| Fresh_Win | 21.03.2012 18:42 |
Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M
Hallo zusammen,
ich habe heute den alten Rechner von einem Freund bekommen da dort der "Bundespolizei" Trojaner/Virus drauf ist. Hab bereits einige Anleitungen hier gelesen und es auch geschafft den PC wieder normal zu benutzen. Habe anschließend aswMBR laufen lassen welcher ein Rootkit fand: BOO/TDss.M
Habe dann weiter mich hier umgesehen um Lösungen zu finden. Hat aber nichts geholfen. Deswegen eröffne ich nun einen Threat in der Hoffnung die restlichen Rückstände auch noch entfernen zu können.
Habe keine Windows CD vorliegen sowie an dem infizierten System KEIN Internet. Hier sind ein paar logs : Code:
16:05:27.0218 4976 TDSS rootkit removing tool 2.7.21.0 Mar 21 2012 09:06:51
16:05:27.0328 4976 ============================================================
16:05:27.0328 4976 Current date / time: 2012/03/21 16:05:27.0328
16:05:27.0328 4976 SystemInfo:
16:05:27.0328 4976
16:05:27.0328 4976 OS Version: 5.1.2600 ServicePack: 3.0
16:05:27.0328 4976 Product type: Workstation
16:05:27.0328 4976 ComputerName: DELL
16:05:27.0328 4976 UserName: Rasmus Hersland
16:05:27.0328 4976 Windows directory: C:\WINDOWS
16:05:27.0328 4976 System windows directory: C:\WINDOWS
16:05:27.0328 4976 Processor architecture: Intel x86
16:05:27.0328 4976 Number of processors: 2
16:05:27.0328 4976 Page size: 0x1000
16:05:27.0328 4976 Boot type: Normal boot
16:05:27.0328 4976 ============================================================
16:05:27.0984 4976 Drive \Device\Harddisk0\DR0 - Size: 0x4A81300000 (298.02 Gb), SectorSize: 0x200, Cylinders: 0x97F7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:05:28.0031 4976 Drive \Device\Harddisk5\DR20 - Size: 0x1DCD80000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:05:28.0031 4976 \Device\Harddisk0\DR0:
16:05:28.0031 4976 MBR used
16:05:28.0031 4976 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x24A9E051
16:05:28.0031 4976 \Device\Harddisk5\DR20:
16:05:28.0031 4976 MBR used
16:05:28.0031 4976 \Device\Harddisk5\DR20\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE6BE0
16:05:28.0062 4976 Initialize success
16:05:28.0062 4976 ============================================================
16:05:29.0968 5408 ============================================================
16:05:29.0968 5408 Scan started
16:05:29.0968 5408 Mode: Manual;
16:05:29.0968 5408 ============================================================
16:05:30.0671 5408 Abiosdsk - ok
16:05:30.0718 5408 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:05:30.0718 5408 abp480n5 - ok
16:05:30.0781 5408 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\WINDOWS\system32\drivers\acedrv11.sys
16:05:30.0781 5408 acedrv11 - ok
16:05:30.0828 5408 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:05:30.0828 5408 ACPI - ok
16:05:30.0859 5408 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:05:30.0875 5408 ACPIEC - ok
16:05:30.0906 5408 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:05:30.0906 5408 adpu160m - ok
16:05:30.0937 5408 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:05:30.0953 5408 aec - ok
16:05:31.0031 5408 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
16:05:31.0031 5408 AFD - ok
16:05:31.0093 5408 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:05:31.0093 5408 agp440 - ok
16:05:31.0109 5408 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:05:31.0109 5408 agpCPQ - ok
16:05:31.0125 5408 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:05:31.0125 5408 Aha154x - ok
16:05:31.0140 5408 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:05:31.0140 5408 aic78u2 - ok
16:05:31.0156 5408 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:05:31.0156 5408 aic78xx - ok
16:05:31.0171 5408 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:05:31.0171 5408 AliIde - ok
16:05:31.0234 5408 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:05:31.0234 5408 alim1541 - ok
16:05:31.0250 5408 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:05:31.0250 5408 amdagp - ok
16:05:31.0265 5408 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:05:31.0265 5408 amsint - ok
16:05:31.0328 5408 AnyDVD (9410a723f054537b3304b30d0680b0ec) C:\WINDOWS\system32\Drivers\AnyDVD.sys
16:05:31.0343 5408 AnyDVD - ok
16:05:31.0375 5408 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:05:31.0375 5408 asc - ok
16:05:31.0406 5408 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:05:31.0406 5408 asc3350p - ok
16:05:31.0421 5408 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:05:31.0421 5408 asc3550 - ok
16:05:31.0484 5408 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:05:31.0484 5408 AsyncMac - ok
16:05:31.0515 5408 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:05:31.0531 5408 atapi - ok
16:05:31.0531 5408 Atdisk - ok
16:05:31.0578 5408 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:05:31.0593 5408 Atmarpc - ok
16:05:31.0625 5408 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:05:31.0625 5408 audstub - ok
16:05:31.0734 5408 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
16:05:31.0734 5408 avgio - ok
16:05:31.0765 5408 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:05:31.0781 5408 avgntflt - ok
16:05:31.0812 5408 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:05:31.0812 5408 avipbb - ok
16:05:31.0906 5408 bdfdll (ed2179e5cd86eabfdc227601c3094c64) C:\Programme\Softwin\BitDefender9\bdfdll.sys
16:05:31.0906 5408 bdfdll - ok
16:05:31.0921 5408 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:05:31.0921 5408 Beep - ok
16:05:31.0968 5408 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
16:05:31.0968 5408 BrScnUsb - ok
16:05:32.0062 5408 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
16:05:32.0062 5408 BthEnum - ok
16:05:32.0109 5408 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
16:05:32.0109 5408 BTHMODEM - ok
16:05:32.0140 5408 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
16:05:32.0140 5408 BthPan - ok
16:05:32.0203 5408 BTHPORT (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
16:05:32.0203 5408 BTHPORT - ok
16:05:32.0281 5408 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
16:05:32.0281 5408 BTHUSB - ok
16:05:32.0296 5408 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:05:32.0296 5408 cbidf - ok
16:05:32.0296 5408 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:05:32.0296 5408 cbidf2k - ok
16:05:32.0328 5408 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:05:32.0328 5408 CCDECODE - ok
16:05:32.0406 5408 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:05:32.0406 5408 cd20xrnt - ok
16:05:32.0437 5408 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:05:32.0437 5408 Cdaudio - ok
16:05:32.0484 5408 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:05:32.0484 5408 Cdfs - ok
16:05:32.0531 5408 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:05:32.0531 5408 Cdrom - ok
16:05:32.0531 5408 Changer - ok
16:05:32.0578 5408 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:05:32.0578 5408 CmdIde - ok
16:05:32.0671 5408 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:05:32.0671 5408 Cpqarray - ok
16:05:32.0812 5408 cpuz135 (0283b43c6bc965175a1c92b255d39556) C:\Programme\CPUID\PC Wizard 2012\pcwiz_x32.sys
