 5408	Fips - ok
16:05:34.0531 5408	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:05:34.0531 5408	Flpydisk - ok
16:05:34.0625 5408	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:05:34.0625 5408	FltMgr - ok
16:05:34.0640 5408	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:05:34.0640 5408	Fs_Rec - ok
16:05:34.0656 5408	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:05:34.0656 5408	Ftdisk - ok
16:05:34.0687 5408	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:05:34.0687 5408	GEARAspiWDM - ok
16:05:34.0718 5408	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:05:34.0718 5408	Gpc - ok
16:05:34.0765 5408	ha20x2k         (f2607d0d89f57d3564cf65a61a237f1a) C:\WINDOWS\system32\drivers\ha20x2k.sys
16:05:34.0812 5408	ha20x2k - ok
16:05:34.0828 5408	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:05:34.0828 5408	HidUsb - ok
16:05:34.0875 5408	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:05:34.0875 5408	hpn - ok
16:05:34.0937 5408	HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:05:34.0937 5408	HPZid412 - ok
16:05:35.0000 5408	HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:05:35.0000 5408	HPZipr12 - ok
16:05:35.0046 5408	HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:05:35.0046 5408	HPZius12 - ok
16:05:35.0093 5408	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:05:35.0093 5408	HTTP - ok
16:05:35.0093 5408	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:05:35.0093 5408	i2omgmt - ok
16:05:35.0125 5408	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:05:35.0125 5408	i2omp - ok
16:05:35.0171 5408	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:05:35.0171 5408	i8042prt - ok
16:05:35.0250 5408	iastor          (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
16:05:35.0250 5408	iastor - ok
16:05:35.0281 5408	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:05:35.0281 5408	Imapi - ok
16:05:35.0328 5408	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:05:35.0328 5408	ini910u - ok
16:05:35.0359 5408	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:05:35.0359 5408	IntelIde - ok
16:05:35.0421 5408	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:05:35.0421 5408	intelppm - ok
16:05:35.0453 5408	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:05:35.0468 5408	Ip6Fw - ok
16:05:35.0484 5408	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:05:35.0484 5408	IpFilterDriver - ok
16:05:35.0500 5408	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:05:35.0500 5408	IpInIp - ok
16:05:35.0531 5408	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:05:35.0531 5408	IpNat - ok
16:05:35.0609 5408	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:05:35.0625 5408	IPSec - ok
16:05:35.0687 5408	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:05:35.0687 5408	IRENUM - ok
16:05:35.0718 5408	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:05:35.0718 5408	isapnp - ok
16:05:35.0734 5408	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:05:35.0734 5408	Kbdclass - ok
16:05:35.0734 5408	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:05:35.0750 5408	kbdhid - ok
16:05:35.0765 5408	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:05:35.0765 5408	kmixer - ok
16:05:35.0796 5408	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:05:35.0796 5408	KSecDD - ok
16:05:35.0796 5408	lbrtfdc - ok
16:05:35.0859 5408	MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
16:05:35.0859 5408	MHNDRV - ok
16:05:35.0859 5408	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:05:35.0859 5408	mnmdd - ok
16:05:35.0875 5408	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
16:05:35.0875 5408	Modem - ok
16:05:35.0890 5408	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:05:35.0890 5408	Mouclass - ok
16:05:35.0953 5408	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:05:35.0953 5408	mouhid - ok
16:05:35.0984 5408	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:05:35.0984 5408	MountMgr - ok
16:05:36.0015 5408	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:05:36.0015 5408	mraid35x - ok
16:05:36.0031 5408	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:05:36.0031 5408	MRxDAV - ok
16:05:36.0093 5408	MRxSmb          (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:05:36.0109 5408	MRxSmb - ok
16:05:36.0125 5408	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:05:36.0125 5408	Msfs - ok
16:05:36.0140 5408	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:05:36.0140 5408	MSKSSRV - ok
16:05:36.0171 5408	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:05:36.0171 5408	MSPCLOCK - ok
16:05:36.0187 5408	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:05:36.0187 5408	MSPQM - ok
16:05:36.0187 5408	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:05:36.0203 5408	mssmbios - ok
16:05:36.0218 5408	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:05:36.0218 5408	MSTEE - ok
16:05:36.0218 5408	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
16:05:36.0218 5408	Mup - ok
16:05:36.0234 5408	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:05:36.0250 5408	NABTSFEC - ok
16:05:36.0250 5408	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:05:36.0265 5408	NDIS - ok
16:05:36.0281 5408	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:05:36.0281 5408	NdisIP - ok
16:05:36.0296 5408	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:05:36.0296 5408	NdisTapi - ok
16:05:36.0312 5408	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:05:36.0328 5408	Ndisuio - ok
16:05:36.0343 5408	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:05:36.0343 5408	NdisWan - ok
16:05:36.0390 5408	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:05:36.0390 5408	NDProxy - ok
16:05:36.0406 5408	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:05:36.0406 5408	NetBIOS - ok
16:05:36.0421 5408	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:05:36.0421 5408	NetBT - ok
16:05:36.0453 5408	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:05:36.0453 5408	Npfs - ok
16:05:36.0484 5408	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:05:36.0500 5408	Ntfs - ok
16:05:36.0546 5408	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:05:36.0562 5408	Null - ok
16:05:36.0734 5408	nv              (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:05:36.0843 5408	nv - ok
16:05:36.0890 5408	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:05:36.0890 5408	NwlnkFlt - ok
16:05:36.0906 5408	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:05:36.0906 5408	NwlnkFwd - ok
16:05:36.0937 5408	ossrv           (611b58c2fd89aa9e80743a197ba62277) C:\WINDOWS\system32\drivers\ctoss2k.sys
16:05:36.0953 5408	ossrv - ok
16:05:36.0984 5408	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
16:05:36.0984 5408	Parport - ok
16:05:37.0000 5408	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:05:37.0000 5408	PartMgr - ok
16:05:37.0015 5408	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
16:05:37.0031 5408	ParVdm - ok
16:05:37.0046 5408	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
16:05:37.0046 5408	PCI - ok
16:05:37.0062 5408	PCIDump - ok
16:05:37.0093 5408	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:05:37.0093 5408	PCIIde - ok
16:05:37.0125 5408	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:05:37.0125 5408	Pcmcia - ok
16:05:37.0187 5408	Pcouffin        (5b68c60b01dac03d895ec1ca0a0365da) C:\WINDOWS\system32\Drivers\Pcouffin.sys
16:05:37.0187 5408	Pcouffin - ok
16:05:37.0187 5408	PDCOMP - ok
16:05:37.0203 5408	PDFRAME - ok
16:05:37.0203 5408	PDRELI - ok
16:05:37.0218 5408	PDRFRAME - ok
16:05:37.0250 5408	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:05:37.0250 5408	perc2 - ok
16:05:37.0265 5408	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:05:37.0265 5408	perc2hib - ok
16:05:37.0312 5408	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:05:37.0312 5408	PptpMiniport - ok
16:05:37.0328 5408	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:05:37.0328 5408	PSched - ok
16:05:37.0343 5408	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:05:37.0343 5408	Ptilink - ok
16:05:37.0343 5408	PxHelp20        (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:05:37.0343 5408	PxHelp20 - ok
16:05:37.0359 5408	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:05:37.0375 5408	ql1080 - ok
16:05:37.0406 5408	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:05:37.0406 5408	Ql10wnt - ok
16:05:37.0421 5408	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:05:37.0421 5408	ql12160 - ok
