Schadware im Stile des BKA Trojaners

**taeckel** · 22.03.2012, 18:37

Hi Petra

Zu Punkt 1:
Leider habe ich keinen Eintrag "asl.log" gefunden. Kann der auch noch woanders sein?

Zu Punkt 2:
Hier das logfile

Code:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST340015 rev.3.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x812F71F8]<< 
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x812C1AB8]
3 CLASSPNP[0xF9568FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005b[0x812C6688]
5 ACPI[0xF93D3620] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0[0x812C4030]
\Driver\IdeChnDr[0x812C6A10] -> IRP_MJ_CREATE -> 0x812F71F8
kernel: MBR read successfully
user & kernel MBR OK

Zu Punkt 3:
Hier das logfile

Code:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-22 17:53:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0 ST340015 rev.3.01
Running: 5idcs5z6.exe; Driver: C:\DOKUME~1\Florian\LOKALE~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT      spaq.sys                                                                                                            ZwCreateKey [0xF94150E0]
SSDT      spaq.sys                                                                                                            ZwEnumerateKey [0xF942DDA4]
SSDT      spaq.sys                                                                                                            ZwEnumerateValueKey [0xF942E132]
SSDT      spaq.sys                                                                                                            ZwOpenKey [0xF94150C0]
SSDT      spaq.sys                                                                                                            ZwQueryKey [0xF942E20A]
SSDT      spaq.sys                                                                                                            ZwQueryValueKey [0xF942E08A]
SSDT      spaq.sys                                                                                                            ZwSetValueKey [0xF942E29C]

INT 0x62  ?                                                                                                                   812F7BF8
INT 0x63  ?                                                                                                                   FEBBFDD4
INT 0x73  ?                                                                                                                   FEA24724
INT 0x82  ?                                                                                                                   812F7BF8
INT 0x92  ?                                                                                                                   FEBC3C1C
INT 0xA4  ?                                                                                                                   FEAF8774
INT 0xB4  ?                                                                                                                   FE9924BC

---- Kernel code sections - GMER 1.0.15 ----

?         spaq.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text     USBPORT.SYS!DllUnload                                                                                               F0FB78AC 5 Bytes  JMP FE8A44E0 
?         C:\DOKUME~1\Florian\LOKALE~1\Temp\mbr.sys                                                                           Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                              812F61F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{B095172B-3173-4232-A696-28D1A90127F0}                                            FEA37500
Device    \Driver\usbuhci \Device\USBPDO-0                                                                                    811771F8
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                    811771F8
Device    \Driver\dmio \Device\DmControl\DmIoDaemon                                                                           812F81F8
Device    \Driver\dmio \Device\DmControl\DmConfig                                                                             812F81F8
Device    \Driver\dmio \Device\DmControl\DmPnP                                                                                812F81F8
Device    \Driver\dmio \Device\DmControl\DmInfo                                                                               812F81F8
Device    \Driver\usbuhci \Device\USBPDO-2                                                                                    811771F8
Device    \Driver\usbehci \Device\USBPDO-3                                                                                    FE8BF500
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8134E1F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{034C37C5-A86A-418F-BDD6-8E19EF30D7BC}                                            FEA37500
Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8134E1F8
Device    \Driver\Cdrom \Device\CdRom0                                                                                        FE8CD500
Device    \Driver\USBSTOR \Device\00000065                                                                                    FE907500
Device    \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0                                                                        812F71F8
Device    \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0                                                                        812F71F8
Device    \Driver\IdeChnDr \Device\Ide\IdeChnDr0                                                                              812F71F8
Device    \Driver\IdeChnDr \Device\Ide\IdeChnDr1                                                                              812F71F8
Device    \Driver\USBSTOR \Device\00000067                                                                                    FE907500
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                             FEA37500
Device    \Driver\NetBT \Device\NetbiosSmb                                                                                    FEA37500
Device    \Driver\USBSTOR \Device\00000086                                                                                    FE907500
Device    \Driver\USBSTOR \Device\00000089                                                                                    FE907500
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                    811771F8
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                    811771F8
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   FE8AA1F8
Device    \Driver\usbuhci \Device\USBFDO-2                                                                                    811771F8
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         FE8AA1F8
Device    \Driver\usbehci \Device\USBFDO-3                                                                                    FE8BF500
Device    \Driver\Ftdisk \Device\FtControl                                                                                    8134E1F8
Device    \FileSystem\Cdfs \Cdfs                                                                                              FE8F9500

---- Registry - GMER 1.0.15 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583f14b2d                                         
Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583f14b2d@00025a008adb                            0x43 0x3A 0x94 0x09 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x8B 0x73 0x9A 0xD9 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583f14b2d (not active ControlSet)                     
Reg       HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583f14b2d@00025a008adb                                0x43 0x3A 0x94 0x09 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xC1 0xFC 0xCC 0xA0 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x6F 0xD7 0xFF 0x13 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x0B 0x01 0xAC 0xA6 ...

---- Disk sectors - GMER 1.0.15 ----

Disk      \Device\Harddisk0\DR0                                                                                               malicious Win32:MBRoot code @ sector 78140163
Disk      \Device\Harddisk0\DR0                                                                                               PE file @ sector 78140185

---- Files - GMER 1.0.15 ----

File      C:\Winmend~Folder~Hidden\...\cn                                                                                     0 bytes
File      C:\Winmend~Folder~Hidden\...\cn\842925246-2025429265-HidePassword.ini                                               51 bytes

---- EOF - GMER 1.0.15 ----

**Petra** · 23.03.2012, 03:11

Hallo taeckel,

===== Punkt 1 =====

zu Punkt 1: hm, müsste da eigentlich zu finden sein, ansonsten lasse uns in der Registry schauen:

Scan mit SystemLook

Hiermit prüfe ich, ob für diese Infektion übliche Einträge noch vorhanden sind. Das Tool ändert nichts, wirft mir nur die nötigen Infos aus.

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop (falls noch nicht vorhanden).

Download Mirror #1 - Download Mirror #2
User mit 64Bit-Windows-Versionen benutzen diese Version => http://jpshortstuff.247fixes.com/SystemLook_x64.exe

Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista- und Windows 7-User unbedingt mit Rechtsklick und als Administrator starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
```
:regfind
asl.log
```
Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

===== Punkt 2 =====

Fixen mit OTL

Hiermit fixen wir unnötige oder schädliche Einträge.

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

:Processes
killallprocesses

:OTL

:Services
spaq
sptd

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd]

:Files
C:\Programme\DAEMON Tools Lite

:Commands
[purity]
[resethosts]
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

===== Punkt 3 =====

TDSSKiller von Kaspersky

Wichtig:

Deinstalliere über Systemsteuerung => Software/Programme vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche, da sie bei der Rootkit-Suche das Ergebnis verfälschen können.
Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
Starte die TDSSKiller.exe durch Doppelklick.
Vista- und Windows7-User mit Rechtsklick und als Administrator starten.
Klicke auf Start Scan, um den Suchlauf zu starten.
In den Settings die Additional options nicht anhaken und mit Ok bestätigen.
Klicke erneut auf Start Scan, um den Suchlauf zu starten.
Sollte TDSSKiller Funde machen, wird das Tool fragen, was damit zu tun ist.
In diesem Fall wähle cure, was soviel wie desinfizieren bedeutet.
Bei Funden nach Beendigung des Scans das System neu starten.
Beim Hochfahren des Systems werden die Funde dann bereinigt und/oder gelöscht.
Den Bericht erhälst Du durch Klick auf Report rechts oben. Bitte hier in den Thread posten.
Da nur der letzte Report unter C:\TDSSKiller<random>.txt gespeichert wird, ggfs. ältere Berichte unter einem anderen Namen speichern.

Hier findest Du eine ausführlichere Anleitung.

**taeckel** · 23.03.2012, 09:14

Zu Punkt 1:
Irgendwie stürzt SystemLook dauernd ab mit dieser Fehlermeldung:
fehler.JPG
Ich kann das Tool zwar starten und den Code von Dir eingeben, aber dann kommt halt die o. a. Fehlermeldung. Habe versucht, das Tool (, das ich ja schon heruntergeladen hatte,) vom Desktop zu starten, es vom Administrator Desktop zu starten und ich habe es auch neu heruntergeladen - immer dieselbe Fehlermeldung.

Zu Punkt 2:
Habe ich gemacht, hier das logfile

Code:

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
Error: No service named spaq was found to stop!
Service\Driver key spaq not found.
Error: Unable to stop service sptd!
Unable to delete service\driver key sptd.
========== REGISTRY ==========
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\ deleted successfully.
========== FILES ==========
File\Folder C:\Programme\DAEMON Tools Lite not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 180224 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 25497902 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Florian
->Temp folder emptied: 31919858 bytes
->Temporary Internet Files folder emptied: 641394 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45712712 bytes
->Flash cache emptied: 456 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105897 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 99,00 mb
 
 
OTL by OldTimer - Version 3.2.39.1 log created on 03232012_094613

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\ scheduled to be deleted on reboot.

Sieht für mich so aus, als hätte da irgendwas nicht ganz funktioniert, oder?