16:05:32.0828 5408 cpuz135 - ok
16:05:32.0890 5408 ctac32k (177bc4ee3840119a780eafad5a010f8f) C:\WINDOWS\system32\drivers\ctac32k.sys
16:05:32.0906 5408 ctac32k - ok
16:05:32.0968 5408 ctaud2k (eb0c0d62d8d2b8f41da149c866e93397) C:\WINDOWS\system32\drivers\ctaud2k.sys
16:05:32.0968 5408 ctaud2k - ok
16:05:33.0015 5408 ctdvda2k (5a0eeb00b02fc78605aa9d3590b24978) C:\WINDOWS\system32\drivers\ctdvda2k.sys
16:05:33.0031 5408 ctdvda2k - ok
16:05:33.0062 5408 ctprxy2k (7d7eea7ffbc19e1b712d241490be51ed) C:\WINDOWS\system32\drivers\ctprxy2k.sys
16:05:33.0062 5408 ctprxy2k - ok
16:05:33.0093 5408 ctsfm2k (538122d33dd4b04cc189d5ca72bd6706) C:\WINDOWS\system32\drivers\ctsfm2k.sys
16:05:33.0093 5408 ctsfm2k - ok
16:05:33.0125 5408 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:05:33.0125 5408 dac2w2k - ok
16:05:33.0140 5408 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:05:33.0140 5408 dac960nt - ok
16:05:33.0203 5408 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:05:33.0203 5408 Disk - ok
16:05:33.0250 5408 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
16:05:33.0250 5408 DLABOIOM - ok
16:05:33.0265 5408 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
16:05:33.0265 5408 DLACDBHM - ok
16:05:33.0281 5408 DLADResN (1fb7a7db89c16673a90d1f104455f38e) C:\WINDOWS\system32\DLA\DLADResN.SYS
16:05:33.0281 5408 DLADResN - ok
16:05:33.0312 5408 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
16:05:33.0312 5408 DLAIFS_M - ok
16:05:33.0328 5408 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
16:05:33.0328 5408 DLAOPIOM - ok
16:05:33.0343 5408 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
16:05:33.0343 5408 DLAPoolM - ok
16:05:33.0343 5408 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
16:05:33.0343 5408 DLARTL_N - ok
16:05:33.0359 5408 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
16:05:33.0359 5408 DLAUDFAM - ok
16:05:33.0375 5408 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
16:05:33.0375 5408 DLAUDF_M - ok
16:05:33.0421 5408 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
16:05:33.0437 5408 dmboot - ok
16:05:33.0515 5408 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
16:05:33.0515 5408 dmio - ok
16:05:33.0593 5408 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:05:33.0593 5408 dmload - ok
16:05:33.0640 5408 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:05:33.0640 5408 DMusic - ok
16:05:33.0703 5408 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
16:05:33.0703 5408 dot4 - ok
16:05:33.0750 5408 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
16:05:33.0750 5408 Dot4Print - ok
16:05:33.0781 5408 dot4usb (29e86af2f3457d0441348020fe3cfbd0) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
16:05:33.0781 5408 dot4usb - ok
16:05:33.0812 5408 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:05:33.0812 5408 dpti2o - ok
16:05:33.0843 5408 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:05:33.0843 5408 drmkaud - ok
16:05:33.0859 5408 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
16:05:33.0859 5408 DRVMCDB - ok
16:05:33.0859 5408 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
16:05:33.0859 5408 DRVNDDM - ok
16:05:33.0890 5408 E100B (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:05:33.0890 5408 E100B - ok
16:05:34.0015 5408 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:05:34.0031 5408 e1express - ok
16:05:34.0093 5408 efipsk - ok
16:05:34.0171 5408 ELacpi (1976fedf6d7f87135c9b7f5cb4c8c868) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
16:05:34.0171 5408 ELacpi - ok
16:05:34.0203 5408 ElbyCDIO (084a13f18856d610d44d3109a9d2acde) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
16:05:34.0203 5408 ElbyCDIO - ok
16:05:34.0250 5408 ELhid (ae65c02444907966378454138b9f99f0) C:\WINDOWS\system32\DRIVERS\ELhid.sys
16:05:34.0250 5408 ELhid - ok
16:05:34.0265 5408 ELkbd (e485c3ba1daddeef3e14fea1e8fda6e1) C:\WINDOWS\system32\DRIVERS\ELkbd.sys
16:05:34.0265 5408 ELkbd - ok
16:05:34.0296 5408 ELmon (0d87cb825ed6cb2ebcc147a10a42f1d6) C:\WINDOWS\system32\DRIVERS\ELmon.sys
16:05:34.0296 5408 ELmon - ok
16:05:34.0296 5408 ELmou (a4add3847b67bacab6fc851a2b60fdb3) C:\WINDOWS\system32\DRIVERS\ELmou.sys
16:05:34.0296 5408 ELmou - ok
16:05:34.0343 5408 emupia (8e0eb62be9f9bee7c2e4c50685038e8d) C:\WINDOWS\system32\drivers\emupia2k.sys
16:05:34.0343 5408 emupia - ok
16:05:34.0406 5408 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:05:34.0406 5408 Fastfat - ok
16:05:34.0437 5408 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:05:34.0437 5408 Fdc - ok
16:05:34.0468 5408 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
16:05:34.0468 5408 Fips - ok
16:05:34.0531 5408 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:05:34.0531 5408 Flpydisk - ok
16:05:34.0625 5408 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:05:34.0625 5408 FltMgr - ok
16:05:34.0640 5408 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:05:34.0640 5408 Fs_Rec - ok
16:05:34.0656 5408 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:05:34.0656 5408 Ftdisk - ok
16:05:34.0687 5408 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:05:34.0687 5408 GEARAspiWDM - ok
16:05:34.0718 5408 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:05:34.0718 5408 Gpc - ok
16:05:34.0765 5408 ha20x2k (f2607d0d89f57d3564cf65a61a237f1a) C:\WINDOWS\system32\drivers\ha20x2k.sys
16:05:34.0812 5408 ha20x2k - ok
16:05:34.0828 5408 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:05:34.0828 5408 HidUsb - ok
16:05:34.0875 5408 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:05:34.0875 5408 hpn - ok
16:05:34.0937 5408 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:05:34.0937 5408 HPZid412 - ok
16:05:35.0000 5408 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:05:35.0000 5408 HPZipr12 - ok
16:05:35.0046 5408 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:05:35.0046 5408 HPZius12 - ok
16:05:35.0093 5408 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:05:35.0093 5408 HTTP - ok
16:05:35.0093 5408 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:05:35.0093 5408 i2omgmt - ok
16:05:35.0125 5408 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:05:35.0125 5408 i2omp - ok
16:05:35.0171 5408 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:05:35.0171 5408 i8042prt - ok
16:05:35.0250 5408 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
16:05:35.0250 5408 iastor - ok
16:05:35.0281 5408 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:05:35.0281 5408 Imapi - ok
16:05:35.0328 5408 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:05:35.0328 5408 ini910u - ok
16:05:35.0359 5408 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:05:35.0359 5408 IntelIde - ok
16:05:35.0421 5408 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:05:35.0421 5408 intelppm - ok
16:05:35.0453 5408 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:05:35.0468 5408 Ip6Fw - ok
16:05:35.0484 5408 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:05:35.0484 5408 IpFilterDriver - ok
16:05:35.0500 5408 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:05:35.0500 5408 IpInIp - ok
16:05:35.0531 5408 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:05:35.0531 5408 IpNat - ok