16:05:37.0437 5408	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:05:37.0437 5408	ql1240 - ok
16:05:37.0468 5408	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:05:37.0468 5408	ql1280 - ok
16:05:37.0500 5408	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:05:37.0500 5408	RasAcd - ok
16:05:37.0546 5408	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:05:37.0546 5408	Rasl2tp - ok
16:05:37.0562 5408	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:05:37.0562 5408	RasPppoe - ok
16:05:37.0562 5408	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:05:37.0578 5408	Raspti - ok
16:05:37.0609 5408	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:05:37.0609 5408	Rdbss - ok
16:05:37.0625 5408	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:05:37.0625 5408	RDPCDD - ok
16:05:37.0640 5408	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:05:37.0640 5408	rdpdr - ok
16:05:37.0687 5408	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
16:05:37.0687 5408	RDPWD - ok
16:05:37.0718 5408	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:05:37.0718 5408	redbook - ok
16:05:37.0781 5408	RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
16:05:37.0781 5408	RFCOMM - ok
16:05:37.0812 5408	ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:05:37.0812 5408	ROOTMODEM - ok
16:05:37.0890 5408	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:05:37.0890 5408	Secdrv - ok
16:05:37.0921 5408	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:05:37.0921 5408	serenum - ok
16:05:37.0953 5408	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
16:05:37.0953 5408	Serial - ok
16:05:38.0031 5408	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:05:38.0031 5408	Sfloppy - ok
16:05:38.0046 5408	Simbad - ok
16:05:38.0093 5408	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:05:38.0093 5408	sisagp - ok
16:05:38.0125 5408	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:05:38.0125 5408	SLIP - ok
16:05:38.0140 5408	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:05:38.0140 5408	Sparrow - ok
16:05:38.0171 5408	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:05:38.0171 5408	splitter - ok
16:05:38.0218 5408	sptd            (e8b705f9abe446aaf7a315ef8b4aea5a) C:\WINDOWS\system32\Drivers\sptd.sys
16:05:38.0218 5408	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: e8b705f9abe446aaf7a315ef8b4aea5a
16:05:38.0218 5408	sptd ( LockedFile.Multi.Generic ) - warning
16:05:38.0218 5408	sptd - detected LockedFile.Multi.Generic (1)
16:05:38.0234 5408	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
16:05:38.0234 5408	sr - ok
16:05:38.0265 5408	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:05:38.0281 5408	Srv - ok
16:05:38.0312 5408	SSHDRV86        (b9e31f2a3640403b0ea3a867bb73b9f4) C:\WINDOWS\system32\drivers\SSHDRV86.sys
16:05:38.0312 5408	SSHDRV86 - ok
16:05:38.0359 5408	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:05:38.0359 5408	ssmdrv - ok
16:05:38.0375 5408	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:05:38.0375 5408	streamip - ok
16:05:38.0390 5408	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:05:38.0390 5408	swenum - ok
16:05:38.0406 5408	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:05:38.0421 5408	swmidi - ok
16:05:38.0468 5408	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:05:38.0468 5408	symc810 - ok
16:05:38.0500 5408	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:05:38.0500 5408	symc8xx - ok
16:05:38.0515 5408	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:05:38.0515 5408	sym_hi - ok
16:05:38.0531 5408	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:05:38.0531 5408	sym_u3 - ok
16:05:38.0562 5408	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:05:38.0562 5408	sysaudio - ok
16:05:38.0687 5408	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:05:38.0687 5408	Tcpip - ok
16:05:38.0718 5408	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:05:38.0718 5408	TDPIPE - ok
16:05:38.0734 5408	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:05:38.0734 5408	TDTCP - ok
16:05:38.0765 5408	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:05:38.0765 5408	TermDD - ok
16:05:38.0781 5408	TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
16:05:38.0781 5408	TosIde - ok
16:05:38.0828 5408	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:05:38.0828 5408	Udfs - ok
16:05:38.0875 5408	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:05:38.0875 5408	ultra - ok
16:05:38.0937 5408	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:05:38.0937 5408	Update - ok
16:05:39.0000 5408	USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:05:39.0000 5408	USBAAPL - ok
16:05:39.0015 5408	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:05:39.0015 5408	usbaudio - ok
16:05:39.0031 5408	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:05:39.0031 5408	usbccgp - ok
16:05:39.0062 5408	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:05:39.0062 5408	usbehci - ok
16:05:39.0093 5408	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:05:39.0093 5408	usbhub - ok
16:05:39.0109 5408	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:05:39.0125 5408	usbprint - ok
16:05:39.0156 5408	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:05:39.0156 5408	usbscan - ok
16:05:39.0171 5408	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:05:39.0171 5408	USBSTOR - ok
16:05:39.0203 5408	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:05:39.0203 5408	usbuhci - ok
16:05:39.0265 5408	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:05:39.0265 5408	VgaSave - ok
16:05:39.0328 5408	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:05:39.0328 5408	viaagp - ok
16:05:39.0343 5408	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:05:39.0343 5408	ViaIde - ok
16:05:39.0390 5408	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
16:05:39.0390 5408	VolSnap - ok
16:05:39.0406 5408	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:05:39.0421 5408	Wanarp - ok
16:05:39.0500 5408	Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:05:39.0515 5408	Wdf01000 - ok
16:05:39.0515 5408	WDICA - ok
16:05:39.0531 5408	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:05:39.0531 5408	wdmaud - ok
16:05:39.0625 5408	WinUSB          (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
16:05:39.0625 5408	WinUSB - ok
16:05:39.0687 5408	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:05:39.0687 5408	WSTCODEC - ok
16:05:39.0734 5408	WudfPf          (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:05:39.0734 5408	WudfPf - ok
16:05:39.0796 5408	WudfRd          (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:05:39.0796 5408	WudfRd - ok
16:05:39.0812 5408	xcpip - ok
16:05:39.0828 5408	xpsec - ok
16:05:39.0875 5408	XUIF            (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
16:05:39.0875 5408	XUIF - ok
16:05:39.0906 5408	zumbus          (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
16:05:39.0906 5408	zumbus - ok
16:05:39.0937 5408	MBR (0x1B8)     (87f75abb087c82bee3a1fbec42bbabd0) \Device\Harddisk0\DR0
16:05:39.0953 5408	\Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
16:05:39.0953 5408	\Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
16:05:39.0953 5408	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR20
16:05:39.0968 5408	\Device\Harddisk5\DR20 - ok
16:05:39.0968 5408	Boot (0x1200)   (856f364dba3fed690eb70a8e2e5a931e) \Device\Harddisk0\DR0\Partition0
16:05:39.0968 5408	\Device\Harddisk0\DR0\Partition0 - ok
16:05:39.0984 5408	Boot (0x1200)   (fc0821f9ccf9d3a7f3e86c331e8594fb) \Device\Harddisk5\DR20\Partition0
16:05:39.0984 5408	\Device\Harddisk5\DR20\Partition0 - ok
16:05:39.0984 5408	============================================================
16:05:39.0984 5408	Scan finished
16:05:39.0984 5408	============================================================
16:05:39.0984 5888	Detected object count: 2
16:05:39.0984 5888	Actual detected object count: 2
16:06:20.0343 5888	sptd ( LockedFile.Multi.Generic ) - skipped by user
16:06:20.0343 5888	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
16:06:20.0421 5888	\Device\Harddisk0\DR0\# - copied to quarantine
16:06:20.0421 5888	\Device\Harddisk0\DR0 - copied to quarantine
16:06:20.0421 5888	\Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
16:06:20.0437 5888	\Device\Harddisk0\DR0 - ok
16:06:20.0437 5888	\Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure 
16:06:22.0640 5628	Deinitialize success
         