Zu Punkt 3:
Erledigo.
Es wurden zwei files gefunden, wobei ich nur bei einem "cure" anordnen konnte. Das andere habe ich auf "skip" gelassen
tdsskiller.JPG

Hier der Report

Code:

10:05:50.0312 1460	TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
10:05:50.0515 1460	============================================================
10:05:50.0515 1460	Current date / time: 2012/03/23 10:05:50.0515
10:05:50.0515 1460	SystemInfo:
10:05:50.0515 1460	
10:05:50.0546 1460	OS Version: 5.1.2600 ServicePack: 3.0
10:05:50.0546 1460	Product type: Workstation
10:05:50.0546 1460	ComputerName: FLO
10:05:50.0578 1460	UserName: Florian
10:05:50.0578 1460	Windows directory: C:\WINDOWS
10:05:50.0578 1460	System windows directory: C:\WINDOWS
10:05:50.0578 1460	Processor architecture: Intel x86
10:05:50.0578 1460	Number of processors: 1
10:05:50.0578 1460	Page size: 0x1000
10:05:50.0578 1460	Boot type: Normal boot
10:05:50.0578 1460	============================================================
10:05:53.0625 1460	Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:05:53.0671 1460	Drive \Device\Harddisk1\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:05:53.0687 1460	\Device\Harddisk0\DR0:
10:05:53.0687 1460	MBR used
10:05:53.0687 1460	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
10:05:53.0687 1460	\Device\Harddisk1\DR2:
10:05:53.0687 1460	MBR used
10:05:53.0687 1460	\Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
10:05:54.0031 1460	Initialize success
10:05:54.0031 1460	============================================================

**Petra** · 23.03.2012, 11:05

Zusätzlicher Lauf mit TDSSKiller von Kaspersky

Starte die TDSSKiller.exe auf dem Desktop durch Doppelklick.
Vista- und Windows7-User mit Rechtsklick und als Administrator starten.
Klicke auf Change parameters, um die Einstellungen zu ändern.
In den Settings die Additional options anhaken und mit Ok bestätigen.
Klicke erneut auf Start Scan, um den Suchlauf zu starten.
Sollte TDSSKiller Funde machen, wird das Tool fragen, was damit zu tun ist.
In diesem Fall wähle ignore, was soviel wie ignorieren bedeutet.
Den Bericht erhälst Du durch Klick auf Report rechts oben. Bitte hier in den Thread posten.
Wir prüfen die Funde und geben Dir dann Bescheid, wie damit verfahren werden soll.
Da nur der letzte Report unter C:\TDSSKiller<random>.txt gespeichert wird, ggfs. ältere Berichte unter einem anderen Namen speichern.

Hier findest Du eine ausführlichere Anleitung.

**taeckel** · 23.03.2012, 12:17

voilá

Code:

13:08:21.0421 2328	TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
13:08:21.0968 2328	============================================================
13:08:21.0968 2328	Current date / time: 2012/03/23 13:08:21.0968
13:08:21.0968 2328	SystemInfo:
13:08:21.0968 2328	
13:08:21.0984 2328	OS Version: 5.1.2600 ServicePack: 3.0
13:08:21.0984 2328	Product type: Workstation
13:08:21.0984 2328	ComputerName: FLO
13:08:22.0265 2328	UserName: Florian
13:08:22.0265 2328	Windows directory: C:\WINDOWS
13:08:22.0265 2328	System windows directory: C:\WINDOWS
13:08:22.0265 2328	Processor architecture: Intel x86
13:08:22.0265 2328	Number of processors: 1
13:08:22.0265 2328	Page size: 0x1000
13:08:22.0265 2328	Boot type: Normal boot
13:08:22.0265 2328	============================================================
13:08:23.0062 2328	Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:08:23.0468 2328	Drive \Device\Harddisk1\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:08:23.0468 2328	\Device\Harddisk0\DR0:
13:08:23.0500 2328	MBR used
13:08:23.0500 2328	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
13:08:23.0500 2328	\Device\Harddisk1\DR2:
13:08:23.0500 2328	MBR used
13:08:23.0500 2328	\Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
13:08:24.0171 2328	Initialize success
13:08:24.0171 2328	============================================================
13:08:33.0171 0352	============================================================
13:08:33.0171 0352	Scan started
13:08:33.0171 0352	Mode: Manual; SigCheck; TDLFS; 
13:08:33.0171 0352	============================================================
13:08:42.0015 0352	Abiosdsk - ok
13:08:42.0453 0352	abp480n5 - ok
13:08:42.0953 0352	ac97intc        (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
13:09:10.0343 0352	ac97intc - ok
13:09:11.0000 0352	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:09:11.0640 0352	ACPI - ok
13:09:12.0203 0352	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:09:12.0750 0352	ACPIEC - ok
13:09:13.0250 0352	adpu160m - ok
13:09:14.0000 0352	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:09:14.0656 0352	aec - ok
13:09:15.0234 0352	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:09:15.0687 0352	AFD - ok
13:09:15.0937 0352	AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Programme\LSI SoftModem\agrsmsvc.exe
13:09:16.0312 0352	AgereModemAudio - ok
13:09:17.0468 0352	AgereSoftModem  (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
13:09:18.0187 0352	AgereSoftModem - ok
13:09:18.0703 0352	Aha154x - ok
13:09:19.0171 0352	aic78u2 - ok
13:09:19.0640 0352	aic78xx - ok
13:09:21.0468 0352	ALCXWDM         (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:09:25.0437 0352	ALCXWDM - ok
13:09:25.0953 0352	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
13:09:26.0531 0352	Alerter - ok
13:09:26.0890 0352	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
13:09:27.0218 0352	ALG - ok
13:09:27.0656 0352	AliIde - ok
13:09:28.0062 0352	amsint - ok
13:09:28.0500 0352	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
13:09:28.0859 0352	AppMgmt - ok
13:09:29.0296 0352	asc - ok
13:09:29.0828 0352	asc3350p - ok
13:09:30.0234 0352	asc3550 - ok
13:09:30.0656 0352	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:09:31.0156 0352	aspnet_state - ok
13:09:31.0625 0352	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:09:32.0093 0352	AsyncMac - ok
13:09:32.0609 0352	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:09:33.0156 0352	atapi - ok
13:09:33.0921 0352	Atdisk - ok
13:09:34.0593 0352	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:09:35.0062 0352	Atmarpc - ok
13:09:35.0593 0352	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
13:09:36.0218 0352	AudioSrv - ok
13:09:36.0781 0352	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:09:37.0328 0352	audstub - ok
13:09:37.0890 0352	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:09:38.0468 0352	Beep - ok
13:09:39.0093 0352	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
13:09:40.0171 0352	BITS - ok
13:09:40.0703 0352	BlueletAudio - ok
13:09:41.0078 0352	BlueletSCOAudio - ok
13:09:41.0640 0352	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
13:09:42.0093 0352	Browser - ok
13:09:42.0562 0352	BT - ok
13:09:43.0328 0352	btaudio         (faba1418646a2b433c0bded6ff92d2fa) C:\WINDOWS\system32\drivers\btaudio.sys
13:09:53.0796 0352	btaudio - ok
13:09:54.0281 0352	Btcsrusb - ok
13:09:55.0000 0352	BTDriver        (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
13:09:55.0093 0352	BTDriver - ok
13:09:55.0734 0352	BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
13:09:56.0234 0352	BthEnum - ok
13:09:56.0859 0352	BTHidEnum - ok
13:09:57.0328 0352	BTHidMgr - ok
13:09:58.0171 0352	BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
13:09:58.0593 0352	BthPan - ok
13:09:59.0265 0352	BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
13:09:59.0890 0352	BTHPORT - ok
13:10:00.0359 0352	BthServ         (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll
13:10:00.0921 0352	BthServ - ok
13:10:01.0609 0352	BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
13:10:02.0062 0352	BTHUSB - ok
13:10:03.0062 0352	BTKRNL          (aef038061bc1cafb4865d43a85beb1a1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
13:10:04.0593 0352	BTKRNL - ok
13:10:05.0062 0352	btwdins         (f20629ff9ed48efa98fdc5d99919e8c0) C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
13:10:05.0359 0352	btwdins - ok
13:10:05.0953 0352	BTWDNDIS        (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
13:10:06.0046 0352	BTWDNDIS - ok
13:10:06.0671 0352	btwhid          (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
13:10:06.0750 0352	btwhid - ok
13:10:07.0359 0352	BTWUSB          (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys
13:10:07.0390 0352	BTWUSB - ok
13:10:07.0875 0352	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:10:08.0312 0352	cbidf2k - ok
13:10:08.0937 0352	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:10:09.0359 0352	CCDECODE - ok
13:10:09.0890 0352	cd20xrnt - ok
13:10:10.0546 0352	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:10:10.0984 0352	Cdaudio - ok
13:10:11.0453 0352	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:10:11.0984 0352	Cdfs - ok
13:10:12.0562 0352	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:10:13.0000 0352	Cdrom - ok
13:10:13.0484 0352	Changer - ok
13:10:14.0031 0352	CHIPDRIVE USB SmartCardReader (937c7cea2703d07312d540831814288c) C:\WINDOWS\system32\DRIVERS\TwkUsb2K.sys
13:10:14.0218 0352	CHIPDRIVE USB SmartCardReader ( UnsignedFile.Multi.Generic ) - warning
13:10:14.0218 0352	CHIPDRIVE USB SmartCardReader - detected UnsignedFile.Multi.Generic (1)
13:10:14.0687 0352	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
13:10:15.0171 0352	CiSvc - ok
13:10:15.0562 0352	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
13:10:15.0984 0352	ClipSrv - ok
13:10:16.0359 0352	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:10:16.0671 0352	clr_optimization_v2.0.50727_32 - ok
13:10:17.0234 0352	CmdIde - ok
13:10:17.0703 0352	COMSysApp - ok
13:10:18.0406 0352	Cpqarray - ok
13:10:18.0750 0352	cpuz132 - ok
13:10:19.0187 0352	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
13:10:19.0421 0352	CryptSvc - ok
13:10:20.0015 0352	dac2w2k - ok
13:10:20.0421 0352	dac960nt - ok
13:10:21.0000 0352	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
13:10:21.0375 0352	DcomLaunch - ok
13:10:21.0890 0352	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
13:10:22.0125 0352	Dhcp - ok
13:10:22.0718 0352	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:10:22.0968 0352	Disk - ok
13:10:23.0234 0352	dmadmin - ok
13:10:23.0984 0352	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:10:24.0718 0352	dmboot - ok
13:10:25.0281 0352	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:10:25.0578 0352	dmio - ok
13:10:25.0953 0352	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:10:26.0218 0352	dmload - ok
13:10:26.0500 0352	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
13:10:26.0828 0352	dmserver - ok
13:10:27.0437 0352	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:10:27.0828 0352	DMusic - ok
13:10:28.0593 0352	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
13:10:28.0875 0352	Dnscache - ok
13:10:29.0359 0352	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
13:10:29.0703 0352	Dot3svc - ok
13:10:30.0078 0352	dpti2o - ok
13:10:30.0328 0352	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:10:30.0703 0352	drmkaud - ok
13:10:31.0062 0352	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
13:10:31.0375 0352	EapHost - ok
13:10:31.0875 0352	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
13:10:32.0171 0352	ERSvc - ok
13:10:32.0625 0352	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:10:32.0687 0352	Eventlog - ok
13:10:32.0968 0352	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
13:10:33.0187 0352	EventSystem - ok
13:10:33.0703 0352	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:10:33.0984 0352	Fastfat - ok
13:10:34.0421 0352	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:10:34.0750 0352	FastUserSwitchingCompatibility - ok
13:10:35.0171 0352	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:10:35.0468 0352	Fdc - ok
13:10:35.0906 0352	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:10:36.0109 0352	Fips - ok
13:10:36.0656 0352	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:10:36.0984 0352	Flpydisk - ok
13:10:37.0687 0352	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:10:37.0953 0352	FltMgr - ok
13:10:38.0312 0352	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:10:38.0656 0352	FontCache3.0.0.0 - ok
13:10:39.0125 0352	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:10:39.0328 0352	Fs_Rec - ok
13:10:40.0156 0352	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:10:40.0375 0352	Ftdisk - ok
13:10:41.0078 0352	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:10:41.0281 0352	Gpc - ok
13:10:41.0671 0352	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:10:41.0906 0352	helpsvc - ok
13:10:42.0125 0352	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
13:10:42.0343 0352	HidServ - ok
13:10:42.0828 0352	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:10:43.0078 0352	hidusb - ok
13:10:43.0687 0352	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
13:10:43.0890 0352	hkmsvc - ok
13:10:44.0265 0352	hpn - ok
13:10:44.0640 0352	hpqcxs08        (ce0fcec4d4d860f36d972759b11eaf0f) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
13:10:44.0812 0352	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
13:10:44.0812 0352	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
13:10:45.0203 0352	hpqddsvc        (7da3211ac63edd90b8eca1ca1abfd43b) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
13:10:45.0265 0352	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
13:10:45.0265 0352	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
13:10:45.0750 0352	HPSLPSVC        (14229263aa19c704e0d6d2e7404a8455) C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL
13:10:46.0171 0352	HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
13:10:46.0171 0352	HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