16:05:35.0609 5408 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:05:35.0625 5408 IPSec - ok
16:05:35.0687 5408 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:05:35.0687 5408 IRENUM - ok
16:05:35.0718 5408 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:05:35.0718 5408 isapnp - ok
16:05:35.0734 5408 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:05:35.0734 5408 Kbdclass - ok
16:05:35.0734 5408 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:05:35.0750 5408 kbdhid - ok
16:05:35.0765 5408 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:05:35.0765 5408 kmixer - ok
16:05:35.0796 5408 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:05:35.0796 5408 KSecDD - ok
16:05:35.0796 5408 lbrtfdc - ok
16:05:35.0859 5408 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
16:05:35.0859 5408 MHNDRV - ok
16:05:35.0859 5408 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:05:35.0859 5408 mnmdd - ok
16:05:35.0875 5408 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
16:05:35.0875 5408 Modem - ok
16:05:35.0890 5408 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:05:35.0890 5408 Mouclass - ok
16:05:35.0953 5408 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:05:35.0953 5408 mouhid - ok
16:05:35.0984 5408 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:05:35.0984 5408 MountMgr - ok
16:05:36.0015 5408 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:05:36.0015 5408 mraid35x - ok
16:05:36.0031 5408 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:05:36.0031 5408 MRxDAV - ok
16:05:36.0093 5408 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:05:36.0109 5408 MRxSmb - ok
16:05:36.0125 5408 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:05:36.0125 5408 Msfs - ok
16:05:36.0140 5408 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:05:36.0140 5408 MSKSSRV - ok
16:05:36.0171 5408 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:05:36.0171 5408 MSPCLOCK - ok
16:05:36.0187 5408 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:05:36.0187 5408 MSPQM - ok
16:05:36.0187 5408 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:05:36.0203 5408 mssmbios - ok
16:05:36.0218 5408 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:05:36.0218 5408 MSTEE - ok
16:05:36.0218 5408 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
16:05:36.0218 5408 Mup - ok
16:05:36.0234 5408 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:05:36.0250 5408 NABTSFEC - ok
16:05:36.0250 5408 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:05:36.0265 5408 NDIS - ok
16:05:36.0281 5408 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:05:36.0281 5408 NdisIP - ok
16:05:36.0296 5408 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:05:36.0296 5408 NdisTapi - ok
16:05:36.0312 5408 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:05:36.0328 5408 Ndisuio - ok
16:05:36.0343 5408 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:05:36.0343 5408 NdisWan - ok
16:05:36.0390 5408 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:05:36.0390 5408 NDProxy - ok
16:05:36.0406 5408 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:05:36.0406 5408 NetBIOS - ok
16:05:36.0421 5408 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:05:36.0421 5408 NetBT - ok
16:05:36.0453 5408 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:05:36.0453 5408 Npfs - ok
16:05:36.0484 5408 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:05:36.0500 5408 Ntfs - ok
16:05:36.0546 5408 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:05:36.0562 5408 Null - ok
16:05:36.0734 5408 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:05:36.0843 5408 nv - ok
16:05:36.0890 5408 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:05:36.0890 5408 NwlnkFlt - ok
16:05:36.0906 5408 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:05:36.0906 5408 NwlnkFwd - ok
16:05:36.0937 5408 ossrv (611b58c2fd89aa9e80743a197ba62277) C:\WINDOWS\system32\drivers\ctoss2k.sys
16:05:36.0953 5408 ossrv - ok
16:05:36.0984 5408 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
16:05:36.0984 5408 Parport - ok
16:05:37.0000 5408 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:05:37.0000 5408 PartMgr - ok
16:05:37.0015 5408 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
16:05:37.0031 5408 ParVdm - ok
16:05:37.0046 5408 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
16:05:37.0046 5408 PCI - ok
16:05:37.0062 5408 PCIDump - ok
16:05:37.0093 5408 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:05:37.0093 5408 PCIIde - ok
16:05:37.0125 5408 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:05:37.0125 5408 Pcmcia - ok
16:05:37.0187 5408 Pcouffin (5b68c60b01dac03d895ec1ca0a0365da) C:\WINDOWS\system32\Drivers\Pcouffin.sys
16:05:37.0187 5408 Pcouffin - ok
16:05:37.0187 5408 PDCOMP - ok
16:05:37.0203 5408 PDFRAME - ok
16:05:37.0203 5408 PDRELI - ok
16:05:37.0218 5408 PDRFRAME - ok
16:05:37.0250 5408 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:05:37.0250 5408 perc2 - ok
16:05:37.0265 5408 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:05:37.0265 5408 perc2hib - ok
16:05:37.0312 5408 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:05:37.0312 5408 PptpMiniport - ok
16:05:37.0328 5408 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:05:37.0328 5408 PSched - ok
16:05:37.0343 5408 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:05:37.0343 5408 Ptilink - ok
16:05:37.0343 5408 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:05:37.0343 5408 PxHelp20 - ok
16:05:37.0359 5408 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:05:37.0375 5408 ql1080 - ok
16:05:37.0406 5408 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:05:37.0406 5408 Ql10wnt - ok
16:05:37.0421 5408 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:05:37.0421 5408 ql12160 - ok
16:05:37.0437 5408 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:05:37.0437 5408 ql1240 - ok
16:05:37.0468 5408 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:05:37.0468 5408 ql1280 - ok
16:05:37.0500 5408 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:05:37.0500 5408 RasAcd - ok
16:05:37.0546 5408 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:05:37.0546 5408 Rasl2tp - ok
16:05:37.0562 5408 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:05:37.0562 5408 RasPppoe - ok
16:05:37.0562 5408 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:05:37.0578 5408 Raspti - ok
16:05:37.0609 5408 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:05:37.0609 5408 Rdbss - ok
16:05:37.0625 5408 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:05:37.0625 5408 RDPCDD - ok
16:05:37.0640 5408 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:05:37.0640 5408 rdpdr - ok
16:05:37.0687 5408 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
16:05:37.0687 5408 RDPWD - ok
16:05:37.0718 5408 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:05:37.0718 5408 redbook - ok
16:05:37.0781 5408 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
16:05:37.0781 5408 RFCOMM - ok
16:05:37.0812 5408 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:05:37.0812 5408 ROOTMODEM - ok
