Seite 5 von 6 ErsteErste ... 3456 LetzteLetzte
Ergebnis 41 bis 50 von 53
  1. #41
    Stammgast
    Registriert seit
    18.03.2012
    Beiträge
    28
    Hi Petra

    Zu Punkt 1:
    Leider habe ich keinen Eintrag "asl.log" gefunden. Kann der auch noch woanders sein?


    Zu Punkt 2:
    Hier das logfile
    Code:
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST340015 rev.3.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0 
    
    device: opened successfully
    user: MBR read successfully
    
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x812F71F8]<< 
    1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x812C1AB8]
    3 CLASSPNP[0xF9568FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005b[0x812C6688]
    5 ACPI[0xF93D3620] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0[0x812C4030]
    \Driver\IdeChnDr[0x812C6A10] -> IRP_MJ_CREATE -> 0x812F71F8
    kernel: MBR read successfully
    user & kernel MBR OK

    Zu Punkt 3:
    Hier das logfile
    Code:
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-22 17:53:03
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0 ST340015 rev.3.01
    Running: 5idcs5z6.exe; Driver: C:\DOKUME~1\Florian\LOKALE~1\Temp\pxtdypow.sys
    
    
    ---- System - GMER 1.0.15 ----
    
    SSDT      spaq.sys                                                                                                            ZwCreateKey [0xF94150E0]
    SSDT      spaq.sys                                                                                                            ZwEnumerateKey [0xF942DDA4]
    SSDT      spaq.sys                                                                                                            ZwEnumerateValueKey [0xF942E132]
    SSDT      spaq.sys                                                                                                            ZwOpenKey [0xF94150C0]
    SSDT      spaq.sys                                                                                                            ZwQueryKey [0xF942E20A]
    SSDT      spaq.sys                                                                                                            ZwQueryValueKey [0xF942E08A]
    SSDT      spaq.sys                                                                                                            ZwSetValueKey [0xF942E29C]
    
    INT 0x62  ?                                                                                                                   812F7BF8
    INT 0x63  ?                                                                                                                   FEBBFDD4
    INT 0x73  ?                                                                                                                   FEA24724
    INT 0x82  ?                                                                                                                   812F7BF8
    INT 0x92  ?                                                                                                                   FEBC3C1C
    INT 0xA4  ?                                                                                                                   FEAF8774
    INT 0xB4  ?                                                                                                                   FE9924BC
    
    ---- Kernel code sections - GMER 1.0.15 ----
    
    ?         spaq.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
    .text     USBPORT.SYS!DllUnload                                                                                               F0FB78AC 5 Bytes  JMP FE8A44E0 
    ?         C:\DOKUME~1\Florian\LOKALE~1\Temp\mbr.sys                                                                           Das System kann die angegebene Datei nicht finden. !
    
    ---- Devices - GMER 1.0.15 ----
    
    Device    \FileSystem\Ntfs \Ntfs                                                                                              812F61F8
    Device    \Driver\NetBT \Device\NetBT_Tcpip_{B095172B-3173-4232-A696-28D1A90127F0}                                            FEA37500
    Device    \Driver\usbuhci \Device\USBPDO-0                                                                                    811771F8
    Device    \Driver\usbuhci \Device\USBPDO-1                                                                                    811771F8
    Device    \Driver\dmio \Device\DmControl\DmIoDaemon                                                                           812F81F8
    Device    \Driver\dmio \Device\DmControl\DmConfig                                                                             812F81F8
    Device    \Driver\dmio \Device\DmControl\DmPnP                                                                                812F81F8
    Device    \Driver\dmio \Device\DmControl\DmInfo                                                                               812F81F8
    Device    \Driver\usbuhci \Device\USBPDO-2                                                                                    811771F8
    Device    \Driver\usbehci \Device\USBPDO-3                                                                                    FE8BF500
    Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8134E1F8
    Device    \Driver\NetBT \Device\NetBT_Tcpip_{034C37C5-A86A-418F-BDD6-8E19EF30D7BC}                                            FEA37500
    Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8134E1F8
    Device    \Driver\Cdrom \Device\CdRom0                                                                                        FE8CD500
    Device    \Driver\USBSTOR \Device\00000065                                                                                    FE907500
    Device    \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0                                                                        812F71F8
    Device    \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0                                                                        812F71F8
    Device    \Driver\IdeChnDr \Device\Ide\IdeChnDr0                                                                              812F71F8
    Device    \Driver\IdeChnDr \Device\Ide\IdeChnDr1                                                                              812F71F8
    Device    \Driver\USBSTOR \Device\00000067                                                                                    FE907500
    Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                             FEA37500
    Device    \Driver\NetBT \Device\NetbiosSmb                                                                                    FEA37500
    Device    \Driver\USBSTOR \Device\00000086                                                                                    FE907500
    Device    \Driver\USBSTOR \Device\00000089                                                                                    FE907500
    Device    \Driver\usbuhci \Device\USBFDO-0                                                                                    811771F8
    Device    \Driver\usbuhci \Device\USBFDO-1                                                                                    811771F8
    Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   FE8AA1F8
    Device    \Driver\usbuhci \Device\USBFDO-2                                                                                    811771F8
    Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         FE8AA1F8
    Device    \Driver\usbehci \Device\USBFDO-3                                                                                    FE8BF500
    Device    \Driver\Ftdisk \Device\FtControl                                                                                    8134E1F8
    Device    \FileSystem\Cdfs \Cdfs                                                                                              FE8F9500
    
    ---- Registry - GMER 1.0.15 ----
    
    Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583f14b2d                                         
    Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583f14b2d@00025a008adb                            0x43 0x3A 0x94 0x09 ...
    Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
    Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
    Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
    Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
    Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
    Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
    Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x8B 0x73 0x9A 0xD9 ...
    Reg       HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583f14b2d (not active ControlSet)                     
    Reg       HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583f14b2d@00025a008adb                                0x43 0x3A 0x94 0x09 ...
    Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
    Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\
    Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
    Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
    Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xC1 0xFC 0xCC 0xA0 ...
    Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
    Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
    Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x6F 0xD7 0xFF 0x13 ...
    Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
    Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x0B 0x01 0xAC 0xA6 ...
    