Das Rootkit hatte ich bereits mit tdsskiller entfernt. Das war folgendes : Backdoor.Win32.Sinowal.knf

Code:
ATTFilter
17:01:33.0046 5576	TDSS rootkit removing tool 2.7.21.0 Mar 21 2012 09:06:51
17:01:33.0093 5576	============================================================
17:01:33.0093 5576	Current date / time: 2012/03/21 17:01:33.0093
17:01:33.0093 5576	SystemInfo:
17:01:33.0093 5576	
17:01:33.0093 5576	OS Version: 5.1.2600 ServicePack: 3.0
17:01:33.0093 5576	Product type: Workstation
17:01:33.0093 5576	ComputerName: DELL
17:01:33.0109 5576	UserName: Rasmus Hersland
17:01:33.0109 5576	Windows directory: C:\WINDOWS
17:01:33.0109 5576	System windows directory: C:\WINDOWS
17:01:33.0109 5576	Processor architecture: Intel x86
17:01:33.0109 5576	Number of processors: 2
17:01:33.0109 5576	Page size: 0x1000
17:01:33.0109 5576	Boot type: Normal boot
17:01:33.0109 5576	============================================================
17:01:33.0484 5576	Drive \Device\Harddisk0\DR0 - Size: 0x4A81300000 (298.02 Gb), SectorSize: 0x200, Cylinders: 0x97F7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:01:33.0531 5576	Drive \Device\Harddisk5\DR8 - Size: 0x1DCD80000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:01:33.0531 5576	\Device\Harddisk0\DR0:
17:01:33.0531 5576	MBR used
17:01:33.0531 5576	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x24A9E051
17:01:33.0531 5576	\Device\Harddisk5\DR8:
17:01:33.0531 5576	MBR used
17:01:33.0531 5576	\Device\Harddisk5\DR8\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE6BE0
17:01:33.0593 5576	Initialize success
17:01:33.0593 5576	============================================================
17:01:34.0609 5872	============================================================
17:01:34.0609 5872	Scan started
17:01:34.0609 5872	Mode: Manual; 
17:01:34.0609 5872	============================================================
17:01:34.0921 5872	Abiosdsk - ok
17:01:35.0000 5872	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:01:35.0000 5872	abp480n5 - ok
17:01:35.0078 5872	acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\WINDOWS\system32\drivers\acedrv11.sys
17:01:35.0078 5872	acedrv11 - ok
17:01:35.0140 5872	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:01:35.0140 5872	ACPI - ok
17:01:35.0187 5872	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:01:35.0187 5872	ACPIEC - ok
17:01:35.0218 5872	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:01:35.0218 5872	adpu160m - ok
17:01:35.0265 5872	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:01:35.0265 5872	aec - ok
17:01:35.0328 5872	AFD             (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
17:01:35.0328 5872	AFD - ok
17:01:35.0421 5872	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:01:35.0421 5872	agp440 - ok
17:01:35.0437 5872	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:01:35.0437 5872	agpCPQ - ok
17:01:35.0468 5872	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:01:35.0468 5872	Aha154x - ok
17:01:35.0468 5872	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:01:35.0484 5872	aic78u2 - ok
17:01:35.0484 5872	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:01:35.0500 5872	aic78xx - ok
17:01:35.0515 5872	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:01:35.0515 5872	AliIde - ok
17:01:35.0578 5872	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:01:35.0578 5872	alim1541 - ok
17:01:35.0593 5872	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:01:35.0593 5872	amdagp - ok
17:01:35.0609 5872	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:01:35.0609 5872	amsint - ok
17:01:35.0671 5872	AnyDVD          (9410a723f054537b3304b30d0680b0ec) C:\WINDOWS\system32\Drivers\AnyDVD.sys
17:01:35.0671 5872	AnyDVD - ok
17:01:35.0718 5872	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:01:35.0718 5872	asc - ok
17:01:35.0750 5872	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:01:35.0750 5872	asc3350p - ok
17:01:35.0750 5872	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:01:35.0750 5872	asc3550 - ok
17:01:35.0828 5872	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:01:35.0828 5872	AsyncMac - ok
17:01:35.0859 5872	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:01:35.0859 5872	atapi - ok
17:01:35.0859 5872	Atdisk - ok
17:01:35.0921 5872	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:01:35.0921 5872	Atmarpc - ok
17:01:35.0953 5872	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:01:35.0953 5872	audstub - ok
17:01:36.0062 5872	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
17:01:36.0062 5872	avgio - ok
17:01:36.0078 5872	avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:01:36.0078 5872	avgntflt - ok
17:01:36.0125 5872	avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:01:36.0125 5872	avipbb - ok
17:01:36.0218 5872	bdfdll          (ed2179e5cd86eabfdc227601c3094c64) C:\Programme\Softwin\BitDefender9\bdfdll.sys
17:01:36.0218 5872	bdfdll - ok
17:01:36.0234 5872	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:01:36.0234 5872	Beep - ok
17:01:36.0281 5872	BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
17:01:36.0281 5872	BrScnUsb - ok
17:01:36.0343 5872	BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
17:01:36.0343 5872	BthEnum - ok
17:01:36.0390 5872	BTHMODEM        (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
17:01:36.0390 5872	BTHMODEM - ok
17:01:36.0421 5872	BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
17:01:36.0437 5872	BthPan - ok
17:01:36.0531 5872	BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
17:01:36.0531 5872	BTHPORT - ok
17:01:36.0687 5872	BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
17:01:36.0687 5872	BTHUSB - ok
17:01:36.0687 5872	catchme - ok
17:01:36.0703 5872	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:01:36.0703 5872	cbidf - ok
17:01:36.0718 5872	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:01:36.0718 5872	cbidf2k - ok
17:01:36.0750 5872	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:01:36.0750 5872	CCDECODE - ok
17:01:36.0781 5872	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:01:36.0781 5872	cd20xrnt - ok
17:01:36.0812 5872	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:01:36.0812 5872	Cdaudio - ok
17:01:36.0859 5872	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:01:36.0859 5872	Cdfs - ok
17:01:36.0890 5872	Cdrom           (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:01:36.0906 5872	Cdrom - ok
17:01:36.0906 5872	Changer - ok
17:01:36.0953 5872	CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:01:36.0953 5872	CmdIde - ok
17:01:37.0000 5872	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:01:37.0000 5872	Cpqarray - ok
17:01:37.0093 5872	cpuz135         (0283b43c6bc965175a1c92b255d39556) C:\Programme\CPUID\PC Wizard 2012\pcwiz_x32.sys
17:01:37.0093 5872	cpuz135 - ok
17:01:37.0140 5872	ctac32k         (177bc4ee3840119a780eafad5a010f8f) C:\WINDOWS\system32\drivers\ctac32k.sys
17:01:37.0140 5872	ctac32k - ok
17:01:37.0203 5872	ctaud2k         (eb0c0d62d8d2b8f41da149c866e93397) C:\WINDOWS\system32\drivers\ctaud2k.sys
17:01:37.0203 5872	ctaud2k - ok