13:10:46.0828 0352	HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:10:47.0421 0352	HPZid412 - ok
13:10:47.0906 0352	HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:10:48.0031 0352	HPZipr12 - ok
13:10:48.0562 0352	HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:10:48.0656 0352	HPZius12 - ok
13:10:49.0406 0352	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:10:49.0906 0352	HTTP - ok
13:10:50.0343 0352	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
13:10:50.0562 0352	HTTPFilter - ok
13:10:51.0000 0352	i2omgmt - ok
13:10:51.0218 0352	i2omp - ok
13:10:51.0343 0352	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:10:51.0531 0352	i8042prt - ok
13:10:51.0734 0352	ialm            (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:10:51.0890 0352	ialm - ok
13:10:52.0046 0352	IdeBusDr        (791f0829de88dd0ca77192f0dfad03b6) C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
13:10:52.0296 0352	IdeBusDr - ok
13:10:52.0828 0352	IdeChnDr        (7d2b8be9e89628663c1fb571f7c34062) C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
13:10:52.0906 0352	IdeChnDr - ok
13:10:53.0203 0352	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:10:53.0328 0352	idsvc - ok
13:10:53.0468 0352	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:10:53.0671 0352	Imapi - ok
13:10:53.0812 0352	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
13:10:54.0000 0352	ImapiService - ok
13:10:54.0109 0352	ini910u - ok
13:10:54.0250 0352	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:10:54.0484 0352	IntelIde - ok
13:10:54.0625 0352	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:10:54.0796 0352	intelppm - ok
13:10:54.0906 0352	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:10:55.0093 0352	Ip6Fw - ok
13:10:55.0218 0352	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:10:55.0390 0352	IpFilterDriver - ok
13:10:55.0562 0352	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:10:55.0734 0352	IpInIp - ok
13:10:55.0843 0352	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:10:56.0046 0352	IpNat - ok
13:10:56.0171 0352	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:10:56.0359 0352	IPSec - ok
13:10:56.0984 0352	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:10:57.0218 0352	IRENUM - ok
13:10:57.0812 0352	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:10:58.0000 0352	isapnp - ok
13:10:58.0046 0352	JavaQuickStarterService - ok
13:10:58.0171 0352	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:10:58.0375 0352	Kbdclass - ok
13:10:58.0734 0352	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:10:58.0921 0352	kbdhid - ok
13:10:59.0031 0352	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:10:59.0234 0352	kmixer - ok
13:10:59.0375 0352	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:10:59.0515 0352	KSecDD - ok
13:10:59.0671 0352	LanmanServer    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
13:10:59.0734 0352	LanmanServer - ok
13:10:59.0890 0352	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
13:10:59.0984 0352	lanmanworkstation - ok
13:11:00.0078 0352	lbrtfdc - ok
13:11:00.0171 0352	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
13:11:00.0343 0352	LmHosts - ok
13:11:00.0593 0352	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
13:11:00.0656 0352	MBAMProtector - ok
13:11:00.0687 0352	MBAMService - ok
13:11:00.0828 0352	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
13:11:01.0000 0352	Messenger - ok
13:11:01.0296 0352	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:11:01.0515 0352	mnmdd - ok
13:11:01.0640 0352	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
13:11:01.0859 0352	mnmsrvc - ok
13:11:02.0000 0352	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:11:02.0171 0352	Modem - ok
13:11:02.0265 0352	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:11:02.0468 0352	Mouclass - ok
13:11:02.0625 0352	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:11:02.0828 0352	mouhid - ok
13:11:02.0890 0352	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:11:03.0109 0352	MountMgr - ok
13:11:03.0187 0352	mraid35x - ok
13:11:03.0281 0352	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:11:03.0484 0352	MRxDAV - ok
13:11:03.0671 0352	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:11:03.0765 0352	MRxSmb - ok
13:11:03.0890 0352	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
13:11:04.0078 0352	MSDTC - ok
13:11:04.0218 0352	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:11:04.0421 0352	Msfs - ok
13:11:04.0578 0352	MSIServer - ok
13:11:04.0718 0352	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:11:04.0875 0352	MSKSSRV - ok
13:11:05.0000 0352	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:11:05.0187 0352	MSPCLOCK - ok
13:11:05.0296 0352	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:11:05.0484 0352	MSPQM - ok
13:11:05.0656 0352	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:11:05.0828 0352	mssmbios - ok
13:11:05.0937 0352	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:11:06.0125 0352	MSTEE - ok
13:11:06.0265 0352	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:11:06.0343 0352	Mup - ok
13:11:06.0625 0352	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:11:06.0796 0352	NABTSFEC - ok
13:11:06.0921 0352	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
13:11:07.0156 0352	napagent - ok
13:11:07.0281 0352	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:11:07.0453 0352	NDIS - ok
13:11:07.0609 0352	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:11:07.0781 0352	NdisIP - ok
13:11:07.0921 0352	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:11:07.0984 0352	NdisTapi - ok
13:11:08.0109 0352	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:11:08.0312 0352	Ndisuio - ok
13:11:08.0421 0352	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:11:08.0656 0352	NdisWan - ok
13:11:08.0796 0352	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:11:08.0875 0352	NDProxy - ok
13:11:09.0031 0352	Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
13:11:09.0062 0352	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:11:09.0062 0352	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:11:09.0171 0352	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:11:09.0359 0352	NetBIOS - ok
13:11:09.0656 0352	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:11:09.0843 0352	NetBT - ok
13:11:09.0968 0352	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:11:10.0140 0352	NetDDE - ok
13:11:10.0156 0352	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:11:10.0359 0352	NetDDEdsdm - ok
13:11:10.0546 0352	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:11:10.0718 0352	Netlogon - ok
13:11:10.0859 0352	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
13:11:11.0046 0352	Netman - ok
13:11:11.0250 0352	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:11:11.0296 0352	NetTcpPortSharing - ok
13:11:11.0546 0352	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
13:11:11.0609 0352	Nla - ok
13:11:11.0718 0352	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:11:11.0890 0352	Npfs - ok
13:11:12.0390 0352	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:11:12.0718 0352	Ntfs - ok
13:11:12.0875 0352	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:11:13.0046 0352	NtLmSsp - ok
13:11:13.0203 0352	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
13:11:13.0406 0352	NtmsSvc - ok
13:11:13.0656 0352	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:11:13.0859 0352	Null - ok
13:11:13.0984 0352	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:11:14.0140 0352	NwlnkFlt - ok
13:11:14.0250 0352	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:11:14.0484 0352	NwlnkFwd - ok
13:11:14.0609 0352	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
13:11:14.0625 0352	ose - ok
13:11:14.0750 0352	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:11:14.0937 0352	Parport - ok
13:11:15.0031 0352	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:11:15.0234 0352	PartMgr - ok
13:11:15.0343 0352	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:11:15.0500 0352	ParVdm - ok
13:11:15.0656 0352	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:11:15.0843 0352	PCI - ok
13:11:15.0937 0352	PCIDump - ok
13:11:16.0031 0352	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\drivers\PCIIde.sys
13:11:16.0187 0352	PCIIde - ok
13:11:16.0328 0352	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:11:16.0500 0352	Pcmcia - ok
13:11:16.0609 0352	PDCOMP - ok
13:11:16.0687 0352	PDFRAME - ok
13:11:16.0750 0352	PDRELI - ok
13:11:16.0843 0352	PDRFRAME - ok
13:11:16.0906 0352	perc2 - ok
13:11:16.0984 0352	perc2hib - ok
13:11:17.0125 0352	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:11:17.0156 0352	PlugPlay - ok
13:11:17.0328 0352	Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
13:11:17.0359 0352	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:11:17.0359 0352	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:11:17.0546 0352	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:11:17.0734 0352	PolicyAgent - ok
13:11:17.0843 0352	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:11:18.0046 0352	PptpMiniport - ok
13:11:18.0156 0352	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:11:18.0328 0352	ProtectedStorage - ok
13:11:18.0562 0352	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:11:18.0750 0352	PSched - ok
13:11:19.0203 0352	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:11:19.0390 0352	Ptilink - ok
13:11:19.0828 0352	ql1080 - ok
13:11:20.0203 0352	Ql10wnt - ok
13:11:20.0437 0352	ql12160 - ok
13:11:20.0937 0352	ql1240 - ok
13:11:21.0656 0352	ql1280 - ok
13:11:21.0953 0352	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:11:22.0109 0352	RasAcd - ok
13:11:22.0218 0352	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
13:11:22.0390 0352	RasAuto - ok
13:11:22.0578 0352	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:11:22.0781 0352	Rasl2tp - ok
13:11:22.0890 0352	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
13:11:23.0046 0352	RasMan - ok
13:11:23.0140 0352	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:11:23.0312 0352	RasPppoe - ok
13:11:23.0390 0352	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:11:23.0578 0352	Raspti - ok
13:11:23.0859 0352	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:11:24.0062 0352	Rdbss - ok
13:11:24.0203 0352	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:11:24.0484 0352	RDPCDD - ok
13:11:24.0640 0352	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:11:24.0906 0352	rdpdr - ok
13:11:25.0046 0352	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:11:25.0093 0352	RDPWD - ok
13:11:25.0187 0352	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
13:11:25.0375 0352	RDSessMgr - ok
13:11:25.0593 0352	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:11:25.0781 0352	redbook - ok
13:11:25.0890 0352	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
13:11:26.0078 0352	RemoteAccess - ok
13:11:26.0250 0352	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
13:11:26.0593 0352	RemoteRegistry - ok
13:11:26.0750 0352	RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
13:11:26.0953 0352	RFCOMM - ok