    ---- Disk sectors - GMER 1.0.15 ----
    
    Disk      \Device\Harddisk0\DR0                                                                                               malicious Win32:MBRoot code @ sector 78140163
    Disk      \Device\Harddisk0\DR0                                                                                               PE file @ sector 78140185
    
    ---- Files - GMER 1.0.15 ----
    
    File      C:\Winmend~Folder~Hidden\...\cn                                                                                     0 bytes
    File      C:\Winmend~Folder~Hidden\...\cn\842925246-2025429265-HidePassword.ini                                               51 bytes
    
    ---- EOF - GMER 1.0.15 ----
    Brgds

    taeckel

  2. #42
    Anti-Botnet-Team Avatar von Petra
    Registriert seit
    07.09.2011
    Ort
    Nähe Düsseldorf
    Beiträge
    17.129
    Hallo taeckel,


    ===== Punkt 1 =====

    zu Punkt 1: hm, müsste da eigentlich zu finden sein, ansonsten lasse uns in der Registry schauen:

    Scan mit SystemLook

    Hiermit prüfe ich, ob für diese Infektion übliche Einträge noch vorhanden sind. Das Tool ändert nichts, wirft mir nur die nötigen Infos aus.

    Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop (falls noch nicht vorhanden).

    Download Mirror #1 - Download Mirror #2
    User mit 64Bit-Windows-Versionen benutzen diese Version => http://jpshortstuff.247fixes.com/SystemLook_x64.exe
    • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
      Vista- und Windows 7-User unbedingt mit Rechtsklick und als Administrator starten.
    • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

      Code:
      :regfind
      asl.log
    • Klicke nun auf den Button Look, um den Scan zu starten.
    • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
    • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.



    ===== Punkt 2 =====

    Fixen mit OTL

    Hiermit fixen wir unnötige oder schädliche Einträge.

    Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
    • Starte die OTL.exe.
      Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
    • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

    Code:
    :Processes
    killallprocesses
    
    :OTL
    
    :Services
    spaq
    sptd
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd]
    
    :Files
    C:\Programme\DAEMON Tools Lite
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    • Schließe alle Programme.
    • Klicke auf den Fix Button.
    • Wenn OTL einen Neustart verlangt, bitte zulassen.
    • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
      Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>


    Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
    Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!


    ===== Punkt 3 =====

    TDSSKiller von Kaspersky

    Wichtig:
    • Deinstalliere über Systemsteuerung => Software/Programme vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche, da sie bei der Rootkit-Suche das Ergebnis verfälschen können.

    • Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.

    • Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).

    • Starte die TDSSKiller.exe durch Doppelklick.
    • Vista- und Windows7-User mit Rechtsklick und als Administrator starten.



    • Klicke auf Start Scan, um den Suchlauf zu starten.

    • In den Settings die Additional options nicht anhaken und mit Ok bestätigen.




    • Klicke erneut auf Start Scan, um den Suchlauf zu starten.

    • Sollte TDSSKiller Funde machen, wird das Tool fragen, was damit zu tun ist.
      In diesem Fall wähle cure, was soviel wie desinfizieren bedeutet.

    • Bei Funden nach Beendigung des Scans das System neu starten.
      Beim Hochfahren des Systems werden die Funde dann bereinigt und/oder gelöscht.

    • Den Bericht erhälst Du durch Klick auf Report rechts oben. Bitte hier in den Thread posten.
      Da nur der letzte Report unter C:\TDSSKiller<random>.txt gespeichert wird, ggfs. ältere Berichte unter einem anderen Namen speichern.

    Hier findest Du eine ausführlichere Anleitung.

  3. #43
    Stammgast
    Registriert seit
    18.03.2012
    Beiträge
    28
    Zu Punkt 1:
    Irgendwie stürzt SystemLook dauernd ab mit dieser Fehlermeldung:
    fehler.JPG
    Ich kann das Tool zwar starten und den Code von Dir eingeben, aber dann kommt halt die o. a. Fehlermeldung. Habe versucht, das Tool (, das ich ja schon heruntergeladen hatte,) vom Desktop zu starten, es vom Administrator Desktop zu starten und ich habe es auch neu heruntergeladen - immer dieselbe Fehlermeldung.


    Zu Punkt 2:
    Habe ich gemacht, hier das logfile
    Code:
    All processes killed
    ========== PROCESSES ==========
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    Error: No service named spaq was found to stop!
    Service\Driver key spaq not found.
    Error: Unable to stop service sptd!
    Unable to delete service\driver key sptd.
    ========== REGISTRY ==========
    Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\ scheduled to be deleted on reboot.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\ deleted successfully.
    ========== FILES ==========
    File\Folder C:\Programme\DAEMON Tools Lite not found.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
     
    [EMPTYTEMP]
     
    User: Administrator
    ->Temp folder emptied: 180224 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->FireFox cache emptied: 25497902 bytes
     
    User: All Users
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: Florian
    ->Temp folder emptied: 31919858 bytes
    ->Temporary Internet Files folder emptied: 641394 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 45712712 bytes
    ->Flash cache emptied: 456 bytes
     
    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
     
    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 105897 bytes
    RecycleBin emptied: 0 bytes
     
    Total Files Cleaned = 99,00 mb
     
     
    OTL by OldTimer - Version 3.2.39.1 log created on 03232012_094613
    
    Files\Folders moved on Reboot...
    