17:01:37.0250 5872	ctdvda2k        (5a0eeb00b02fc78605aa9d3590b24978) C:\WINDOWS\system32\drivers\ctdvda2k.sys
17:01:37.0250 5872	ctdvda2k - ok
17:01:37.0281 5872	ctprxy2k        (7d7eea7ffbc19e1b712d241490be51ed) C:\WINDOWS\system32\drivers\ctprxy2k.sys
17:01:37.0281 5872	ctprxy2k - ok
17:01:37.0328 5872	ctsfm2k         (538122d33dd4b04cc189d5ca72bd6706) C:\WINDOWS\system32\drivers\ctsfm2k.sys
17:01:37.0328 5872	ctsfm2k - ok
17:01:37.0359 5872	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:01:37.0359 5872	dac2w2k - ok
17:01:37.0375 5872	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:01:37.0375 5872	dac960nt - ok
17:01:37.0437 5872	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:01:37.0437 5872	Disk - ok
17:01:37.0484 5872	DLABOIOM        (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:01:37.0484 5872	DLABOIOM - ok
17:01:37.0500 5872	DLACDBHM        (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:01:37.0500 5872	DLACDBHM - ok
17:01:37.0515 5872	DLADResN        (1fb7a7db89c16673a90d1f104455f38e) C:\WINDOWS\system32\DLA\DLADResN.SYS
17:01:37.0515 5872	DLADResN - ok
17:01:37.0546 5872	DLAIFS_M        (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:01:37.0546 5872	DLAIFS_M - ok
17:01:37.0546 5872	DLAOPIOM        (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:01:37.0562 5872	DLAOPIOM - ok
17:01:37.0578 5872	DLAPoolM        (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:01:37.0578 5872	DLAPoolM - ok
17:01:37.0578 5872	DLARTL_N        (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
17:01:37.0578 5872	DLARTL_N - ok
17:01:37.0593 5872	DLAUDFAM        (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:01:37.0593 5872	DLAUDFAM - ok
17:01:37.0609 5872	DLAUDF_M        (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:01:37.0609 5872	DLAUDF_M - ok
17:01:37.0656 5872	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
17:01:37.0687 5872	dmboot - ok
17:01:37.0718 5872	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
17:01:37.0718 5872	dmio - ok
17:01:37.0734 5872	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:01:37.0734 5872	dmload - ok
17:01:37.0765 5872	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:01:37.0765 5872	DMusic - ok
17:01:37.0843 5872	dot4            (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
17:01:37.0843 5872	dot4 - ok
17:01:37.0937 5872	Dot4Print       (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
17:01:37.0937 5872	Dot4Print - ok
17:01:38.0015 5872	dot4usb         (29e86af2f3457d0441348020fe3cfbd0) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
17:01:38.0015 5872	dot4usb - ok
17:01:38.0046 5872	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:01:38.0046 5872	dpti2o - ok
17:01:38.0078 5872	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:01:38.0078 5872	drmkaud - ok
17:01:38.0093 5872	DRVMCDB         (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:01:38.0093 5872	DRVMCDB - ok
17:01:38.0093 5872	DRVNDDM         (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:01:38.0093 5872	DRVNDDM - ok
17:01:38.0125 5872	E100B           (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:01:38.0125 5872	E100B - ok
17:01:38.0187 5872	e1express       (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
17:01:38.0187 5872	e1express - ok
17:01:38.0265 5872	efipsk - ok
17:01:38.0406 5872	ELacpi          (1976fedf6d7f87135c9b7f5cb4c8c868) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
17:01:38.0406 5872	ELacpi - ok
17:01:38.0453 5872	ElbyCDIO        (084a13f18856d610d44d3109a9d2acde) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
17:01:38.0453 5872	ElbyCDIO - ok
17:01:38.0500 5872	ELhid           (ae65c02444907966378454138b9f99f0) C:\WINDOWS\system32\DRIVERS\ELhid.sys
17:01:38.0500 5872	ELhid - ok
17:01:38.0531 5872	ELkbd           (e485c3ba1daddeef3e14fea1e8fda6e1) C:\WINDOWS\system32\DRIVERS\ELkbd.sys
17:01:38.0531 5872	ELkbd - ok
17:01:38.0562 5872	ELmon           (0d87cb825ed6cb2ebcc147a10a42f1d6) C:\WINDOWS\system32\DRIVERS\ELmon.sys
17:01:38.0562 5872	ELmon - ok
17:01:38.0578 5872	ELmou           (a4add3847b67bacab6fc851a2b60fdb3) C:\WINDOWS\system32\DRIVERS\ELmou.sys
17:01:38.0578 5872	ELmou - ok
17:01:38.0625 5872	emupia          (8e0eb62be9f9bee7c2e4c50685038e8d) C:\WINDOWS\system32\drivers\emupia2k.sys
17:01:38.0625 5872	emupia - ok
17:01:38.0671 5872	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:01:38.0671 5872	Fastfat - ok
17:01:38.0718 5872	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:01:38.0718 5872	Fdc - ok
17:01:38.0750 5872	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
17:01:38.0750 5872	Fips - ok
17:01:38.0796 5872	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:01:38.0796 5872	Flpydisk - ok
17:01:38.0875 5872	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:01:38.0875 5872	FltMgr - ok
17:01:38.0890 5872	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:01:38.0890 5872	Fs_Rec - ok
17:01:38.0906 5872	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:01:38.0906 5872	Ftdisk - ok
17:01:38.0968 5872	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:01:38.0968 5872	GEARAspiWDM - ok
17:01:38.0984 5872	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:01:38.0984 5872	Gpc - ok
17:01:39.0031 5872	ha20x2k         (f2607d0d89f57d3564cf65a61a237f1a) C:\WINDOWS\system32\drivers\ha20x2k.sys
17:01:39.0046 5872	ha20x2k - ok
17:01:39.0062 5872	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:01:39.0062 5872	HidUsb - ok
17:01:39.0109 5872	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:01:39.0109 5872	hpn - ok
17:01:39.0156 5872	HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:01:39.0156 5872	HPZid412 - ok
17:01:39.0187 5872	HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:01:39.0187 5872	HPZipr12 - ok
17:01:39.0218 5872	HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:01:39.0234 5872	HPZius12 - ok
17:01:39.0281 5872	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:01:39.0281 5872	HTTP - ok
17:01:39.0296 5872	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:01:39.0296 5872	i2omgmt - ok
17:01:39.0328 5872	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:01:39.0328 5872	i2omp - ok
17:01:39.0359 5872	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:01:39.0375 5872	i8042prt - ok
17:01:39.0406 5872	iastor          (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
17:01:39.0406 5872	iastor - ok
17:01:39.0421 5872	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:01:39.0421 5872	Imapi - ok
17:01:39.0468 5872	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:01:39.0468 5872	ini910u - ok
17:01:39.0500 5872	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:01:39.0500 5872	IntelIde - ok
17:01:39.0562 5872	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:01:39.0562 5872	intelppm - ok
17:01:39.0593 5872	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:01:39.0593 5872	Ip6Fw - ok
17:01:39.0609 5872	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:01:39.0609 5872	IpFilterDriver - ok