13:11:27.0078 0352	ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
13:11:27.0234 0352	ROOTMODEM - ok
13:11:27.0359 0352	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
13:11:27.0562 0352	RpcLocator - ok
13:11:27.0687 0352	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
13:11:27.0718 0352	RpcSs - ok
13:11:27.0812 0352	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
13:11:28.0000 0352	RSVP - ok
13:11:28.0140 0352	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:11:28.0328 0352	rtl8139 - ok
13:11:28.0515 0352	RTL8192su       (19e1cc285f736616b7379a7462fc438a) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
13:11:28.0609 0352	RTL8192su - ok
13:11:28.0734 0352	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:11:28.0906 0352	SamSs - ok
13:11:29.0031 0352	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
13:11:29.0218 0352	SCardSvr - ok
13:11:29.0359 0352	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
13:11:29.0562 0352	Schedule - ok
13:11:29.0734 0352	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:11:29.0828 0352	Secdrv - ok
13:11:29.0890 0352	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
13:11:30.0093 0352	seclogon - ok
13:11:30.0218 0352	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
13:11:30.0390 0352	SENS - ok
13:11:30.0531 0352	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:11:30.0718 0352	serenum - ok
13:11:30.0812 0352	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:11:31.0000 0352	Serial - ok
13:11:31.0109 0352	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:11:31.0296 0352	Sfloppy - ok
13:11:31.0421 0352	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
13:11:31.0781 0352	SharedAccess - ok
13:11:31.0953 0352	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:11:31.0968 0352	ShellHWDetection - ok
13:11:32.0078 0352	Simbad - ok
13:11:32.0171 0352	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:11:32.0343 0352	SLIP - ok
13:11:32.0515 0352	Sparrow - ok
13:11:32.0609 0352	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:11:32.0765 0352	splitter - ok
13:11:32.0875 0352	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:11:32.0921 0352	Spooler - ok
13:11:33.0109 0352	sptd            (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
13:11:33.0109 0352	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
13:11:33.0109 0352	sptd ( LockedFile.Multi.Generic ) - warning
13:11:33.0109 0352	sptd - detected LockedFile.Multi.Generic (1)
13:11:33.0187 0352	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:11:33.0281 0352	sr - ok
13:11:33.0375 0352	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
13:11:33.0468 0352	srservice - ok
13:11:33.0640 0352	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:11:33.0812 0352	Srv - ok
13:11:33.0984 0352	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
13:11:34.0078 0352	SSDPSRV - ok
13:11:34.0234 0352	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
13:11:34.0484 0352	stisvc - ok
13:11:34.0687 0352	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:11:34.0859 0352	streamip - ok
13:11:34.0953 0352	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:11:35.0140 0352	swenum - ok
13:11:35.0234 0352	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:11:35.0406 0352	swmidi - ok
13:11:35.0515 0352	SwPrv - ok
13:11:35.0593 0352	symc810 - ok
13:11:35.0671 0352	symc8xx - ok
13:11:35.0734 0352	sym_hi - ok
13:11:35.0812 0352	sym_u3 - ok
13:11:35.0890 0352	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:11:36.0078 0352	sysaudio - ok
13:11:36.0218 0352	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
13:11:36.0421 0352	SysmonLog - ok
13:11:36.0671 0352	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
13:11:36.0843 0352	TapiSrv - ok
13:11:37.0015 0352	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:11:37.0093 0352	Tcpip - ok
13:11:37.0234 0352	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:11:37.0390 0352	TDPIPE - ok
13:11:37.0593 0352	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:11:37.0781 0352	TDTCP - ok
13:11:37.0875 0352	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:11:38.0046 0352	TermDD - ok
13:11:38.0171 0352	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
13:11:38.0343 0352	TermService - ok
13:11:38.0562 0352	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:11:38.0578 0352	Themes - ok
13:11:38.0718 0352	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
13:11:38.0812 0352	TlntSvr - ok
13:11:38.0906 0352	TosIde - ok
13:11:39.0031 0352	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
13:11:39.0234 0352	TrkWks - ok
13:11:39.0359 0352	TwkMs           (8c7d0928b76dc2b8235995a01ce33037) C:\WINDOWS\system32\drivers\TwkMs.sys
13:11:39.0375 0352	TwkMs ( UnsignedFile.Multi.Generic ) - warning
13:11:39.0375 0352	TwkMs - detected UnsignedFile.Multi.Generic (1)
13:11:39.0562 0352	TWKSER2K        (be910aceab65fa3ae67ae98b19fcac4b) C:\WINDOWS\system32\DRIVERS\TWKSER2K.sys
13:11:39.0609 0352	TWKSER2K ( UnsignedFile.Multi.Generic ) - warning
13:11:39.0609 0352	TWKSER2K - detected UnsignedFile.Multi.Generic (1)
13:11:39.0718 0352	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:11:39.0875 0352	Udfs - ok
13:11:39.0968 0352	ultra - ok
13:11:40.0093 0352	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:11:40.0312 0352	Update - ok
13:11:40.0531 0352	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
13:11:40.0609 0352	upnphost - ok
13:11:40.0734 0352	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
13:11:40.0890 0352	UPS - ok
13:11:41.0015 0352	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:11:41.0171 0352	usbccgp - ok
13:11:41.0281 0352	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:11:41.0500 0352	usbehci - ok
13:11:41.0656 0352	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:11:41.0843 0352	usbhub - ok
13:11:41.0968 0352	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:11:42.0125 0352	usbprint - ok
13:11:42.0250 0352	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:11:42.0546 0352	usbscan - ok
13:11:42.0703 0352	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:11:42.0843 0352	USBSTOR - ok
13:11:42.0937 0352	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:11:43.0093 0352	usbuhci - ok
13:11:43.0203 0352	usb_rndisx      (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
13:11:43.0359 0352	usb_rndisx - ok
13:11:43.0578 0352	VComm - ok
13:11:44.0062 0352	VcommMgr - ok
13:11:44.0406 0352	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:11:44.0562 0352	VgaSave - ok
13:11:44.0718 0352	ViaIde - ok
13:11:44.0796 0352	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:11:44.0953 0352	VolSnap - ok
13:11:45.0046 0352	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
13:11:45.0140 0352	VSS - ok
13:11:45.0265 0352	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
13:11:45.0468 0352	W32Time - ok
13:11:45.0593 0352	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:11:45.0750 0352	Wanarp - ok
13:11:45.0890 0352	wceusbsh        (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
13:11:45.0953 0352	wceusbsh - ok
13:11:46.0031 0352	WDICA - ok
13:11:46.0125 0352	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:11:46.0296 0352	wdmaud - ok
13:11:46.0390 0352	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
13:11:46.0562 0352	WebClient - ok
13:11:46.0750 0352	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:11:46.0906 0352	winmgmt - ok
13:11:47.0093 0352	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:11:47.0203 0352	WmdmPmSN - ok
13:11:47.0359 0352	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
13:11:47.0484 0352	Wmi - ok
13:11:47.0687 0352	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:11:47.0906 0352	WmiApSrv - ok
13:11:48.0078 0352	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
13:11:48.0203 0352	WMPNetworkSvc - ok
13:11:48.0343 0352	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:11:48.0375 0352	WpdUsb - ok
13:11:48.0640 0352	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
13:11:48.0843 0352	wscsvc - ok
13:11:48.0968 0352	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:11:49.0187 0352	WSTCODEC - ok
13:11:49.0296 0352	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
13:11:49.0531 0352	wuauserv - ok
13:11:49.0734 0352	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:11:49.0796 0352	WudfPf - ok
13:11:49.0953 0352	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:11:49.0968 0352	WudfRd - ok
13:11:50.0093 0352	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:11:50.0125 0352	WudfSvc - ok
13:11:50.0265 0352	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
13:11:50.0500 0352	WZCSVC - ok
13:11:50.0640 0352	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
13:11:50.0828 0352	xmlprov - ok
13:11:50.0937 0352	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
13:11:51.0109 0352	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:11:51.0109 0352	\Device\Harddisk0\DR0 - detected TDSS File System (1)
13:11:51.0140 0352	MBR (0x1B8)     (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR2
13:11:51.0843 0352	\Device\Harddisk1\DR2 - ok
13:11:51.0859 0352	Boot (0x1200)   (ae5b167d3454d614c6692f26ae0a9b92) \Device\Harddisk0\DR0\Partition0
13:11:51.0859 0352	\Device\Harddisk0\DR0\Partition0 - ok
13:11:51.0875 0352	Boot (0x1200)   (89b7fda2e2c04c534e218e39fc303ba5) \Device\Harddisk1\DR2\Partition0
13:11:51.0890 0352	\Device\Harddisk1\DR2\Partition0 - ok
13:11:51.0890 0352	============================================================
13:11:51.0890 0352	Scan finished
13:11:51.0890 0352	============================================================
13:11:52.0031 1832	Detected object count: 10
13:11:52.0031 1832	Actual detected object count: 10
13:13:33.0328 1832	CHIPDRIVE USB SmartCardReader ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:33.0328 1832	CHIPDRIVE USB SmartCardReader ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:13:33.0328 1832	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:33.0328 1832	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:13:33.0328 1832	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:33.0328 1832	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:13:33.0328 1832	HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:33.0328 1832	HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:13:33.0343 1832	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:33.0343 1832	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:13:33.0343 1832	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:33.0343 1832	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:13:33.0343 1832	sptd ( LockedFile.Multi.Generic ) - skipped by user
13:13:33.0343 1832	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
13:13:33.0359 1832	TwkMs ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:33.0359 1832	TwkMs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:13:33.0359 1832	TWKSER2K ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:33.0359 1832	TWKSER2K ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:13:33.0359 1832	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:13:33.0359 1832	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
13:15:29.0750 1280	Deinitialize success