    Registry entries deleted on Reboot...
    Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\ scheduled to be deleted on reboot.
    Sieht für mich so aus, als hätte da irgendwas nicht ganz funktioniert, oder?


    Zu Punkt 3:
    Erledigo.
    Es wurden zwei files gefunden, wobei ich nur bei einem "cure" anordnen konnte. Das andere habe ich auf "skip" gelassen
    tdsskiller.JPG

    Hier der Report
    Code:
    10:05:50.0312 1460	TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
    10:05:50.0515 1460	============================================================
    10:05:50.0515 1460	Current date / time: 2012/03/23 10:05:50.0515
    10:05:50.0515 1460	SystemInfo:
    10:05:50.0515 1460	
    10:05:50.0546 1460	OS Version: 5.1.2600 ServicePack: 3.0
    10:05:50.0546 1460	Product type: Workstation
    10:05:50.0546 1460	ComputerName: FLO
    10:05:50.0578 1460	UserName: Florian
    10:05:50.0578 1460	Windows directory: C:\WINDOWS
    10:05:50.0578 1460	System windows directory: C:\WINDOWS
    10:05:50.0578 1460	Processor architecture: Intel x86
    10:05:50.0578 1460	Number of processors: 1
    10:05:50.0578 1460	Page size: 0x1000
    10:05:50.0578 1460	Boot type: Normal boot
    10:05:50.0578 1460	============================================================
    10:05:53.0625 1460	Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    10:05:53.0671 1460	Drive \Device\Harddisk1\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    10:05:53.0687 1460	\Device\Harddisk0\DR0:
    10:05:53.0687 1460	MBR used
    10:05:53.0687 1460	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
    10:05:53.0687 1460	\Device\Harddisk1\DR2:
    10:05:53.0687 1460	MBR used
    10:05:53.0687 1460	\Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
    10:05:54.0031 1460	Initialize success
    10:05:54.0031 1460	============================================================
    Brgds

    taeckel

  4. #44
    Anti-Botnet-Team Avatar von Petra
    Registriert seit
    07.09.2011
    Ort
    Nähe Düsseldorf
    Beiträge
    17.129
    Zusätzlicher Lauf mit TDSSKiller von Kaspersky

    • Starte die TDSSKiller.exe auf dem Desktop durch Doppelklick.
    • Vista- und Windows7-User mit Rechtsklick und als Administrator starten.



    • Klicke auf Change parameters, um die Einstellungen zu ändern.

    • In den Settings die Additional options anhaken und mit Ok bestätigen.




    • Klicke erneut auf Start Scan, um den Suchlauf zu starten.

    • Sollte TDSSKiller Funde machen, wird das Tool fragen, was damit zu tun ist.
      In diesem Fall wähle ignore, was soviel wie ignorieren bedeutet.

    • Den Bericht erhälst Du durch Klick auf Report rechts oben. Bitte hier in den Thread posten.
      Wir prüfen die Funde und geben Dir dann Bescheid, wie damit verfahren werden soll.
      Da nur der letzte Report unter C:\TDSSKiller<random>.txt gespeichert wird, ggfs. ältere Berichte unter einem anderen Namen speichern.

    Hier findest Du eine ausführlichere Anleitung.