17:01:39.0625 5872	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:01:39.0625 5872	IpInIp - ok
17:01:39.0656 5872	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:01:39.0656 5872	IpNat - ok
17:01:39.0687 5872	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:01:39.0687 5872	IPSec - ok
17:01:39.0765 5872	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:01:39.0765 5872	IRENUM - ok
17:01:39.0796 5872	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:01:39.0796 5872	isapnp - ok
17:01:39.0812 5872	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:01:39.0812 5872	Kbdclass - ok
17:01:39.0843 5872	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:01:39.0843 5872	kbdhid - ok
17:01:39.0890 5872	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:01:39.0890 5872	kmixer - ok
17:01:40.0031 5872	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:01:40.0031 5872	KSecDD - ok
17:01:40.0093 5872	lbrtfdc - ok
17:01:40.0125 5872	MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
17:01:40.0125 5872	MHNDRV - ok
17:01:40.0140 5872	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:01:40.0140 5872	mnmdd - ok
17:01:40.0156 5872	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
17:01:40.0156 5872	Modem - ok
17:01:40.0171 5872	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:01:40.0171 5872	Mouclass - ok
17:01:40.0234 5872	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:01:40.0234 5872	mouhid - ok
17:01:40.0234 5872	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:01:40.0234 5872	MountMgr - ok
17:01:40.0250 5872	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:01:40.0250 5872	mraid35x - ok
17:01:40.0265 5872	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:01:40.0265 5872	MRxDAV - ok
17:01:40.0312 5872	MRxSmb          (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:01:40.0312 5872	MRxSmb - ok
17:01:40.0359 5872	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:01:40.0359 5872	Msfs - ok
17:01:40.0375 5872	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:01:40.0375 5872	MSKSSRV - ok
17:01:40.0390 5872	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:01:40.0390 5872	MSPCLOCK - ok
17:01:40.0406 5872	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:01:40.0406 5872	MSPQM - ok
17:01:40.0421 5872	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:01:40.0421 5872	mssmbios - ok
17:01:40.0437 5872	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:01:40.0437 5872	MSTEE - ok
17:01:40.0468 5872	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
17:01:40.0468 5872	Mup - ok
17:01:40.0484 5872	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:01:40.0484 5872	NABTSFEC - ok
17:01:40.0500 5872	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:01:40.0500 5872	NDIS - ok
17:01:40.0515 5872	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:01:40.0515 5872	NdisIP - ok
17:01:40.0531 5872	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:01:40.0531 5872	NdisTapi - ok
17:01:40.0546 5872	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:01:40.0546 5872	Ndisuio - ok
17:01:40.0562 5872	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:01:40.0562 5872	NdisWan - ok
17:01:40.0609 5872	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:01:40.0609 5872	NDProxy - ok
17:01:40.0625 5872	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:01:40.0625 5872	NetBIOS - ok
17:01:40.0640 5872	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:01:40.0656 5872	NetBT - ok
17:01:40.0671 5872	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:01:40.0671 5872	Npfs - ok
17:01:40.0703 5872	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:01:40.0703 5872	Ntfs - ok
17:01:40.0718 5872	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:01:40.0718 5872	Null - ok
17:01:40.0875 5872	nv              (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:01:40.0984 5872	nv - ok
17:01:41.0015 5872	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:01:41.0015 5872	NwlnkFlt - ok
17:01:41.0031 5872	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:01:41.0031 5872	NwlnkFwd - ok
17:01:41.0062 5872	ossrv           (611b58c2fd89aa9e80743a197ba62277) C:\WINDOWS\system32\drivers\ctoss2k.sys
17:01:41.0062 5872	ossrv - ok
17:01:41.0109 5872	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
17:01:41.0109 5872	Parport - ok
17:01:41.0140 5872	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:01:41.0140 5872	PartMgr - ok
17:01:41.0171 5872	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:01:41.0171 5872	ParVdm - ok
17:01:41.0203 5872	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
17:01:41.0203 5872	PCI - ok
17:01:41.0218 5872	PCIDump - ok
17:01:41.0265 5872	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:01:41.0265 5872	PCIIde - ok
17:01:41.0296 5872	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:01:41.0296 5872	Pcmcia - ok
17:01:41.0343 5872	Pcouffin        (5b68c60b01dac03d895ec1ca0a0365da) C:\WINDOWS\system32\Drivers\Pcouffin.sys
17:01:41.0343 5872	Pcouffin - ok
17:01:41.0453 5872	PDCOMP - ok
17:01:41.0468 5872	PDFRAME - ok
17:01:41.0484 5872	PDRELI - ok
17:01:41.0484 5872	PDRFRAME - ok
17:01:41.0515 5872	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:01:41.0515 5872	perc2 - ok
17:01:41.0546 5872	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:01:41.0546 5872	perc2hib - ok
17:01:41.0562 5872	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:01:41.0562 5872	PptpMiniport - ok
17:01:41.0578 5872	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:01:41.0578 5872	PSched - ok
17:01:41.0609 5872	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:01:41.0609 5872	Ptilink - ok
17:01:41.0625 5872	PxHelp20        (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:01:41.0625 5872	PxHelp20 - ok
17:01:41.0687 5872	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:01:41.0687 5872	ql1080 - ok
17:01:41.0750 5872	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:01:41.0750 5872	Ql10wnt - ok
17:01:41.0765 5872	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:01:41.0765 5872	ql12160 - ok
17:01:41.0781 5872	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:01:41.0781 5872	ql1240 - ok
17:01:41.0796 5872	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:01:41.0796 5872	ql1280 - ok
17:01:41.0828 5872	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:01:41.0828 5872	RasAcd - ok
17:01:41.0843 5872	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:01:41.0843 5872	Rasl2tp - ok
17:01:41.0859 5872	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:01:41.0859 5872	RasPppoe - ok
17:01:41.0875 5872	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:01:41.0875 5872	Raspti - ok
17:01:41.0906 5872	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:01:41.0906 5872	Rdbss - ok
17:01:41.0921 5872	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:01:41.0921 5872	RDPCDD - ok
17:01:41.0953 5872	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:01:41.0953 5872	rdpdr - ok
17:01:42.0015 5872	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:01:42.0015 5872	RDPWD - ok