16:05:37.0890 5408 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:05:37.0890 5408 Secdrv - ok
16:05:37.0921 5408 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:05:37.0921 5408 serenum - ok
16:05:37.0953 5408 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
16:05:37.0953 5408 Serial - ok
16:05:38.0031 5408 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:05:38.0031 5408 Sfloppy - ok
16:05:38.0046 5408 Simbad - ok
16:05:38.0093 5408 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:05:38.0093 5408 sisagp - ok
16:05:38.0125 5408 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:05:38.0125 5408 SLIP - ok
16:05:38.0140 5408 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:05:38.0140 5408 Sparrow - ok
16:05:38.0171 5408 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:05:38.0171 5408 splitter - ok
16:05:38.0218 5408 sptd (e8b705f9abe446aaf7a315ef8b4aea5a) C:\WINDOWS\system32\Drivers\sptd.sys
16:05:38.0218 5408 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: e8b705f9abe446aaf7a315ef8b4aea5a
16:05:38.0218 5408 sptd ( LockedFile.Multi.Generic ) - warning
16:05:38.0218 5408 sptd - detected LockedFile.Multi.Generic (1)
16:05:38.0234 5408 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
16:05:38.0234 5408 sr - ok
16:05:38.0265 5408 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:05:38.0281 5408 Srv - ok
16:05:38.0312 5408 SSHDRV86 (b9e31f2a3640403b0ea3a867bb73b9f4) C:\WINDOWS\system32\drivers\SSHDRV86.sys
16:05:38.0312 5408 SSHDRV86 - ok
16:05:38.0359 5408 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:05:38.0359 5408 ssmdrv - ok
16:05:38.0375 5408 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:05:38.0375 5408 streamip - ok
16:05:38.0390 5408 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:05:38.0390 5408 swenum - ok
16:05:38.0406 5408 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:05:38.0421 5408 swmidi - ok
16:05:38.0468 5408 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:05:38.0468 5408 symc810 - ok
16:05:38.0500 5408 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:05:38.0500 5408 symc8xx - ok
16:05:38.0515 5408 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:05:38.0515 5408 sym_hi - ok
16:05:38.0531 5408 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:05:38.0531 5408 sym_u3 - ok
16:05:38.0562 5408 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:05:38.0562 5408 sysaudio - ok
16:05:38.0687 5408 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:05:38.0687 5408 Tcpip - ok
16:05:38.0718 5408 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:05:38.0718 5408 TDPIPE - ok
16:05:38.0734 5408 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:05:38.0734 5408 TDTCP - ok
16:05:38.0765 5408 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:05:38.0765 5408 TermDD - ok
16:05:38.0781 5408 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
16:05:38.0781 5408 TosIde - ok
16:05:38.0828 5408 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:05:38.0828 5408 Udfs - ok
16:05:38.0875 5408 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:05:38.0875 5408 ultra - ok
16:05:38.0937 5408 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:05:38.0937 5408 Update - ok
16:05:39.0000 5408 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:05:39.0000 5408 USBAAPL - ok
16:05:39.0015 5408 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:05:39.0015 5408 usbaudio - ok
16:05:39.0031 5408 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:05:39.0031 5408 usbccgp - ok
16:05:39.0062 5408 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:05:39.0062 5408 usbehci - ok
16:05:39.0093 5408 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:05:39.0093 5408 usbhub - ok
16:05:39.0109 5408 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:05:39.0125 5408 usbprint - ok
16:05:39.0156 5408 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:05:39.0156 5408 usbscan - ok
16:05:39.0171 5408 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:05:39.0171 5408 USBSTOR - ok
16:05:39.0203 5408 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:05:39.0203 5408 usbuhci - ok
16:05:39.0265 5408 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:05:39.0265 5408 VgaSave - ok
16:05:39.0328 5408 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:05:39.0328 5408 viaagp - ok
16:05:39.0343 5408 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:05:39.0343 5408 ViaIde - ok
16:05:39.0390 5408 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
16:05:39.0390 5408 VolSnap - ok
16:05:39.0406 5408 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:05:39.0421 5408 Wanarp - ok
16:05:39.0500 5408 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:05:39.0515 5408 Wdf01000 - ok
16:05:39.0515 5408 WDICA - ok
16:05:39.0531 5408 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:05:39.0531 5408 wdmaud - ok
16:05:39.0625 5408 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
16:05:39.0625 5408 WinUSB - ok
16:05:39.0687 5408 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:05:39.0687 5408 WSTCODEC - ok
16:05:39.0734 5408 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:05:39.0734 5408 WudfPf - ok
16:05:39.0796 5408 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:05:39.0796 5408 WudfRd - ok
16:05:39.0812 5408 xcpip - ok
16:05:39.0828 5408 xpsec - ok
16:05:39.0875 5408 XUIF (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
16:05:39.0875 5408 XUIF - ok
16:05:39.0906 5408 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
16:05:39.0906 5408 zumbus - ok
16:05:39.0937 5408 MBR (0x1B8) (87f75abb087c82bee3a1fbec42bbabd0) \Device\Harddisk0\DR0
16:05:39.0953 5408 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
16:05:39.0953 5408 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
16:05:39.0953 5408 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR20
16:05:39.0968 5408 \Device\Harddisk5\DR20 - ok
16:05:39.0968 5408 Boot (0x1200) (856f364dba3fed690eb70a8e2e5a931e) \Device\Harddisk0\DR0\Partition0
16:05:39.0968 5408 \Device\Harddisk0\DR0\Partition0 - ok
16:05:39.0984 5408 Boot (0x1200) (fc0821f9ccf9d3a7f3e86c331e8594fb) \Device\Harddisk5\DR20\Partition0
16:05:39.0984 5408 \Device\Harddisk5\DR20\Partition0 - ok
16:05:39.0984 5408 ============================================================
16:05:39.0984 5408 Scan finished
16:05:39.0984 5408 ============================================================
16:05:39.0984 5888 Detected object count: 2
16:05:39.0984 5888 Actual detected object count: 2
16:06:20.0343 5888 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:06:20.0343 5888 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:06:20.0421 5888 \Device\Harddisk0\DR0\# - copied to quarantine
16:06:20.0421 5888 \Device\Harddisk0\DR0 - copied to quarantine
16:06:20.0421 5888 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
16:06:20.0437 5888 \Device\Harddisk0\DR0 - ok
16:06:20.0437 5888 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
16:06:22.0640 5628 Deinitialize success
Das Rootkit hatte ich bereits mit tdsskiller entfernt. Das war folgendes : Backdoor.Win32.Sinowal.knf Code:
17:01:33.0046 5576 TDSS rootkit removing tool 2.7.21.0 Mar 21 2012 09:06:51