  5. #45
    Stammgast
    Registriert seit
    18.03.2012
    Beiträge
    28
    voilá
    Code:
    13:08:21.0421 2328	TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
    13:08:21.0968 2328	============================================================
    13:08:21.0968 2328	Current date / time: 2012/03/23 13:08:21.0968
    13:08:21.0968 2328	SystemInfo:
    13:08:21.0968 2328	
    13:08:21.0984 2328	OS Version: 5.1.2600 ServicePack: 3.0
    13:08:21.0984 2328	Product type: Workstation
    13:08:21.0984 2328	ComputerName: FLO
    13:08:22.0265 2328	UserName: Florian
    13:08:22.0265 2328	Windows directory: C:\WINDOWS
    13:08:22.0265 2328	System windows directory: C:\WINDOWS
    13:08:22.0265 2328	Processor architecture: Intel x86
    13:08:22.0265 2328	Number of processors: 1
    13:08:22.0265 2328	Page size: 0x1000
    13:08:22.0265 2328	Boot type: Normal boot
    13:08:22.0265 2328	============================================================
    13:08:23.0062 2328	Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    13:08:23.0468 2328	Drive \Device\Harddisk1\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    13:08:23.0468 2328	\Device\Harddisk0\DR0:
    13:08:23.0500 2328	MBR used
    13:08:23.0500 2328	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
    13:08:23.0500 2328	\Device\Harddisk1\DR2:
    13:08:23.0500 2328	MBR used
    13:08:23.0500 2328	\Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
    13:08:24.0171 2328	Initialize success
    13:08:24.0171 2328	============================================================
    13:08:33.0171 0352	============================================================
    13:08:33.0171 0352	Scan started
    13:08:33.0171 0352	Mode: Manual; SigCheck; TDLFS; 
    13:08:33.0171 0352	============================================================
    13:08:42.0015 0352	Abiosdsk - ok
    13:08:42.0453 0352	abp480n5 - ok
    13:08:42.0953 0352	ac97intc        (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
    13:09:10.0343 0352	ac97intc - ok
    13:09:11.0000 0352	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    13:09:11.0640 0352	ACPI - ok
    13:09:12.0203 0352	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
    13:09:12.0750 0352	ACPIEC - ok
    13:09:13.0250 0352	adpu160m - ok
    13:09:14.0000 0352	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    13:09:14.0656 0352	aec - ok
    13:09:15.0234 0352	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    13:09:15.0687 0352	AFD - ok
    13:09:15.0937 0352	AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Programme\LSI SoftModem\agrsmsvc.exe
    13:09:16.0312 0352	AgereModemAudio - ok
    13:09:17.0468 0352	AgereSoftModem  (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    13:09:18.0187 0352	AgereSoftModem - ok
    13:09:18.0703 0352	Aha154x - ok
    13:09:19.0171 0352	aic78u2 - ok
    13:09:19.0640 0352	aic78xx - ok
    13:09:21.0468 0352	ALCXWDM         (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    13:09:25.0437 0352	ALCXWDM - ok
    13:09:25.0953 0352	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
    13:09:26.0531 0352	Alerter - ok
    13:09:26.0890 0352	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
    13:09:27.0218 0352	ALG - ok
    13:09:27.0656 0352	AliIde - ok
    13:09:28.0062 0352	amsint - ok
    13:09:28.0500 0352	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
    13:09:28.0859 0352	AppMgmt - ok
    13:09:29.0296 0352	asc - ok
    13:09:29.0828 0352	asc3350p - ok
    13:09:30.0234 0352	asc3550 - ok
    13:09:30.0656 0352	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    13:09:31.0156 0352	aspnet_state - ok
    13:09:31.0625 0352	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    13:09:32.0093 0352	AsyncMac - ok
    13:09:32.0609 0352	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    13:09:33.0156 0352	atapi - ok
    13:09:33.0921 0352	Atdisk - ok
    13:09:34.0593 0352	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    13:09:35.0062 0352	Atmarpc - ok
    13:09:35.0593 0352	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
    13:09:36.0218 0352	AudioSrv - ok
    13:09:36.0781 0352	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    13:09:37.0328 0352	audstub - ok
    13:09:37.0890 0352	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    13:09:38.0468 0352	Beep - ok
    13:09:39.0093 0352	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
    13:09:40.0171 0352	BITS - ok
    13:09:40.0703 0352	BlueletAudio - ok
    13:09:41.0078 0352	BlueletSCOAudio - ok
    13:09:41.0640 0352	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
    13:09:42.0093 0352	Browser - ok
    13:09:42.0562 0352	BT - ok
    13:09:43.0328 0352	btaudio         (faba1418646a2b433c0bded6ff92d2fa) C:\WINDOWS\system32\drivers\btaudio.sys
    13:09:53.0796 0352	btaudio - ok
    13:09:54.0281 0352	Btcsrusb - ok
    13:09:55.0000 0352	BTDriver        (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
    13:09:55.0093 0352	BTDriver - ok
    13:09:55.0734 0352	BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    13:09:56.0234 0352	BthEnum - ok
    13:09:56.0859 0352	BTHidEnum - ok
    13:09:57.0328 0352	BTHidMgr - ok
    13:09:58.0171 0352	BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
    13:09:58.0593 0352	BthPan - ok
    13:09:59.0265 0352	BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
    13:09:59.0890 0352	BTHPORT - ok
    13:10:00.0359 0352	BthServ         (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll
    13:10:00.0921 0352	BthServ - ok
    13:10:01.0609 0352	BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
    13:10:02.0062 0352	BTHUSB - ok
    13:10:03.0062 0352	BTKRNL          (aef038061bc1cafb4865d43a85beb1a1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
    13:10:04.0593 0352	BTKRNL - ok
    13:10:05.0062 0352	btwdins         (f20629ff9ed48efa98fdc5d99919e8c0) C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    13:10:05.0359 0352	btwdins - ok
    13:10:05.0953 0352	BTWDNDIS        (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
    13:10:06.0046 0352	BTWDNDIS - ok
    13:10:06.0671 0352	btwhid          (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
    13:10:06.0750 0352	btwhid - ok
    13:10:07.0359 0352	BTWUSB          (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys
    13:10:07.0390 0352	BTWUSB - ok
    13:10:07.0875 0352	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    13:10:08.0312 0352	cbidf2k - ok
    13:10:08.0937 0352	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    13:10:09.0359 0352	CCDECODE - ok