**Petra** · 23.03.2012, 13:25

Hallo teaeckel,

bitte verschiebe alle unsignierten Dateien in Quarantäne inkl. des sptd und Dann starte

und diesen hier mit cure, wenn möglich:

13:13:33.0359 1832 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:13:33.0359 1832 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

**taeckel** · 23.03.2012, 14:05

Hi Petra,

habe ich gemacht. Außer daß
13:13:33.0359 1832 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:13:33.0359 1832 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
nicht mit "cure" zu markieren waren. Habe es auf "skip" gelassen.

Hier noch das logfile

Code:

14:52:17.0515 3072	TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
14:52:17.0812 3072	============================================================
14:52:17.0812 3072	Current date / time: 2012/03/23 14:52:17.0812
14:52:17.0812 3072	SystemInfo:
14:52:17.0812 3072	
14:52:17.0812 3072	OS Version: 5.1.2600 ServicePack: 3.0
14:52:17.0812 3072	Product type: Workstation
14:52:17.0812 3072	ComputerName: FLO
14:52:17.0875 3072	UserName: Florian
14:52:17.0875 3072	Windows directory: C:\WINDOWS
14:52:17.0875 3072	System windows directory: C:\WINDOWS
14:52:17.0875 3072	Processor architecture: Intel x86
14:52:17.0875 3072	Number of processors: 1
14:52:17.0875 3072	Page size: 0x1000
14:52:17.0875 3072	Boot type: Normal boot
14:52:17.0875 3072	============================================================
14:52:18.0343 3072	Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:52:18.0625 3072	Drive \Device\Harddisk1\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:52:18.0640 3072	\Device\Harddisk0\DR0:
14:52:18.0640 3072	MBR used
14:52:18.0640 3072	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
14:52:18.0656 3072	\Device\Harddisk1\DR2:
14:52:18.0656 3072	MBR used
14:52:18.0656 3072	\Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
14:52:19.0015 3072	Initialize success
14:52:19.0015 3072	============================================================
14:52:28.0843 3368	============================================================
14:52:28.0843 3368	Scan started
14:52:28.0843 3368	Mode: Manual; SigCheck; TDLFS; 
14:52:28.0843 3368	============================================================
14:52:30.0609 3368	Abiosdsk - ok
14:52:30.0656 3368	abp480n5 - ok
14:52:30.0781 3368	ac97intc        (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
14:52:42.0500 3368	ac97intc - ok
14:52:42.0703 3368	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:52:42.0937 3368	ACPI - ok
14:52:43.0062 3368	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:52:43.0265 3368	ACPIEC - ok
14:52:43.0515 3368	adpu160m - ok
14:52:44.0000 3368	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:52:44.0328 3368	aec - ok
14:52:44.0468 3368	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:52:44.0750 3368	AFD - ok
14:52:45.0250 3368	AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Programme\LSI SoftModem\agrsmsvc.exe
14:52:45.0718 3368	AgereModemAudio - ok
14:52:46.0437 3368	AgereSoftModem  (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:52:46.0937 3368	AgereSoftModem - ok
14:52:47.0031 3368	Aha154x - ok
14:52:47.0125 3368	aic78u2 - ok
14:52:47.0187 3368	aic78xx - ok
14:52:47.0515 3368	ALCXWDM         (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
14:52:48.0343 3368	ALCXWDM - ok
14:52:48.0484 3368	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
14:52:49.0203 3368	Alerter - ok
14:52:49.0390 3368	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
14:52:49.0500 3368	ALG - ok
14:52:49.0671 3368	AliIde - ok
14:52:49.0734 3368	amsint - ok
14:52:49.0843 3368	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
14:52:50.0015 3368	AppMgmt - ok
14:52:50.0093 3368	asc - ok
14:52:50.0171 3368	asc3350p - ok
14:52:50.0250 3368	asc3550 - ok
14:52:50.0421 3368	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:52:50.0718 3368	aspnet_state - ok
14:52:50.0859 3368	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:52:51.0093 3368	AsyncMac - ok
14:52:51.0203 3368	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:52:51.0500 3368	atapi - ok
14:52:51.0671 3368	Atdisk - ok
14:52:51.0781 3368	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:52:51.0953 3368	Atmarpc - ok
14:52:52.0031 3368	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
14:52:52.0234 3368	AudioSrv - ok
14:52:52.0390 3368	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:52:52.0593 3368	audstub - ok
14:52:52.0718 3368	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:52:52.0937 3368	Beep - ok
14:52:53.0046 3368	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
14:52:53.0390 3368	BITS - ok
14:52:53.0515 3368	BlueletAudio - ok
14:52:53.0656 3368	BlueletSCOAudio - ok
14:52:53.0781 3368	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
14:52:54.0000 3368	Browser - ok
14:52:54.0093 3368	BT - ok
14:52:54.0250 3368	btaudio         (faba1418646a2b433c0bded6ff92d2fa) C:\WINDOWS\system32\drivers\btaudio.sys
14:52:56.0125 3368	btaudio - ok
14:52:56.0250 3368	Btcsrusb - ok
14:52:56.0375 3368	BTDriver        (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
14:52:56.0390 3368	BTDriver - ok
14:52:56.0500 3368	BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
14:52:56.0734 3368	BthEnum - ok
14:52:56.0828 3368	BTHidEnum - ok
14:52:56.0921 3368	BTHidMgr - ok
14:52:57.0062 3368	BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
14:52:57.0296 3368	BthPan - ok
14:52:57.0468 3368	BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
14:52:57.0562 3368	BTHPORT - ok
14:52:57.0734 3368	BthServ         (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll
14:52:57.0937 3368	BthServ - ok
14:52:58.0078 3368	BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
14:52:58.0296 3368	BTHUSB - ok
14:52:58.0468 3368	BTKRNL          (aef038061bc1cafb4865d43a85beb1a1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
14:52:58.0750 3368	BTKRNL - ok
14:52:58.0890 3368	btwdins         (f20629ff9ed48efa98fdc5d99919e8c0) C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
14:52:58.0937 3368	btwdins - ok
14:52:59.0078 3368	BTWDNDIS        (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
14:52:59.0125 3368	BTWDNDIS - ok
14:52:59.0218 3368	btwhid          (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
14:52:59.0234 3368	btwhid - ok
14:52:59.0375 3368	BTWUSB          (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys
14:52:59.0390 3368	BTWUSB - ok
14:52:59.0484 3368	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:52:59.0687 3368	cbidf2k - ok
14:52:59.0843 3368	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:53:00.0062 3368	CCDECODE - ok
14:53:00.0140 3368	cd20xrnt - ok
14:53:00.0218 3368	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:53:00.0421 3368	Cdaudio - ok
14:53:00.0515 3368	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:53:00.0734 3368	Cdfs - ok
14:53:01.0203 3368	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:53:01.0437 3368	Cdrom - ok
14:53:01.0531 3368	Changer - ok
14:53:01.0687 3368	CHIPDRIVE USB SmartCardReader (937c7cea2703d07312d540831814288c) C:\WINDOWS\system32\DRIVERS\TwkUsb2K.sys
14:53:01.0703 3368	CHIPDRIVE USB SmartCardReader ( UnsignedFile.Multi.Generic ) - warning
14:53:01.0703 3368	CHIPDRIVE USB SmartCardReader - detected UnsignedFile.Multi.Generic (1)
14:53:01.0796 3368	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
14:53:01.0984 3368	CiSvc - ok
14:53:02.0093 3368	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
14:53:02.0281 3368	ClipSrv - ok
14:53:02.0468 3368	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:53:02.0531 3368	clr_optimization_v2.0.50727_32 - ok
14:53:02.0656 3368	CmdIde - ok
14:53:02.0734 3368	COMSysApp - ok
14:53:02.0875 3368	Cpqarray - ok
14:53:03.0000 3368	cpuz132 - ok
14:53:03.0156 3368	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
14:53:03.0343 3368	CryptSvc - ok
14:53:03.0468 3368	dac2w2k - ok
14:53:03.0531 3368	dac960nt - ok
14:53:03.0718 3368	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
14:53:03.0812 3368	DcomLaunch - ok
14:53:03.0953 3368	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
14:53:04.0171 3368	Dhcp - ok
14:53:04.0312 3368	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:53:04.0531 3368	Disk - ok
14:53:04.0656 3368	dmadmin - ok
14:53:04.0765 3368	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
14:53:05.0046 3368	dmboot - ok
14:53:05.0187 3368	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
14:53:05.0375 3368	dmio - ok
14:53:05.0890 3368	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:53:06.0171 3368	dmload - ok
14:53:06.0359 3368	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
14:53:06.0515 3368	dmserver - ok
14:53:06.0953 3368	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:53:07.0156 3368	DMusic - ok
14:53:07.0281 3368	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
14:53:07.0390 3368	Dnscache - ok
14:53:07.0828 3368	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
14:53:08.0031 3368	Dot3svc - ok
14:53:08.0125 3368	dpti2o - ok
14:53:08.0250 3368	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:53:08.0437 3368	drmkaud - ok
14:53:08.0546 3368	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
14:53:08.0734 3368	EapHost - ok
14:53:08.0828 3368	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
14:53:09.0046 3368	ERSvc - ok
14:53:09.0171 3368	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
14:53:09.0187 3368	Eventlog - ok
14:53:09.0359 3368	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
14:53:09.0421 3368	EventSystem - ok
14:53:09.0750 3368	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:53:09.0953 3368	Fastfat - ok
14:53:10.0093 3368	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
14:53:10.0187 3368	FastUserSwitchingCompatibility - ok
14:53:10.0296 3368	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:53:10.0609 3368	Fdc - ok
14:53:10.0890 3368	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
14:53:11.0093 3368	Fips - ok
14:53:11.0203 3368	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:53:11.0437 3368	Flpydisk - ok
14:53:11.0562 3368	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:53:11.0796 3368	FltMgr - ok
14:53:12.0031 3368	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:53:12.0046 3368	FontCache3.0.0.0 - ok
14:53:12.0187 3368	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:53:12.0390 3368	Fs_Rec - ok
14:53:12.0484 3368	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:53:12.0687 3368	Ftdisk - ok
14:53:12.0812 3368	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:53:13.0031 3368	Gpc - ok
14:53:13.0062 3368	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:53:13.0234 3368	helpsvc - ok
14:53:13.0343 3368	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
14:53:13.0531 3368	HidServ - ok
14:53:13.0765 3368	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:53:13.0953 3368	hidusb - ok
14:53:14.0078 3368	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
14:53:14.0265 3368	hkmsvc - ok
14:53:14.0359 3368	hpn - ok
14:53:14.0656 3368	hpqcxs08        (ce0fcec4d4d860f36d972759b11eaf0f) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
14:53:14.0703 3368	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:53:14.0703 3368	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:53:14.0796 3368	hpqddsvc        (7da3211ac63edd90b8eca1ca1abfd43b) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
14:53:14.0828 3368	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
14:53:14.0828 3368	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
14:53:15.0015 3368	HPSLPSVC        (14229263aa19c704e0d6d2e7404a8455) C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL
14:53:15.0156 3368	HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
14:53:15.0156 3368	HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
14:53:15.0296 3368	HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:53:15.0437 3368	HPZid412 - ok