17:01:33.0093 5576 ============================================================
17:01:33.0093 5576 Current date / time: 2012/03/21 17:01:33.0093
17:01:33.0093 5576 SystemInfo:
17:01:33.0093 5576
17:01:33.0093 5576 OS Version: 5.1.2600 ServicePack: 3.0
17:01:33.0093 5576 Product type: Workstation
17:01:33.0093 5576 ComputerName: DELL
17:01:33.0109 5576 UserName: Rasmus Hersland
17:01:33.0109 5576 Windows directory: C:\WINDOWS
17:01:33.0109 5576 System windows directory: C:\WINDOWS
17:01:33.0109 5576 Processor architecture: Intel x86
17:01:33.0109 5576 Number of processors: 2
17:01:33.0109 5576 Page size: 0x1000
17:01:33.0109 5576 Boot type: Normal boot
17:01:33.0109 5576 ============================================================
17:01:33.0484 5576 Drive \Device\Harddisk0\DR0 - Size: 0x4A81300000 (298.02 Gb), SectorSize: 0x200, Cylinders: 0x97F7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:01:33.0531 5576 Drive \Device\Harddisk5\DR8 - Size: 0x1DCD80000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:01:33.0531 5576 \Device\Harddisk0\DR0:
17:01:33.0531 5576 MBR used
17:01:33.0531 5576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x24A9E051
17:01:33.0531 5576 \Device\Harddisk5\DR8:
17:01:33.0531 5576 MBR used
17:01:33.0531 5576 \Device\Harddisk5\DR8\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE6BE0
17:01:33.0593 5576 Initialize success
17:01:33.0593 5576 ============================================================
17:01:34.0609 5872 ============================================================
17:01:34.0609 5872 Scan started
17:01:34.0609 5872 Mode: Manual;
17:01:34.0609 5872 ============================================================
17:01:34.0921 5872 Abiosdsk - ok
17:01:35.0000 5872 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:01:35.0000 5872 abp480n5 - ok
17:01:35.0078 5872 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\WINDOWS\system32\drivers\acedrv11.sys
17:01:35.0078 5872 acedrv11 - ok
17:01:35.0140 5872 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:01:35.0140 5872 ACPI - ok
17:01:35.0187 5872 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:01:35.0187 5872 ACPIEC - ok
17:01:35.0218 5872 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:01:35.0218 5872 adpu160m - ok
17:01:35.0265 5872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:01:35.0265 5872 aec - ok
17:01:35.0328 5872 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
17:01:35.0328 5872 AFD - ok
17:01:35.0421 5872 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:01:35.0421 5872 agp440 - ok
17:01:35.0437 5872 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:01:35.0437 5872 agpCPQ - ok
17:01:35.0468 5872 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:01:35.0468 5872 Aha154x - ok
17:01:35.0468 5872 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:01:35.0484 5872 aic78u2 - ok
17:01:35.0484 5872 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:01:35.0500 5872 aic78xx - ok
17:01:35.0515 5872 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:01:35.0515 5872 AliIde - ok
17:01:35.0578 5872 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:01:35.0578 5872 alim1541 - ok
17:01:35.0593 5872 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:01:35.0593 5872 amdagp - ok
17:01:35.0609 5872 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:01:35.0609 5872 amsint - ok
17:01:35.0671 5872 AnyDVD (9410a723f054537b3304b30d0680b0ec) C:\WINDOWS\system32\Drivers\AnyDVD.sys
17:01:35.0671 5872 AnyDVD - ok
17:01:35.0718 5872 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:01:35.0718 5872 asc - ok
17:01:35.0750 5872 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:01:35.0750 5872 asc3350p - ok
17:01:35.0750 5872 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:01:35.0750 5872 asc3550 - ok
17:01:35.0828 5872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:01:35.0828 5872 AsyncMac - ok
17:01:35.0859 5872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:01:35.0859 5872 atapi - ok
17:01:35.0859 5872 Atdisk - ok
17:01:35.0921 5872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:01:35.0921 5872 Atmarpc - ok
17:01:35.0953 5872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:01:35.0953 5872 audstub - ok
17:01:36.0062 5872 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
17:01:36.0062 5872 avgio - ok
17:01:36.0078 5872 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:01:36.0078 5872 avgntflt - ok
17:01:36.0125 5872 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:01:36.0125 5872 avipbb - ok
17:01:36.0218 5872 bdfdll (ed2179e5cd86eabfdc227601c3094c64) C:\Programme\Softwin\BitDefender9\bdfdll.sys
17:01:36.0218 5872 bdfdll - ok
17:01:36.0234 5872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:01:36.0234 5872 Beep - ok
17:01:36.0281 5872 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
17:01:36.0281 5872 BrScnUsb - ok
17:01:36.0343 5872 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
17:01:36.0343 5872 BthEnum - ok
17:01:36.0390 5872 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
17:01:36.0390 5872 BTHMODEM - ok
17:01:36.0421 5872 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
17:01:36.0437 5872 BthPan - ok
17:01:36.0531 5872 BTHPORT (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
17:01:36.0531 5872 BTHPORT - ok
17:01:36.0687 5872 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
17:01:36.0687 5872 BTHUSB - ok
17:01:36.0687 5872 catchme - ok
17:01:36.0703 5872 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:01:36.0703 5872 cbidf - ok
17:01:36.0718 5872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:01:36.0718 5872 cbidf2k - ok
17:01:36.0750 5872 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:01:36.0750 5872 CCDECODE - ok
17:01:36.0781 5872 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:01:36.0781 5872 cd20xrnt - ok
17:01:36.0812 5872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:01:36.0812 5872 Cdaudio - ok
17:01:36.0859 5872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:01:36.0859 5872 Cdfs - ok
17:01:36.0890 5872 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:01:36.0906 5872 Cdrom - ok
17:01:36.0906 5872 Changer - ok
17:01:36.0953 5872 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:01:36.0953 5872 CmdIde - ok
17:01:37.0000 5872 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:01:37.0000 5872 Cpqarray - ok
17:01:37.0093 5872 cpuz135 (0283b43c6bc965175a1c92b255d39556) C:\Programme\CPUID\PC Wizard 2012\pcwiz_x32.sys
17:01:37.0093 5872 cpuz135 - ok
17:01:37.0140 5872 ctac32k (177bc4ee3840119a780eafad5a010f8f) C:\WINDOWS\system32\drivers\ctac32k.sys
17:01:37.0140 5872 ctac32k - ok
17:01:37.0203 5872 ctaud2k (eb0c0d62d8d2b8f41da149c866e93397) C:\WINDOWS\system32\drivers\ctaud2k.sys
17:01:37.0203 5872 ctaud2k - ok
17:01:37.0250 5872 ctdvda2k (5a0eeb00b02fc78605aa9d3590b24978) C:\WINDOWS\system32\drivers\ctdvda2k.sys
17:01:37.0250 5872 ctdvda2k - ok
17:01:37.0281 5872 ctprxy2k (7d7eea7ffbc19e1b712d241490be51ed) C:\WINDOWS\system32\drivers\ctprxy2k.sys
17:01:37.0281 5872 ctprxy2k - ok
17:01:37.0328 5872 ctsfm2k (538122d33dd4b04cc189d5ca72bd6706) C:\WINDOWS\system32\drivers\ctsfm2k.sys
17:01:37.0328 5872 ctsfm2k - ok