17:01:42.0046 5872	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:01:42.0046 5872	redbook - ok
17:01:42.0109 5872	RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
17:01:42.0109 5872	RFCOMM - ok
17:01:42.0156 5872	ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
17:01:42.0156 5872	ROOTMODEM - ok
17:01:42.0218 5872	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:01:42.0218 5872	Secdrv - ok
17:01:42.0281 5872	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:01:42.0281 5872	serenum - ok
17:01:42.0328 5872	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
17:01:42.0328 5872	Serial - ok
17:01:42.0343 5872	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:01:42.0343 5872	Sfloppy - ok
17:01:42.0343 5872	Simbad - ok
17:01:42.0390 5872	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:01:42.0390 5872	sisagp - ok
17:01:42.0421 5872	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:01:42.0421 5872	SLIP - ok
17:01:42.0437 5872	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:01:42.0437 5872	Sparrow - ok
17:01:42.0468 5872	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:01:42.0468 5872	splitter - ok
17:01:42.0515 5872	sptd            (e8b705f9abe446aaf7a315ef8b4aea5a) C:\WINDOWS\system32\Drivers\sptd.sys
17:01:42.0515 5872	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: e8b705f9abe446aaf7a315ef8b4aea5a
17:01:42.0531 5872	sptd ( LockedFile.Multi.Generic ) - warning
17:01:42.0531 5872	sptd - detected LockedFile.Multi.Generic (1)
17:01:42.0531 5872	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
17:01:42.0531 5872	sr - ok
17:01:42.0562 5872	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:01:42.0562 5872	Srv - ok
17:01:42.0593 5872	SSHDRV86        (b9e31f2a3640403b0ea3a867bb73b9f4) C:\WINDOWS\system32\drivers\SSHDRV86.sys
17:01:42.0609 5872	SSHDRV86 - ok
17:01:42.0625 5872	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:01:42.0625 5872	ssmdrv - ok
17:01:42.0640 5872	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:01:42.0640 5872	streamip - ok
17:01:42.0656 5872	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:01:42.0656 5872	swenum - ok
17:01:42.0687 5872	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:01:42.0687 5872	swmidi - ok
17:01:42.0734 5872	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:01:42.0734 5872	symc810 - ok
17:01:42.0765 5872	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:01:42.0765 5872	symc8xx - ok
17:01:42.0781 5872	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:01:42.0781 5872	sym_hi - ok
17:01:42.0812 5872	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:01:42.0812 5872	sym_u3 - ok
17:01:42.0843 5872	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:01:42.0843 5872	sysaudio - ok
17:01:42.0921 5872	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:01:42.0937 5872	Tcpip - ok
17:01:43.0062 5872	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:01:43.0062 5872	TDPIPE - ok
17:01:43.0093 5872	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:01:43.0093 5872	TDTCP - ok
17:01:43.0109 5872	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:01:43.0109 5872	TermDD - ok
17:01:43.0140 5872	TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
17:01:43.0140 5872	TosIde - ok
17:01:43.0171 5872	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:01:43.0171 5872	Udfs - ok
17:01:43.0203 5872	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:01:43.0203 5872	ultra - ok
17:01:43.0234 5872	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:01:43.0250 5872	Update - ok
17:01:43.0312 5872	USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:01:43.0312 5872	USBAAPL - ok
17:01:43.0328 5872	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:01:43.0328 5872	usbaudio - ok
17:01:43.0359 5872	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:01:43.0359 5872	usbccgp - ok
17:01:43.0421 5872	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:01:43.0421 5872	usbehci - ok
17:01:43.0453 5872	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:01:43.0453 5872	usbhub - ok
17:01:43.0468 5872	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:01:43.0468 5872	usbprint - ok
17:01:43.0484 5872	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:01:43.0484 5872	usbscan - ok
17:01:43.0500 5872	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:01:43.0500 5872	USBSTOR - ok
17:01:43.0515 5872	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:01:43.0515 5872	usbuhci - ok
17:01:43.0531 5872	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:01:43.0531 5872	VgaSave - ok
17:01:43.0593 5872	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:01:43.0593 5872	viaagp - ok
17:01:43.0609 5872	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:01:43.0609 5872	ViaIde - ok
17:01:43.0640 5872	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
17:01:43.0640 5872	VolSnap - ok
17:01:43.0671 5872	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:01:43.0687 5872	Wanarp - ok
17:01:43.0734 5872	Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:01:43.0734 5872	Wdf01000 - ok
17:01:43.0750 5872	WDICA - ok
17:01:43.0765 5872	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:01:43.0765 5872	wdmaud - ok
17:01:43.0812 5872	WinUSB          (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
17:01:43.0812 5872	WinUSB - ok
17:01:43.0859 5872	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:01:43.0859 5872	WS2IFSL - ok
17:01:43.0921 5872	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:01:43.0921 5872	WSTCODEC - ok
17:01:43.0953 5872	WudfPf          (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:01:43.0953 5872	WudfPf - ok
17:01:43.0968 5872	WudfRd          (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:01:43.0968 5872	WudfRd - ok
17:01:43.0984 5872	xpsec - ok
17:01:44.0031 5872	XUIF            (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
17:01:44.0031 5872	XUIF - ok
17:01:44.0078 5872	zumbus          (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
17:01:44.0078 5872	zumbus - ok
17:01:44.0125 5872	MBR (0x1B8)     (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
17:01:44.0140 5872	\Device\Harddisk0\DR0 - ok
17:01:44.0140 5872	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR8
17:01:44.0156 5872	\Device\Harddisk5\DR8 - ok
17:01:44.0156 5872	Boot (0x1200)   (856f364dba3fed690eb70a8e2e5a931e) \Device\Harddisk0\DR0\Partition0
17:01:44.0156 5872	\Device\Harddisk0\DR0\Partition0 - ok
17:01:44.0156 5872	Boot (0x1200)   (90c01c708d132276c78e8e85a8de1550) \Device\Harddisk5\DR8\Partition0
17:01:44.0156 5872	\Device\Harddisk5\DR8\Partition0 - ok
17:01:44.0156 5872	============================================================
17:01:44.0156 5872	Scan finished
17:01:44.0156 5872	============================================================
17:01:44.0171 5544	Detected object count: 1
17:01:44.0171 5544	Actual detected object count: 1
17:01:46.0453 5544	sptd ( LockedFile.Multi.Generic ) - skipped by user
17:01:46.0453 5544	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
17:01:48.0015 5868	Deinitialize success
         