14:53:15.0640 3368	HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:53:15.0687 3368	HPZipr12 - ok
14:53:16.0000 3368	HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:53:16.0109 3368	HPZius12 - ok
14:53:16.0281 3368	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:53:16.0359 3368	HTTP - ok
14:53:16.0640 3368	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
14:53:16.0921 3368	HTTPFilter - ok
14:53:17.0046 3368	i2omgmt - ok
14:53:17.0109 3368	i2omp - ok
14:53:17.0218 3368	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:53:17.0437 3368	i8042prt - ok
14:53:17.0656 3368	ialm            (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:53:17.0781 3368	ialm - ok
14:53:17.0937 3368	IdeBusDr        (791f0829de88dd0ca77192f0dfad03b6) C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
14:53:17.0984 3368	IdeBusDr - ok
14:53:18.0109 3368	IdeChnDr        (7d2b8be9e89628663c1fb571f7c34062) C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
14:53:18.0156 3368	IdeChnDr - ok
14:53:18.0359 3368	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:53:18.0562 3368	idsvc - ok
14:53:18.0734 3368	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:53:18.0906 3368	Imapi - ok
14:53:19.0046 3368	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
14:53:19.0250 3368	ImapiService - ok
14:53:19.0359 3368	ini910u - ok
14:53:19.0453 3368	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:53:19.0640 3368	IntelIde - ok
14:53:19.0781 3368	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:53:19.0968 3368	intelppm - ok
14:53:20.0093 3368	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:53:20.0281 3368	Ip6Fw - ok
14:53:20.0406 3368	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:53:20.0625 3368	IpFilterDriver - ok
14:53:20.0718 3368	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:53:20.0890 3368	IpInIp - ok
14:53:21.0000 3368	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:53:21.0203 3368	IpNat - ok
14:53:21.0281 3368	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:53:21.0515 3368	IPSec - ok
14:53:21.0750 3368	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:53:21.0828 3368	IRENUM - ok
14:53:21.0984 3368	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:53:22.0171 3368	isapnp - ok
14:53:22.0203 3368	JavaQuickStarterService - ok
14:53:22.0343 3368	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:53:22.0546 3368	Kbdclass - ok
14:53:22.0781 3368	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:53:22.0984 3368	kbdhid - ok
14:53:23.0078 3368	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:53:23.0312 3368	kmixer - ok
14:53:23.0484 3368	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:53:23.0953 3368	KSecDD - ok
14:53:24.0437 3368	LanmanServer    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
14:53:24.0609 3368	LanmanServer - ok
14:53:25.0015 3368	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
14:53:25.0078 3368	lanmanworkstation - ok
14:53:25.0171 3368	lbrtfdc - ok
14:53:25.0281 3368	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
14:53:25.0453 3368	LmHosts - ok
14:53:25.0640 3368	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
14:53:25.0687 3368	MBAMProtector - ok
14:53:25.0718 3368	MBAMService - ok
14:53:25.0828 3368	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
14:53:26.0031 3368	Messenger - ok
14:53:26.0187 3368	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:53:26.0390 3368	mnmdd - ok
14:53:26.0515 3368	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
14:53:26.0687 3368	mnmsrvc - ok
14:53:26.0828 3368	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
14:53:27.0000 3368	Modem - ok
14:53:27.0109 3368	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:53:27.0281 3368	Mouclass - ok
14:53:27.0390 3368	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:53:27.0562 3368	mouhid - ok
14:53:27.0703 3368	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:53:27.0875 3368	MountMgr - ok
14:53:27.0953 3368	mraid35x - ok
14:53:28.0046 3368	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:53:28.0250 3368	MRxDAV - ok
14:53:28.0390 3368	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:53:28.0484 3368	MRxSmb - ok
14:53:28.0671 3368	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
14:53:28.0859 3368	MSDTC - ok
14:53:28.0968 3368	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:53:29.0171 3368	Msfs - ok
14:53:29.0265 3368	MSIServer - ok
14:53:29.0421 3368	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:53:29.0656 3368	MSKSSRV - ok
14:53:29.0890 3368	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:53:30.0062 3368	MSPCLOCK - ok
14:53:30.0187 3368	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:53:30.0406 3368	MSPQM - ok
14:53:30.0640 3368	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:53:30.0796 3368	mssmbios - ok
14:53:30.0953 3368	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:53:31.0125 3368	MSTEE - ok
14:53:31.0265 3368	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:53:31.0328 3368	Mup - ok
14:53:31.0484 3368	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:53:31.0671 3368	NABTSFEC - ok
14:53:31.0812 3368	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
14:53:32.0000 3368	napagent - ok
14:53:32.0109 3368	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:53:32.0296 3368	NDIS - ok
14:53:32.0468 3368	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:53:32.0687 3368	NdisIP - ok
14:53:32.0843 3368	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:53:32.0921 3368	NdisTapi - ok
14:53:33.0046 3368	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:53:33.0234 3368	Ndisuio - ok
14:53:33.0343 3368	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:53:33.0531 3368	NdisWan - ok
14:53:33.0703 3368	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:53:33.0812 3368	NDProxy - ok
14:53:33.0984 3368	Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
14:53:33.0984 3368	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:53:33.0984 3368	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:53:34.0093 3368	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:53:34.0296 3368	NetBIOS - ok
14:53:34.0406 3368	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:53:34.0593 3368	NetBT - ok
14:53:34.0718 3368	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
14:53:34.0906 3368	NetDDE - ok
14:53:34.0937 3368	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
14:53:35.0093 3368	NetDDEdsdm - ok
14:53:35.0218 3368	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:53:35.0406 3368	Netlogon - ok
14:53:35.0546 3368	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
14:53:35.0734 3368	Netman - ok
14:53:35.0921 3368	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:53:35.0968 3368	NetTcpPortSharing - ok
14:53:36.0125 3368	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
14:53:36.0171 3368	Nla - ok
14:53:36.0296 3368	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:53:36.0484 3368	Npfs - ok
14:53:36.0796 3368	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:53:37.0031 3368	Ntfs - ok
14:53:37.0140 3368	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:53:37.0343 3368	NtLmSsp - ok
14:53:37.0500 3368	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
14:53:37.0750 3368	NtmsSvc - ok
14:53:37.0906 3368	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:53:38.0093 3368	Null - ok
14:53:38.0234 3368	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:53:38.0406 3368	NwlnkFlt - ok
14:53:38.0515 3368	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:53:38.0703 3368	NwlnkFwd - ok
14:53:38.0828 3368	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
14:53:38.0843 3368	ose - ok
14:53:39.0000 3368	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
14:53:39.0187 3368	Parport - ok
14:53:39.0265 3368	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:53:39.0468 3368	PartMgr - ok
14:53:40.0015 3368	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
14:53:40.0265 3368	ParVdm - ok
14:53:40.0781 3368	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
14:53:41.0046 3368	PCI - ok
14:53:41.0453 3368	PCIDump - ok
14:53:42.0156 3368	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\drivers\PCIIde.sys
14:53:42.0406 3368	PCIIde - ok
14:53:43.0296 3368	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:53:43.0640 3368	Pcmcia - ok
14:53:44.0359 3368	PDCOMP - ok
14:53:44.0843 3368	PDFRAME - ok
14:53:45.0265 3368	PDRELI - ok
14:53:45.0671 3368	PDRFRAME - ok
14:53:46.0031 3368	perc2 - ok
14:53:46.0375 3368	perc2hib - ok
14:53:46.0890 3368	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
14:53:46.0906 3368	PlugPlay - ok
14:53:47.0531 3368	Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
14:53:47.0562 3368	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:53:47.0562 3368	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:53:47.0968 3368	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:53:48.0140 3368	PolicyAgent - ok
14:53:48.0812 3368	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:53:49.0031 3368	PptpMiniport - ok
14:53:49.0421 3368	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:53:49.0593 3368	ProtectedStorage - ok
14:53:50.0062 3368	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:53:50.0265 3368	PSched - ok
14:53:50.0796 3368	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:53:51.0015 3368	Ptilink - ok
14:53:51.0359 3368	ql1080 - ok
14:53:51.0750 3368	Ql10wnt - ok
14:53:51.0859 3368	ql12160 - ok
14:53:51.0953 3368	ql1240 - ok
14:53:52.0031 3368	ql1280 - ok
14:53:52.0109 3368	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:53:52.0281 3368	RasAcd - ok
14:53:52.0390 3368	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
14:53:52.0562 3368	RasAuto - ok
14:53:53.0281 3368	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:53:53.0453 3368	Rasl2tp - ok
14:53:53.0921 3368	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
14:53:54.0156 3368	RasMan - ok
14:53:54.0250 3368	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:53:54.0437 3368	RasPppoe - ok
14:53:54.0859 3368	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:53:55.0140 3368	Raspti - ok
14:53:55.0296 3368	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:53:55.0484 3368	Rdbss - ok
14:53:55.0796 3368	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:53:56.0000 3368	RDPCDD - ok
14:53:56.0281 3368	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:53:56.0546 3368	rdpdr - ok
14:53:57.0250 3368	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
14:53:57.0328 3368	RDPWD - ok
14:53:57.0593 3368	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
14:53:57.0921 3368	RDSessMgr - ok
14:53:58.0250 3368	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:53:58.0437 3368	redbook - ok
14:53:58.0687 3368	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
14:53:58.0968 3368	RemoteAccess - ok
14:53:59.0140 3368	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
14:53:59.0328 3368	RemoteRegistry - ok
14:53:59.0500 3368	RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
14:53:59.0890 3368	RFCOMM - ok
14:54:00.0046 3368	ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
14:54:00.0234 3368	ROOTMODEM - ok
14:54:00.0375 3368	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
14:54:00.0578 3368	RpcLocator - ok
14:54:01.0234 3368	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
14:54:01.0265 3368	RpcSs - ok
14:54:01.0390 3368	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
14:54:01.0593 3368	RSVP - ok
14:54:02.0046 3368	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
14:54:02.0218 3368	rtl8139 - ok
14:54:02.0359 3368	RTL8192su       (19e1cc285f736616b7379a7462fc438a) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
14:54:02.0468 3368	RTL8192su - ok
14:54:02.0968 3368	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:54:03.0140 3368	SamSs - ok
14:54:03.0296 3368	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