17:01:37.0359 5872 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:01:37.0359 5872 dac2w2k - ok
17:01:37.0375 5872 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:01:37.0375 5872 dac960nt - ok
17:01:37.0437 5872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:01:37.0437 5872 Disk - ok
17:01:37.0484 5872 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:01:37.0484 5872 DLABOIOM - ok
17:01:37.0500 5872 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:01:37.0500 5872 DLACDBHM - ok
17:01:37.0515 5872 DLADResN (1fb7a7db89c16673a90d1f104455f38e) C:\WINDOWS\system32\DLA\DLADResN.SYS
17:01:37.0515 5872 DLADResN - ok
17:01:37.0546 5872 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:01:37.0546 5872 DLAIFS_M - ok
17:01:37.0546 5872 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:01:37.0562 5872 DLAOPIOM - ok
17:01:37.0578 5872 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:01:37.0578 5872 DLAPoolM - ok
17:01:37.0578 5872 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
17:01:37.0578 5872 DLARTL_N - ok
17:01:37.0593 5872 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:01:37.0593 5872 DLAUDFAM - ok
17:01:37.0609 5872 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:01:37.0609 5872 DLAUDF_M - ok
17:01:37.0656 5872 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
17:01:37.0687 5872 dmboot - ok
17:01:37.0718 5872 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
17:01:37.0718 5872 dmio - ok
17:01:37.0734 5872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:01:37.0734 5872 dmload - ok
17:01:37.0765 5872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:01:37.0765 5872 DMusic - ok
17:01:37.0843 5872 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
17:01:37.0843 5872 dot4 - ok
17:01:37.0937 5872 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
17:01:37.0937 5872 Dot4Print - ok
17:01:38.0015 5872 dot4usb (29e86af2f3457d0441348020fe3cfbd0) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
17:01:38.0015 5872 dot4usb - ok
17:01:38.0046 5872 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:01:38.0046 5872 dpti2o - ok
17:01:38.0078 5872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:01:38.0078 5872 drmkaud - ok
17:01:38.0093 5872 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:01:38.0093 5872 DRVMCDB - ok
17:01:38.0093 5872 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:01:38.0093 5872 DRVNDDM - ok
17:01:38.0125 5872 E100B (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:01:38.0125 5872 E100B - ok
17:01:38.0187 5872 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
17:01:38.0187 5872 e1express - ok
17:01:38.0265 5872 efipsk - ok
17:01:38.0406 5872 ELacpi (1976fedf6d7f87135c9b7f5cb4c8c868) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
17:01:38.0406 5872 ELacpi - ok
17:01:38.0453 5872 ElbyCDIO (084a13f18856d610d44d3109a9d2acde) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
17:01:38.0453 5872 ElbyCDIO - ok
17:01:38.0500 5872 ELhid (ae65c02444907966378454138b9f99f0) C:\WINDOWS\system32\DRIVERS\ELhid.sys
17:01:38.0500 5872 ELhid - ok
17:01:38.0531 5872 ELkbd (e485c3ba1daddeef3e14fea1e8fda6e1) C:\WINDOWS\system32\DRIVERS\ELkbd.sys
17:01:38.0531 5872 ELkbd - ok
17:01:38.0562 5872 ELmon (0d87cb825ed6cb2ebcc147a10a42f1d6) C:\WINDOWS\system32\DRIVERS\ELmon.sys
17:01:38.0562 5872 ELmon - ok
17:01:38.0578 5872 ELmou (a4add3847b67bacab6fc851a2b60fdb3) C:\WINDOWS\system32\DRIVERS\ELmou.sys
17:01:38.0578 5872 ELmou - ok
17:01:38.0625 5872 emupia (8e0eb62be9f9bee7c2e4c50685038e8d) C:\WINDOWS\system32\drivers\emupia2k.sys
17:01:38.0625 5872 emupia - ok
17:01:38.0671 5872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:01:38.0671 5872 Fastfat - ok
17:01:38.0718 5872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:01:38.0718 5872 Fdc - ok
17:01:38.0750 5872 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
17:01:38.0750 5872 Fips - ok
17:01:38.0796 5872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:01:38.0796 5872 Flpydisk - ok
17:01:38.0875 5872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:01:38.0875 5872 FltMgr - ok
17:01:38.0890 5872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:01:38.0890 5872 Fs_Rec - ok
17:01:38.0906 5872 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:01:38.0906 5872 Ftdisk - ok
17:01:38.0968 5872 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:01:38.0968 5872 GEARAspiWDM - ok
17:01:38.0984 5872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:01:38.0984 5872 Gpc - ok
17:01:39.0031 5872 ha20x2k (f2607d0d89f57d3564cf65a61a237f1a) C:\WINDOWS\system32\drivers\ha20x2k.sys
17:01:39.0046 5872 ha20x2k - ok
17:01:39.0062 5872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:01:39.0062 5872 HidUsb - ok
17:01:39.0109 5872 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:01:39.0109 5872 hpn - ok
17:01:39.0156 5872 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:01:39.0156 5872 HPZid412 - ok
17:01:39.0187 5872 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:01:39.0187 5872 HPZipr12 - ok
17:01:39.0218 5872 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:01:39.0234 5872 HPZius12 - ok
17:01:39.0281 5872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:01:39.0281 5872 HTTP - ok
17:01:39.0296 5872 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:01:39.0296 5872 i2omgmt - ok
17:01:39.0328 5872 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:01:39.0328 5872 i2omp - ok
17:01:39.0359 5872 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:01:39.0375 5872 i8042prt - ok
17:01:39.0406 5872 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
17:01:39.0406 5872 iastor - ok
17:01:39.0421 5872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:01:39.0421 5872 Imapi - ok
17:01:39.0468 5872 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:01:39.0468 5872 ini910u - ok
17:01:39.0500 5872 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:01:39.0500 5872 IntelIde - ok
17:01:39.0562 5872 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:01:39.0562 5872 intelppm - ok
17:01:39.0593 5872 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:01:39.0593 5872 Ip6Fw - ok
17:01:39.0609 5872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:01:39.0609 5872 IpFilterDriver - ok
17:01:39.0625 5872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:01:39.0625 5872 IpInIp - ok
17:01:39.0656 5872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:01:39.0656 5872 IpNat - ok
17:01:39.0687 5872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:01:39.0687 5872 IPSec - ok
17:01:39.0765 5872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:01:39.0765 5872 IRENUM - ok
17:01:39.0796 5872 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:01:39.0796 5872 isapnp - ok
17:01:39.0812 5872 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:01:39.0812 5872 Kbdclass - ok
17:01:39.0843 5872 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:01:39.0843 5872 kbdhid - ok
17:01:39.0890 5872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:01:39.0890 5872 kmixer - ok
17:01:40.0031 5872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:01:40.0031 5872 KSecDD - ok
17:01:40.0093 5872 lbrtfdc - ok