    13:10:09.0890 0352	cd20xrnt - ok
    13:10:10.0546 0352	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    13:10:10.0984 0352	Cdaudio - ok
    13:10:11.0453 0352	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    13:10:11.0984 0352	Cdfs - ok
    13:10:12.0562 0352	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    13:10:13.0000 0352	Cdrom - ok
    13:10:13.0484 0352	Changer - ok
    13:10:14.0031 0352	CHIPDRIVE USB SmartCardReader (937c7cea2703d07312d540831814288c) C:\WINDOWS\system32\DRIVERS\TwkUsb2K.sys
    13:10:14.0218 0352	CHIPDRIVE USB SmartCardReader ( UnsignedFile.Multi.Generic ) - warning
    13:10:14.0218 0352	CHIPDRIVE USB SmartCardReader - detected UnsignedFile.Multi.Generic (1)
    13:10:14.0687 0352	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
    13:10:15.0171 0352	CiSvc - ok
    13:10:15.0562 0352	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
    13:10:15.0984 0352	ClipSrv - ok
    13:10:16.0359 0352	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    13:10:16.0671 0352	clr_optimization_v2.0.50727_32 - ok
    13:10:17.0234 0352	CmdIde - ok
    13:10:17.0703 0352	COMSysApp - ok
    13:10:18.0406 0352	Cpqarray - ok
    13:10:18.0750 0352	cpuz132 - ok
    13:10:19.0187 0352	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
    13:10:19.0421 0352	CryptSvc - ok
    13:10:20.0015 0352	dac2w2k - ok
    13:10:20.0421 0352	dac960nt - ok
    13:10:21.0000 0352	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
    13:10:21.0375 0352	DcomLaunch - ok
    13:10:21.0890 0352	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
    13:10:22.0125 0352	Dhcp - ok
    13:10:22.0718 0352	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    13:10:22.0968 0352	Disk - ok
    13:10:23.0234 0352	dmadmin - ok
    13:10:23.0984 0352	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
    13:10:24.0718 0352	dmboot - ok
    13:10:25.0281 0352	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
    13:10:25.0578 0352	dmio - ok
    13:10:25.0953 0352	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    13:10:26.0218 0352	dmload - ok
    13:10:26.0500 0352	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
    13:10:26.0828 0352	dmserver - ok
    13:10:27.0437 0352	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    13:10:27.0828 0352	DMusic - ok
    13:10:28.0593 0352	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
    13:10:28.0875 0352	Dnscache - ok
    13:10:29.0359 0352	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
    13:10:29.0703 0352	Dot3svc - ok
    13:10:30.0078 0352	dpti2o - ok
    13:10:30.0328 0352	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    13:10:30.0703 0352	drmkaud - ok
    13:10:31.0062 0352	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
    13:10:31.0375 0352	EapHost - ok
    13:10:31.0875 0352	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
    13:10:32.0171 0352	ERSvc - ok
    13:10:32.0625 0352	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
    13:10:32.0687 0352	Eventlog - ok
    13:10:32.0968 0352	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
    13:10:33.0187 0352	EventSystem - ok
    13:10:33.0703 0352	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    13:10:33.0984 0352	Fastfat - ok
    13:10:34.0421 0352	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
    13:10:34.0750 0352	FastUserSwitchingCompatibility - ok
    13:10:35.0171 0352	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    13:10:35.0468 0352	Fdc - ok
    13:10:35.0906 0352	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
    13:10:36.0109 0352	Fips - ok
    13:10:36.0656 0352	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    13:10:36.0984 0352	Flpydisk - ok
    13:10:37.0687 0352	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    13:10:37.0953 0352	FltMgr - ok
    13:10:38.0312 0352	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    13:10:38.0656 0352	FontCache3.0.0.0 - ok
    13:10:39.0125 0352	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    13:10:39.0328 0352	Fs_Rec - ok
    13:10:40.0156 0352	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    13:10:40.0375 0352	Ftdisk - ok
    13:10:41.0078 0352	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    13:10:41.0281 0352	Gpc - ok
    13:10:41.0671 0352	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    13:10:41.0906 0352	helpsvc - ok
    13:10:42.0125 0352	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
    13:10:42.0343 0352	HidServ - ok
    13:10:42.0828 0352	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    13:10:43.0078 0352	hidusb - ok
    13:10:43.0687 0352	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
    13:10:43.0890 0352	hkmsvc - ok
    13:10:44.0265 0352	hpn - ok
    13:10:44.0640 0352	hpqcxs08        (ce0fcec4d4d860f36d972759b11eaf0f) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
    13:10:44.0812 0352	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
    13:10:44.0812 0352	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
    13:10:45.0203 0352	hpqddsvc        (7da3211ac63edd90b8eca1ca1abfd43b) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
    13:10:45.0265 0352	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
    13:10:45.0265 0352	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
    13:10:45.0750 0352	HPSLPSVC        (14229263aa19c704e0d6d2e7404a8455) C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    13:10:46.0171 0352	HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
    13:10:46.0171 0352	HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
    13:10:46.0828 0352	HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    13:10:47.0421 0352	HPZid412 - ok
    13:10:47.0906 0352	HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    13:10:48.0031 0352	HPZipr12 - ok
    13:10:48.0562 0352	HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    13:10:48.0656 0352	HPZius12 - ok
    13:10:49.0406 0352	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    13:10:49.0906 0352	HTTP - ok
    13:10:50.0343 0352	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
    13:10:50.0562 0352	HTTPFilter - ok
    13:10:51.0000 0352	i2omgmt - ok
    13:10:51.0218 0352	i2omp - ok
    13:10:51.0343 0352	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    13:10:51.0531 0352	i8042prt - ok
    13:10:51.0734 0352	ialm            (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    13:10:51.0890 0352	ialm - ok