14:54:03.0468 3368	SCardSvr - ok
14:54:03.0750 3368	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
14:54:03.0953 3368	Schedule - ok
14:54:04.0062 3368	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:54:04.0140 3368	Secdrv - ok
14:54:04.0234 3368	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
14:54:04.0406 3368	seclogon - ok
14:54:04.0593 3368	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
14:54:04.0796 3368	SENS - ok
14:54:04.0937 3368	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:54:05.0109 3368	serenum - ok
14:54:05.0203 3368	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
14:54:05.0406 3368	Serial - ok
14:54:05.0515 3368	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:54:05.0718 3368	Sfloppy - ok
14:54:05.0843 3368	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
14:54:06.0031 3368	SharedAccess - ok
14:54:06.0218 3368	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
14:54:06.0250 3368	ShellHWDetection - ok
14:54:06.0375 3368	Simbad - ok
14:54:06.0453 3368	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:54:06.0640 3368	SLIP - ok
14:54:06.0812 3368	Sparrow - ok
14:54:07.0218 3368	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:54:07.0390 3368	splitter - ok
14:54:07.0828 3368	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:54:07.0937 3368	Spooler - ok
14:54:08.0609 3368	sptd            (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
14:54:08.0609 3368	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
14:54:08.0609 3368	sptd ( LockedFile.Multi.Generic ) - warning
14:54:08.0609 3368	sptd - detected LockedFile.Multi.Generic (1)
14:54:09.0031 3368	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
14:54:09.0265 3368	sr - ok
14:54:09.0812 3368	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
14:54:10.0015 3368	srservice - ok
14:54:10.0546 3368	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:54:11.0187 3368	Srv - ok
14:54:11.0453 3368	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
14:54:11.0531 3368	SSDPSRV - ok
14:54:11.0687 3368	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
14:54:11.0890 3368	stisvc - ok
14:54:12.0031 3368	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:54:12.0234 3368	streamip - ok
14:54:12.0328 3368	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:54:12.0515 3368	swenum - ok
14:54:12.0687 3368	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:54:12.0890 3368	swmidi - ok
14:54:12.0968 3368	SwPrv - ok
14:54:13.0031 3368	symc810 - ok
14:54:13.0093 3368	symc8xx - ok
14:54:13.0171 3368	sym_hi - ok
14:54:13.0250 3368	sym_u3 - ok
14:54:13.0343 3368	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:54:13.0500 3368	sysaudio - ok
14:54:13.0625 3368	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
14:54:13.0812 3368	SysmonLog - ok
14:54:13.0968 3368	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
14:54:14.0187 3368	TapiSrv - ok
14:54:14.0359 3368	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:54:14.0468 3368	Tcpip - ok
14:54:14.0640 3368	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:54:14.0796 3368	TDPIPE - ok
14:54:14.0937 3368	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:54:15.0109 3368	TDTCP - ok
14:54:15.0203 3368	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:54:15.0421 3368	TermDD - ok
14:54:15.0531 3368	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
14:54:15.0718 3368	TermService - ok
14:54:15.0859 3368	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
14:54:15.0875 3368	Themes - ok
14:54:16.0015 3368	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
14:54:16.0109 3368	TlntSvr - ok
14:54:16.0234 3368	TosIde - ok
14:54:16.0625 3368	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
14:54:16.0828 3368	TrkWks - ok
14:54:16.0984 3368	TwkMs           (8c7d0928b76dc2b8235995a01ce33037) C:\WINDOWS\system32\drivers\TwkMs.sys
14:54:17.0015 3368	TwkMs ( UnsignedFile.Multi.Generic ) - warning
14:54:17.0015 3368	TwkMs - detected UnsignedFile.Multi.Generic (1)
14:54:17.0156 3368	TWKSER2K        (be910aceab65fa3ae67ae98b19fcac4b) C:\WINDOWS\system32\DRIVERS\TWKSER2K.sys
14:54:17.0187 3368	TWKSER2K ( UnsignedFile.Multi.Generic ) - warning
14:54:17.0187 3368	TWKSER2K - detected UnsignedFile.Multi.Generic (1)
14:54:17.0312 3368	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:54:17.0484 3368	Udfs - ok
14:54:17.0656 3368	ultra - ok
14:54:17.0781 3368	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:54:18.0046 3368	Update - ok
14:54:18.0203 3368	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
14:54:18.0343 3368	upnphost - ok
14:54:18.0468 3368	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
14:54:18.0656 3368	UPS - ok
14:54:18.0796 3368	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:54:19.0000 3368	usbccgp - ok
14:54:19.0125 3368	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:54:19.0296 3368	usbehci - ok
14:54:19.0421 3368	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:54:19.0625 3368	usbhub - ok
14:54:19.0968 3368	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:54:20.0156 3368	usbprint - ok
14:54:20.0296 3368	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:54:20.0484 3368	usbscan - ok
14:54:20.0812 3368	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:54:20.0984 3368	USBSTOR - ok
14:54:21.0062 3368	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:54:21.0234 3368	usbuhci - ok
14:54:21.0343 3368	usb_rndisx      (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
14:54:21.0500 3368	usb_rndisx - ok
14:54:21.0578 3368	VComm - ok
14:54:21.0656 3368	VcommMgr - ok
14:54:21.0750 3368	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:54:21.0937 3368	VgaSave - ok
14:54:22.0015 3368	ViaIde - ok
14:54:22.0093 3368	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
14:54:22.0265 3368	VolSnap - ok
14:54:22.0375 3368	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
14:54:22.0468 3368	VSS - ok
14:54:22.0593 3368	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
14:54:22.0781 3368	W32Time - ok
14:54:22.0906 3368	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:54:23.0078 3368	Wanarp - ok
14:54:23.0234 3368	wceusbsh        (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
14:54:23.0281 3368	wceusbsh - ok
14:54:23.0359 3368	WDICA - ok
14:54:23.0453 3368	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:54:23.0640 3368	wdmaud - ok
14:54:23.0718 3368	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
14:54:23.0890 3368	WebClient - ok
14:54:24.0062 3368	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:54:24.0250 3368	winmgmt - ok
14:54:24.0453 3368	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:54:24.0515 3368	WmdmPmSN - ok
14:54:24.0671 3368	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
14:54:24.0765 3368	Wmi - ok
14:54:24.0906 3368	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:54:25.0109 3368	WmiApSrv - ok
14:54:25.0312 3368	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
14:54:25.0406 3368	WMPNetworkSvc - ok
14:54:25.0734 3368	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:54:25.0781 3368	WpdUsb - ok
14:54:25.0906 3368	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
14:54:26.0140 3368	wscsvc - ok
14:54:26.0453 3368	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:54:26.0625 3368	WSTCODEC - ok
14:54:26.0765 3368	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
14:54:26.0937 3368	wuauserv - ok
14:54:27.0125 3368	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:54:27.0187 3368	WudfPf - ok
14:54:27.0328 3368	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:54:27.0375 3368	WudfRd - ok
14:54:27.0484 3368	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:54:27.0531 3368	WudfSvc - ok
14:54:27.0656 3368	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
14:54:27.0875 3368	WZCSVC - ok
14:54:28.0078 3368	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
14:54:28.0281 3368	xmlprov - ok
14:54:28.0375 3368	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
14:54:28.0546 3368	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:54:28.0546 3368	\Device\Harddisk0\DR0 - detected TDSS File System (1)
14:54:28.0593 3368	MBR (0x1B8)     (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR2
14:54:29.0328 3368	\Device\Harddisk1\DR2 - ok
14:54:29.0343 3368	Boot (0x1200)   (ae5b167d3454d614c6692f26ae0a9b92) \Device\Harddisk0\DR0\Partition0
14:54:29.0343 3368	\Device\Harddisk0\DR0\Partition0 - ok
14:54:29.0359 3368	Boot (0x1200)   (89b7fda2e2c04c534e218e39fc303ba5) \Device\Harddisk1\DR2\Partition0
14:54:29.0359 3368	\Device\Harddisk1\DR2\Partition0 - ok
14:54:29.0375 3368	============================================================
14:54:29.0375 3368	Scan finished
14:54:29.0375 3368	============================================================
14:54:29.0546 0924	Detected object count: 10
14:54:29.0546 0924	Actual detected object count: 10
14:55:33.0171 0924	C:\WINDOWS\system32\DRIVERS\TwkUsb2K.sys - copied to quarantine
14:55:33.0171 0924	CHIPDRIVE USB SmartCardReader ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
14:55:33.0328 0924	C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll - copied to quarantine
14:55:33.0328 0924	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
14:55:33.0500 0924	C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll - copied to quarantine
14:55:33.0500 0924	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
14:55:33.0656 0924	C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL - copied to quarantine
14:55:33.0656 0924	HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
14:55:33.0828 0924	C:\WINDOWS\system32\HPZinw12.dll - copied to quarantine
14:55:33.0828 0924	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
14:55:34.0062 0924	C:\WINDOWS\system32\HPZipm12.dll - copied to quarantine
14:55:34.0062 0924	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
14:55:34.0281 0924	C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
14:55:34.0281 0924	sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine 
14:55:34.0359 0924	C:\WINDOWS\system32\drivers\TwkMs.sys - copied to quarantine
14:55:34.0359 0924	TwkMs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
14:55:34.0500 0924	C:\WINDOWS\system32\DRIVERS\TWKSER2K.sys - copied to quarantine
14:55:34.0500 0924	TWKSER2K ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
14:55:34.0515 0924	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:55:34.0515 0924	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Und nun?

**Petra** · 23.03.2012, 15:21

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

Windows XP (nur 32-bit)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte fragen.

ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
{b]Mache nichts anderes[/b], wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
Teile uns das mit und warte auf unsere Anweisungen.

Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
Vista- und Windows 7-User starten die Combofix.exe mit Rechtsklick => Als Administrator ausführen
Während des Laufs von Combofix nichts anderes am Computer machen!
Akzeptiere die Bedingungen (Disclaimer) mit "Ja".

Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP

ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

** Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
Bitte nicht in dieses Combofix-Fenster klicken.
Das könnte Dein System einfrieren oder hängen bleiben lassen.
Es wird ein Backup Deiner Registry erstellt.
Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

**taeckel** · 23.03.2012, 16:26

Hi Petra,

habe mir ComboFix heruntergeladen und gestartet. Lief zunächst einwandfrei.
Dann kam diese Fehlermeldung
combofix fehler.JPG
Habe dann noch sehr lange gewartet, aber es rührte sich nichts mehr.

Was jetzt?

**Petra** · 23.03.2012, 16:42

Hallo taeckel, OK klicken und das Tool in Ruhe weiterlaufen lassen.
Keine Panik, das braucht seine Zeit und es macht auch etwas, wenn Du denkst, es macht nichts.