17:01:40.0125 5872 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
17:01:40.0125 5872 MHNDRV - ok
17:01:40.0140 5872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:01:40.0140 5872 mnmdd - ok
17:01:40.0156 5872 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
17:01:40.0156 5872 Modem - ok
17:01:40.0171 5872 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:01:40.0171 5872 Mouclass - ok
17:01:40.0234 5872 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:01:40.0234 5872 mouhid - ok
17:01:40.0234 5872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:01:40.0234 5872 MountMgr - ok
17:01:40.0250 5872 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:01:40.0250 5872 mraid35x - ok
17:01:40.0265 5872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:01:40.0265 5872 MRxDAV - ok
17:01:40.0312 5872 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:01:40.0312 5872 MRxSmb - ok
17:01:40.0359 5872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:01:40.0359 5872 Msfs - ok
17:01:40.0375 5872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:01:40.0375 5872 MSKSSRV - ok
17:01:40.0390 5872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:01:40.0390 5872 MSPCLOCK - ok
17:01:40.0406 5872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:01:40.0406 5872 MSPQM - ok
17:01:40.0421 5872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:01:40.0421 5872 mssmbios - ok
17:01:40.0437 5872 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:01:40.0437 5872 MSTEE - ok
17:01:40.0468 5872 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
17:01:40.0468 5872 Mup - ok
17:01:40.0484 5872 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:01:40.0484 5872 NABTSFEC - ok
17:01:40.0500 5872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:01:40.0500 5872 NDIS - ok
17:01:40.0515 5872 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:01:40.0515 5872 NdisIP - ok
17:01:40.0531 5872 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:01:40.0531 5872 NdisTapi - ok
17:01:40.0546 5872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:01:40.0546 5872 Ndisuio - ok
17:01:40.0562 5872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:01:40.0562 5872 NdisWan - ok
17:01:40.0609 5872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:01:40.0609 5872 NDProxy - ok
17:01:40.0625 5872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:01:40.0625 5872 NetBIOS - ok
17:01:40.0640 5872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:01:40.0656 5872 NetBT - ok
17:01:40.0671 5872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:01:40.0671 5872 Npfs - ok
17:01:40.0703 5872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:01:40.0703 5872 Ntfs - ok
17:01:40.0718 5872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:01:40.0718 5872 Null - ok
17:01:40.0875 5872 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:01:40.0984 5872 nv - ok
17:01:41.0015 5872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:01:41.0015 5872 NwlnkFlt - ok
17:01:41.0031 5872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:01:41.0031 5872 NwlnkFwd - ok
17:01:41.0062 5872 ossrv (611b58c2fd89aa9e80743a197ba62277) C:\WINDOWS\system32\drivers\ctoss2k.sys
17:01:41.0062 5872 ossrv - ok
17:01:41.0109 5872 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
17:01:41.0109 5872 Parport - ok
17:01:41.0140 5872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:01:41.0140 5872 PartMgr - ok
17:01:41.0171 5872 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:01:41.0171 5872 ParVdm - ok
17:01:41.0203 5872 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
17:01:41.0203 5872 PCI - ok
17:01:41.0218 5872 PCIDump - ok
17:01:41.0265 5872 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:01:41.0265 5872 PCIIde - ok
17:01:41.0296 5872 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:01:41.0296 5872 Pcmcia - ok
17:01:41.0343 5872 Pcouffin (5b68c60b01dac03d895ec1ca0a0365da) C:\WINDOWS\system32\Drivers\Pcouffin.sys
17:01:41.0343 5872 Pcouffin - ok
17:01:41.0453 5872 PDCOMP - ok
17:01:41.0468 5872 PDFRAME - ok
17:01:41.0484 5872 PDRELI - ok
17:01:41.0484 5872 PDRFRAME - ok
17:01:41.0515 5872 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:01:41.0515 5872 perc2 - ok
17:01:41.0546 5872 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:01:41.0546 5872 perc2hib - ok
17:01:41.0562 5872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:01:41.0562 5872 PptpMiniport - ok
17:01:41.0578 5872 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:01:41.0578 5872 PSched - ok
17:01:41.0609 5872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:01:41.0609 5872 Ptilink - ok
17:01:41.0625 5872 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:01:41.0625 5872 PxHelp20 - ok
17:01:41.0687 5872 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:01:41.0687 5872 ql1080 - ok
17:01:41.0750 5872 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:01:41.0750 5872 Ql10wnt - ok
17:01:41.0765 5872 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:01:41.0765 5872 ql12160 - ok
17:01:41.0781 5872 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:01:41.0781 5872 ql1240 - ok
17:01:41.0796 5872 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:01:41.0796 5872 ql1280 - ok
17:01:41.0828 5872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:01:41.0828 5872 RasAcd - ok
17:01:41.0843 5872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:01:41.0843 5872 Rasl2tp - ok
17:01:41.0859 5872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:01:41.0859 5872 RasPppoe - ok
17:01:41.0875 5872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:01:41.0875 5872 Raspti - ok
17:01:41.0906 5872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:01:41.0906 5872 Rdbss - ok
17:01:41.0921 5872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:01:41.0921 5872 RDPCDD - ok
17:01:41.0953 5872 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:01:41.0953 5872 rdpdr - ok
17:01:42.0015 5872 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:01:42.0015 5872 RDPWD - ok
17:01:42.0046 5872 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:01:42.0046 5872 redbook - ok
17:01:42.0109 5872 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
17:01:42.0109 5872 RFCOMM - ok
17:01:42.0156 5872 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
17:01:42.0156 5872 ROOTMODEM - ok
17:01:42.0218 5872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:01:42.0218 5872 Secdrv - ok
17:01:42.0281 5872 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:01:42.0281 5872 serenum - ok
17:01:42.0328 5872 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
17:01:42.0328 5872 Serial - ok
17:01:42.0343 5872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:01:42.0343 5872 Sfloppy - ok
17:01:42.0343 5872 Simbad - ok
17:01:42.0390 5872 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:01:42.0390 5872 sisagp - ok
17:01:42.0421 5872 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:01:42.0421 5872 SLIP - ok
17:01:42.0437 5872 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:01:42.0437 5872 Sparrow - ok
17:01:42.0468 5872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:01:42.0468 5872 splitter - ok