    13:10:52.0046 0352	IdeBusDr        (791f0829de88dd0ca77192f0dfad03b6) C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
    13:10:52.0296 0352	IdeBusDr - ok
    13:10:52.0828 0352	IdeChnDr        (7d2b8be9e89628663c1fb571f7c34062) C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
    13:10:52.0906 0352	IdeChnDr - ok
    13:10:53.0203 0352	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    13:10:53.0328 0352	idsvc - ok
    13:10:53.0468 0352	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    13:10:53.0671 0352	Imapi - ok
    13:10:53.0812 0352	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
    13:10:54.0000 0352	ImapiService - ok
    13:10:54.0109 0352	ini910u - ok
    13:10:54.0250 0352	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
    13:10:54.0484 0352	IntelIde - ok
    13:10:54.0625 0352	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    13:10:54.0796 0352	intelppm - ok
    13:10:54.0906 0352	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    13:10:55.0093 0352	Ip6Fw - ok
    13:10:55.0218 0352	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    13:10:55.0390 0352	IpFilterDriver - ok
    13:10:55.0562 0352	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    13:10:55.0734 0352	IpInIp - ok
    13:10:55.0843 0352	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    13:10:56.0046 0352	IpNat - ok
    13:10:56.0171 0352	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    13:10:56.0359 0352	IPSec - ok
    13:10:56.0984 0352	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    13:10:57.0218 0352	IRENUM - ok
    13:10:57.0812 0352	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    13:10:58.0000 0352	isapnp - ok
    13:10:58.0046 0352	JavaQuickStarterService - ok
    13:10:58.0171 0352	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    13:10:58.0375 0352	Kbdclass - ok
    13:10:58.0734 0352	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    13:10:58.0921 0352	kbdhid - ok
    13:10:59.0031 0352	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    13:10:59.0234 0352	kmixer - ok
    13:10:59.0375 0352	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    13:10:59.0515 0352	KSecDD - ok
    13:10:59.0671 0352	LanmanServer    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
    13:10:59.0734 0352	LanmanServer - ok
    13:10:59.0890 0352	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
    13:10:59.0984 0352	lanmanworkstation - ok
    13:11:00.0078 0352	lbrtfdc - ok
    13:11:00.0171 0352	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
    13:11:00.0343 0352	LmHosts - ok
    13:11:00.0593 0352	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
    13:11:00.0656 0352	MBAMProtector - ok
    13:11:00.0687 0352	MBAMService - ok
    13:11:00.0828 0352	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
    13:11:01.0000 0352	Messenger - ok
    13:11:01.0296 0352	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    13:11:01.0515 0352	mnmdd - ok
    13:11:01.0640 0352	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
    13:11:01.0859 0352	mnmsrvc - ok
    13:11:02.0000 0352	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
    13:11:02.0171 0352	Modem - ok
    13:11:02.0265 0352	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    13:11:02.0468 0352	Mouclass - ok
    13:11:02.0625 0352	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    13:11:02.0828 0352	mouhid - ok
    13:11:02.0890 0352	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    13:11:03.0109 0352	MountMgr - ok
    13:11:03.0187 0352	mraid35x - ok
    13:11:03.0281 0352	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    13:11:03.0484 0352	MRxDAV - ok
    13:11:03.0671 0352	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    13:11:03.0765 0352	MRxSmb - ok
    13:11:03.0890 0352	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
    13:11:04.0078 0352	MSDTC - ok
    13:11:04.0218 0352	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    13:11:04.0421 0352	Msfs - ok
    13:11:04.0578 0352	MSIServer - ok
    13:11:04.0718 0352	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    13:11:04.0875 0352	MSKSSRV - ok
    13:11:05.0000 0352	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    13:11:05.0187 0352	MSPCLOCK - ok
    13:11:05.0296 0352	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    13:11:05.0484 0352	MSPQM - ok
    13:11:05.0656 0352	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    13:11:05.0828 0352	mssmbios - ok
    13:11:05.0937 0352	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    13:11:06.0125 0352	MSTEE - ok
    13:11:06.0265 0352	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    13:11:06.0343 0352	Mup - ok
    13:11:06.0625 0352	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    13:11:06.0796 0352	NABTSFEC - ok
    13:11:06.0921 0352	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
    13:11:07.0156 0352	napagent - ok
    13:11:07.0281 0352	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    13:11:07.0453 0352	NDIS - ok
    13:11:07.0609 0352	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    13:11:07.0781 0352	NdisIP - ok
    13:11:07.0921 0352	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    13:11:07.0984 0352	NdisTapi - ok
    13:11:08.0109 0352	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    13:11:08.0312 0352	Ndisuio - ok
    13:11:08.0421 0352	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    13:11:08.0656 0352	NdisWan - ok
    13:11:08.0796 0352	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    13:11:08.0875 0352	NDProxy - ok
    13:11:09.0031 0352	Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
    13:11:09.0062 0352	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    13:11:09.0062 0352	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    13:11:09.0171 0352	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    13:11:09.0359 0352	NetBIOS - ok
    13:11:09.0656 0352	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    13:11:09.0843 0352	NetBT - ok
    13:11:09.0968 0352	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
    13:11:10.0140 0352	NetDDE - ok
    13:11:10.0156 0352	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
    13:11:10.0359 0352	NetDDEdsdm - ok
    13:11:10.0546 0352	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
    13:11:10.0718 0352	Netlogon - ok
    13:11:10.0859 0352	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
    13:11:11.0046 0352	Netman - ok
    13:11:11.0250 0352	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    13:11:11.0296 0352	NetTcpPortSharing - ok