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-21 17:25:02
-----------------------------
17:25:02.062    OS Version: Windows 5.1.2600 Service Pack 3
17:25:02.062    Number of processors: 2 586 0x602
17:25:02.062    ComputerName: DELL  UserName: 
17:25:03.078    Initialize success
17:25:08.750    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:25:08.750    Disk 0 Vendor: Intel___ 1.0. Size: 305171MB BusType: 3
17:25:08.765    Disk 0 MBR read successfully
17:25:08.765    Disk 0 MBR scan
17:25:08.765    Disk 0 unknown MBR code
17:25:08.765    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       62 MB offset 63
17:25:08.765    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       300348 MB offset 128520
17:25:08.796    Disk 0 Partition 3 00     DB  CP/M / CTOS Dell 8.0     4753 MB offset 615241305
17:25:08.796    Disk 0 scanning sectors +624976695
17:25:08.828    Disk 0 malicious Win32:MBRoot code @ sector 624976698 !
17:25:08.843    Disk 0 scanning C:\WINDOWS\system32\drivers
17:25:20.109    Service scanning
17:25:32.609    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
17:25:35.843    Modules scanning
17:25:39.843    Module: C:\WINDOWS\System32\DLA\DLADResN.SYS  **SUSPICIOUS**
17:25:40.515    Disk 0 trace - called modules:
17:25:40.515    
17:25:40.515    Scan finished successfully
17:25:45.281    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rasmus Hersland\Desktop\MBR.dat"
17:25:45.281    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rasmus Hersland\Desktop\aswMBR.tx
         