17:01:42.0515 5872 sptd (e8b705f9abe446aaf7a315ef8b4aea5a) C:\WINDOWS\system32\Drivers\sptd.sys
17:01:42.0515 5872 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: e8b705f9abe446aaf7a315ef8b4aea5a
17:01:42.0531 5872 sptd ( LockedFile.Multi.Generic ) - warning
17:01:42.0531 5872 sptd - detected LockedFile.Multi.Generic (1)
17:01:42.0531 5872 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
17:01:42.0531 5872 sr - ok
17:01:42.0562 5872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:01:42.0562 5872 Srv - ok
17:01:42.0593 5872 SSHDRV86 (b9e31f2a3640403b0ea3a867bb73b9f4) C:\WINDOWS\system32\drivers\SSHDRV86.sys
17:01:42.0609 5872 SSHDRV86 - ok
17:01:42.0625 5872 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:01:42.0625 5872 ssmdrv - ok
17:01:42.0640 5872 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:01:42.0640 5872 streamip - ok
17:01:42.0656 5872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:01:42.0656 5872 swenum - ok
17:01:42.0687 5872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:01:42.0687 5872 swmidi - ok
17:01:42.0734 5872 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:01:42.0734 5872 symc810 - ok
17:01:42.0765 5872 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:01:42.0765 5872 symc8xx - ok
17:01:42.0781 5872 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:01:42.0781 5872 sym_hi - ok
17:01:42.0812 5872 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:01:42.0812 5872 sym_u3 - ok
17:01:42.0843 5872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:01:42.0843 5872 sysaudio - ok
17:01:42.0921 5872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:01:42.0937 5872 Tcpip - ok
17:01:43.0062 5872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:01:43.0062 5872 TDPIPE - ok
17:01:43.0093 5872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:01:43.0093 5872 TDTCP - ok
17:01:43.0109 5872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:01:43.0109 5872 TermDD - ok
17:01:43.0140 5872 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
17:01:43.0140 5872 TosIde - ok
17:01:43.0171 5872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:01:43.0171 5872 Udfs - ok
17:01:43.0203 5872 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:01:43.0203 5872 ultra - ok
17:01:43.0234 5872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:01:43.0250 5872 Update - ok
17:01:43.0312 5872 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:01:43.0312 5872 USBAAPL - ok
17:01:43.0328 5872 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:01:43.0328 5872 usbaudio - ok
17:01:43.0359 5872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:01:43.0359 5872 usbccgp - ok
17:01:43.0421 5872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:01:43.0421 5872 usbehci - ok
17:01:43.0453 5872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:01:43.0453 5872 usbhub - ok
17:01:43.0468 5872 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:01:43.0468 5872 usbprint - ok
17:01:43.0484 5872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:01:43.0484 5872 usbscan - ok
17:01:43.0500 5872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:01:43.0500 5872 USBSTOR - ok
17:01:43.0515 5872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:01:43.0515 5872 usbuhci - ok
17:01:43.0531 5872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:01:43.0531 5872 VgaSave - ok
17:01:43.0593 5872 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:01:43.0593 5872 viaagp - ok
17:01:43.0609 5872 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:01:43.0609 5872 ViaIde - ok
17:01:43.0640 5872 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
17:01:43.0640 5872 VolSnap - ok
17:01:43.0671 5872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:01:43.0687 5872 Wanarp - ok
17:01:43.0734 5872 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:01:43.0734 5872 Wdf01000 - ok
17:01:43.0750 5872 WDICA - ok
17:01:43.0765 5872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:01:43.0765 5872 wdmaud - ok
17:01:43.0812 5872 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
17:01:43.0812 5872 WinUSB - ok
17:01:43.0859 5872 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:01:43.0859 5872 WS2IFSL - ok
17:01:43.0921 5872 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:01:43.0921 5872 WSTCODEC - ok
17:01:43.0953 5872 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:01:43.0953 5872 WudfPf - ok
17:01:43.0968 5872 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:01:43.0968 5872 WudfRd - ok
17:01:43.0984 5872 xpsec - ok
17:01:44.0031 5872 XUIF (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
17:01:44.0031 5872 XUIF - ok
17:01:44.0078 5872 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
17:01:44.0078 5872 zumbus - ok
17:01:44.0125 5872 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
17:01:44.0140 5872 \Device\Harddisk0\DR0 - ok
17:01:44.0140 5872 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR8
17:01:44.0156 5872 \Device\Harddisk5\DR8 - ok
17:01:44.0156 5872 Boot (0x1200) (856f364dba3fed690eb70a8e2e5a931e) \Device\Harddisk0\DR0\Partition0
17:01:44.0156 5872 \Device\Harddisk0\DR0\Partition0 - ok
17:01:44.0156 5872 Boot (0x1200) (90c01c708d132276c78e8e85a8de1550) \Device\Harddisk5\DR8\Partition0
17:01:44.0156 5872 \Device\Harddisk5\DR8\Partition0 - ok
17:01:44.0156 5872 ============================================================
17:01:44.0156 5872 Scan finished
17:01:44.0156 5872 ============================================================
17:01:44.0171 5544 Detected object count: 1
17:01:44.0171 5544 Actual detected object count: 1
17:01:46.0453 5544 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:01:46.0453 5544 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:01:48.0015 5868 Deinitialize success
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-21 17:25:02
-----------------------------
17:25:02.062 OS Version: Windows 5.1.2600 Service Pack 3
17:25:02.062 Number of processors: 2 586 0x602
17:25:02.062 ComputerName: DELL UserName:
17:25:03.078 Initialize success
17:25:08.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:25:08.750 Disk 0 Vendor: Intel___ 1.0. Size: 305171MB BusType: 3
17:25:08.765 Disk 0 MBR read successfully
17:25:08.765 Disk 0 MBR scan
17:25:08.765 Disk 0 unknown MBR code
17:25:08.765 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
17:25:08.765 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 300348 MB offset 128520
17:25:08.796 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 615241305
17:25:08.796 Disk 0 scanning sectors +624976695
17:25:08.828 Disk 0 malicious Win32:MBRoot code @ sector 624976698 !
17:25:08.843 Disk 0 scanning C:\WINDOWS\system32\drivers
17:25:20.109 Service scanning
17:25:32.609 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
17:25:35.843 Modules scanning
17:25:39.843 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
17:25:40.515 Disk 0 trace - called modules:
17:25:40.515
17:25:40.515 Scan finished successfully
17:25:45.281 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rasmus Hersland\Desktop\MBR.dat"
17:25:45.281 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rasmus Hersland\Desktop\aswMBR.tx
Vielen Dank für schnelle Antworten |