    13:11:11.0546 0352	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
    13:11:11.0609 0352	Nla - ok
    13:11:11.0718 0352	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    13:11:11.0890 0352	Npfs - ok
    13:11:12.0390 0352	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    13:11:12.0718 0352	Ntfs - ok
    13:11:12.0875 0352	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
    13:11:13.0046 0352	NtLmSsp - ok
    13:11:13.0203 0352	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
    13:11:13.0406 0352	NtmsSvc - ok
    13:11:13.0656 0352	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    13:11:13.0859 0352	Null - ok
    13:11:13.0984 0352	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    13:11:14.0140 0352	NwlnkFlt - ok
    13:11:14.0250 0352	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    13:11:14.0484 0352	NwlnkFwd - ok
    13:11:14.0609 0352	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
    13:11:14.0625 0352	ose - ok
    13:11:14.0750 0352	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
    13:11:14.0937 0352	Parport - ok
    13:11:15.0031 0352	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    13:11:15.0234 0352	PartMgr - ok
    13:11:15.0343 0352	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
    13:11:15.0500 0352	ParVdm - ok
    13:11:15.0656 0352	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
    13:11:15.0843 0352	PCI - ok
    13:11:15.0937 0352	PCIDump - ok
    13:11:16.0031 0352	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\drivers\PCIIde.sys
    13:11:16.0187 0352	PCIIde - ok
    13:11:16.0328 0352	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
    13:11:16.0500 0352	Pcmcia - ok
    13:11:16.0609 0352	PDCOMP - ok
    13:11:16.0687 0352	PDFRAME - ok
    13:11:16.0750 0352	PDRELI - ok
    13:11:16.0843 0352	PDRFRAME - ok
    13:11:16.0906 0352	perc2 - ok
    13:11:16.0984 0352	perc2hib - ok
    13:11:17.0125 0352	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
    13:11:17.0156 0352	PlugPlay - ok
    13:11:17.0328 0352	Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
    13:11:17.0359 0352	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    13:11:17.0359 0352	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    13:11:17.0546 0352	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
    13:11:17.0734 0352	PolicyAgent - ok
    13:11:17.0843 0352	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    13:11:18.0046 0352	PptpMiniport - ok
    13:11:18.0156 0352	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
    13:11:18.0328 0352	ProtectedStorage - ok
    13:11:18.0562 0352	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    13:11:18.0750 0352	PSched - ok
    13:11:19.0203 0352	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    13:11:19.0390 0352	Ptilink - ok
    13:11:19.0828 0352	ql1080 - ok
    13:11:20.0203 0352	Ql10wnt - ok
    13:11:20.0437 0352	ql12160 - ok
    13:11:20.0937 0352	ql1240 - ok
    13:11:21.0656 0352	ql1280 - ok
    13:11:21.0953 0352	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    13:11:22.0109 0352	RasAcd - ok
    13:11:22.0218 0352	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
    13:11:22.0390 0352	RasAuto - ok
    13:11:22.0578 0352	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    13:11:22.0781 0352	Rasl2tp - ok
    13:11:22.0890 0352	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
    13:11:23.0046 0352	RasMan - ok
    13:11:23.0140 0352	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    13:11:23.0312 0352	RasPppoe - ok
    13:11:23.0390 0352	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    13:11:23.0578 0352	Raspti - ok
    13:11:23.0859 0352	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    13:11:24.0062 0352	Rdbss - ok
    13:11:24.0203 0352	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    13:11:24.0484 0352	RDPCDD - ok
    13:11:24.0640 0352	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    13:11:24.0906 0352	rdpdr - ok
    13:11:25.0046 0352	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    13:11:25.0093 0352	RDPWD - ok
    13:11:25.0187 0352	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
    13:11:25.0375 0352	RDSessMgr - ok
    13:11:25.0593 0352	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
    13:11:25.0781 0352	redbook - ok
    13:11:25.0890 0352	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
    13:11:26.0078 0352	RemoteAccess - ok
    13:11:26.0250 0352	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
    13:11:26.0593 0352	RemoteRegistry - ok
    13:11:26.0750 0352	RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    13:11:26.0953 0352	RFCOMM - ok
    13:11:27.0078 0352	ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    13:11:27.0234 0352	ROOTMODEM - ok
    13:11:27.0359 0352	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
    13:11:27.0562 0352	RpcLocator - ok
    13:11:27.0687 0352	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
    13:11:27.0718 0352	RpcSs - ok
    13:11:27.0812 0352	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
    13:11:28.0000 0352	RSVP - ok
    13:11:28.0140 0352	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    13:11:28.0328 0352	rtl8139 - ok
    13:11:28.0515 0352	RTL8192su       (19e1cc285f736616b7379a7462fc438a) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
    13:11:28.0609 0352	RTL8192su - ok
    13:11:28.0734 0352	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
    13:11:28.0906 0352	SamSs - ok
    13:11:29.0031 0352	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
    13:11:29.0218 0352	SCardSvr - ok
    13:11:29.0359 0352	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
    13:11:29.0562 0352	Schedule - ok
    13:11:29.0734 0352	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    13:11:29.0828 0352	Secdrv - ok
    13:11:29.0890 0352	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
    13:11:30.0093 0352	seclogon - ok
    13:11:30.0218 0352	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
    13:11:30.0390 0352	SENS - ok
    13:11:30.0531 0352	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    13:11:30.0718 0352	serenum - ok
    13:11:30.0812 0352	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
    13:11:31.0000 0352	Serial - ok
    13:11:31.0109 0352	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    13:11:31.0296 0352	Sfloppy - ok
    13:11:31.0421 0352	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