Vielen Dank für schnelle Antworten

Geändert von Fresh_Win (21.03.2012 um 19:02 Uhr)

Alt 22.03.2012, 14:50   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M - Standard

Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 22.03.2012, 16:00   #3
Fresh_Win
 
Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M - Standard

Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M



Danke für deine schnelle Antwort, das Problem hat sich allerdings erledigt. Mir wurde aufgetragen das System einfach neu aufzusetzen wodurch ja alles formatiert wird richtig ?

Oder kann es sein das selbst dann noch Teile des Schädlings im Boot-Sektor der Festplatte bleiben ?
__________________

Alt 22.03.2012, 16:25   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M - Standard

Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M



Wenn man den MBR neu schreibt dann nicht.
Mach einfach nach der Neuinstallation zur Kontrolle ein neues Log mit aswMBR
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.03.2012, 16:33   #5
Fresh_Win
 
Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M - Standard

Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M



Gut werde ich machen. Vielen Dank !


Antwort

Themen zu Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M
antivir, aswmbr, avast, avira, bitdefender, boo/tdss.m, bundespolizei trojaner, code, defender, desktop, detected, einstellungen, entfernen, file, harddisk, infizierte, lockedfile.multi.generic, log file, malicious win32:mbroot code, object, programme, rechner, rootkit, system, system32, tool, trojaner, trojaner/virus, unknown mbr, usb, win32, windows



Ähnliche Themen: Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M


  1. Trojaner TR/TDss.abx und TR/Alureon, Dateien weg
    Log-Analyse und Auswertung - 05.10.2012 (43)
  2. Entfernungsprobleme mit Backdoorprogramm BDS\Sinowal.knfal....
    Plagegeister aller Art und deren Bekämpfung - 31.12.2011 (5)
  3. Trojaner BOO/TDss.a auf meinem PC
    Plagegeister aller Art und deren Bekämpfung - 25.06.2011 (31)
  4. Trojaner TR/PCK.Tdss.AA.3254 in Temp Ordner
    Plagegeister aller Art und deren Bekämpfung - 25.04.2010 (9)
  5. PCK.Tdss.Z.230 und Crypt.ZPACK.Gen Trojaner Befall
    Log-Analyse und Auswertung - 03.02.2010 (8)
  6. Trojaner win32.tdss!IK
    Plagegeister aller Art und deren Bekämpfung - 25.12.2009 (1)
  7. Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll
    Plagegeister aller Art und deren Bekämpfung - 12.12.2009 (44)
  8. Trojan.TDss!K - Packed.Win32.Tdss!IK - und wer weiß was noch alles!
    Plagegeister aller Art und deren Bekämpfung - 09.12.2009 (1)
  9. Trojaner? (TDss.WP.1) Zur Sicherheit mein Log
    Log-Analyse und Auswertung - 10.11.2009 (1)
  10. Problem mit Trojaner...Tdss.Z.301
    Plagegeister aller Art und deren Bekämpfung - 11.09.2009 (17)
  11. Trojaner: nwgyxbpegh.exe / hjgruiexhkbrle.dll / TR/TDss.yux
    Plagegeister aller Art und deren Bekämpfung - 16.07.2009 (1)
  12. Trojaner WIN32.TDSS.rtk
    Plagegeister aller Art und deren Bekämpfung - 02.07.2009 (0)
  13. Trojaner? TR/TDss.acdc
    Log-Analyse und Auswertung - 22.05.2009 (2)
  14. verdacht auf eine art von TDss trojaner
    Log-Analyse und Auswertung - 09.04.2009 (9)
  15. BDS/TDSS.adb, BDS/TDSS.JW und einiges mehr
    Log-Analyse und Auswertung - 14.01.2009 (28)
  16. Rootkit RKIT/TDss.G.22 Backdoorprogramm BDS/TDSS.adb und Trojaner TR/Proxy.GHY
    Log-Analyse und Auswertung - 21.12.2008 (28)
  17. Backdoor.TDSS.asz und TDSS.atb gefunden
    Mülltonne - 28.11.2008 (0)

Zum Thema Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M - Hallo zusammen, ich habe heute den alten Rechner von einem Freund bekommen da dort der "Bundespolizei" Trojaner/Virus drauf ist. Hab bereits einige Anleitungen hier gelesen und es auch geschafft den - Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M...
Archiv
Du betrachtest: Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.