    13:11:31.0781 0352	SharedAccess - ok
    13:11:31.0953 0352	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
    13:11:31.0968 0352	ShellHWDetection - ok
    13:11:32.0078 0352	Simbad - ok
    13:11:32.0171 0352	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    13:11:32.0343 0352	SLIP - ok
    13:11:32.0515 0352	Sparrow - ok
    13:11:32.0609 0352	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    13:11:32.0765 0352	splitter - ok
    13:11:32.0875 0352	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    13:11:32.0921 0352	Spooler - ok
    13:11:33.0109 0352	sptd            (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
    13:11:33.0109 0352	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    13:11:33.0109 0352	sptd ( LockedFile.Multi.Generic ) - warning
    13:11:33.0109 0352	sptd - detected LockedFile.Multi.Generic (1)
    13:11:33.0187 0352	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
    13:11:33.0281 0352	sr - ok
    13:11:33.0375 0352	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
    13:11:33.0468 0352	srservice - ok
    13:11:33.0640 0352	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    13:11:33.0812 0352	Srv - ok
    13:11:33.0984 0352	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
    13:11:34.0078 0352	SSDPSRV - ok
    13:11:34.0234 0352	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
    13:11:34.0484 0352	stisvc - ok
    13:11:34.0687 0352	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    13:11:34.0859 0352	streamip - ok
    13:11:34.0953 0352	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    13:11:35.0140 0352	swenum - ok
    13:11:35.0234 0352	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    13:11:35.0406 0352	swmidi - ok
    13:11:35.0515 0352	SwPrv - ok
    13:11:35.0593 0352	symc810 - ok
    13:11:35.0671 0352	symc8xx - ok
    13:11:35.0734 0352	sym_hi - ok
    13:11:35.0812 0352	sym_u3 - ok
    13:11:35.0890 0352	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    13:11:36.0078 0352	sysaudio - ok
    13:11:36.0218 0352	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
    13:11:36.0421 0352	SysmonLog - ok
    13:11:36.0671 0352	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
    13:11:36.0843 0352	TapiSrv - ok
    13:11:37.0015 0352	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    13:11:37.0093 0352	Tcpip - ok
    13:11:37.0234 0352	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    13:11:37.0390 0352	TDPIPE - ok
    13:11:37.0593 0352	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    13:11:37.0781 0352	TDTCP - ok
    13:11:37.0875 0352	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    13:11:38.0046 0352	TermDD - ok
    13:11:38.0171 0352	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
    13:11:38.0343 0352	TermService - ok
    13:11:38.0562 0352	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
    13:11:38.0578 0352	Themes - ok
    13:11:38.0718 0352	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
    13:11:38.0812 0352	TlntSvr - ok
    13:11:38.0906 0352	TosIde - ok
    13:11:39.0031 0352	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
    13:11:39.0234 0352	TrkWks - ok
    13:11:39.0359 0352	TwkMs           (8c7d0928b76dc2b8235995a01ce33037) C:\WINDOWS\system32\drivers\TwkMs.sys
    13:11:39.0375 0352	TwkMs ( UnsignedFile.Multi.Generic ) - warning
    13:11:39.0375 0352	TwkMs - detected UnsignedFile.Multi.Generic (1)
    13:11:39.0562 0352	TWKSER2K        (be910aceab65fa3ae67ae98b19fcac4b) C:\WINDOWS\system32\DRIVERS\TWKSER2K.sys
    13:11:39.0609 0352	TWKSER2K ( UnsignedFile.Multi.Generic ) - warning
    13:11:39.0609 0352	TWKSER2K - detected UnsignedFile.Multi.Generic (1)
    13:11:39.0718 0352	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    13:11:39.0875 0352	Udfs - ok
    13:11:39.0968 0352	ultra - ok
    13:11:40.0093 0352	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    13:11:40.0312 0352	Update - ok
    13:11:40.0531 0352	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
    13:11:40.0609 0352	upnphost - ok
    13:11:40.0734 0352	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
    13:11:40.0890 0352	UPS - ok
    13:11:41.0015 0352	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    13:11:41.0171 0352	usbccgp - ok
    13:11:41.0281 0352	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    13:11:41.0500 0352	usbehci - ok
    13:11:41.0656 0352	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    13:11:41.0843 0352	usbhub - ok
    13:11:41.0968 0352	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    13:11:42.0125 0352	usbprint - ok
    13:11:42.0250 0352	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    13:11:42.0546 0352	usbscan - ok
    13:11:42.0703 0352	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    13:11:42.0843 0352	USBSTOR - ok
    13:11:42.0937 0352	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    13:11:43.0093 0352	usbuhci - ok
    13:11:43.0203 0352	usb_rndisx      (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    13:11:43.0359 0352	usb_rndisx - ok
    13:11:43.0578 0352	VComm - ok
    13:11:44.0062 0352	VcommMgr - ok
    13:11:44.0406 0352	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    13:11:44.0562 0352	VgaSave - ok
    13:11:44.0718 0352	ViaIde - ok
    13:11:44.0796 0352	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
    13:11:44.0953 0352	VolSnap - ok
    13:11:45.0046 0352	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
    13:11:45.0140 0352	VSS - ok
    13:11:45.0265 0352	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
    13:11:45.0468 0352	W32Time - ok
    13:11:45.0593 0352	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    13:11:45.0750 0352	Wanarp - ok
    13:11:45.0890 0352	wceusbsh        (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    13:11:45.0953 0352	wceusbsh - ok
    13:11:46.0031 0352	WDICA - ok
    13:11:46.0125 0352	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    13:11:46.0296 0352	wdmaud - ok
    13:11:46.0390 0352	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
    13:11:46.0562 0352	WebClient - ok
    13:11:46.0750 0352	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
    13:11:46.0906 0352	winmgmt - ok
    13:11:47.0093 0352	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    13:11:47.0203 0352	WmdmPmSN - ok
    13:11:47.0359 0352	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
    13:11:47.0484 0352	Wmi - ok
    13:11:47.0687 0352	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    13:11:47.0906 0352	WmiApSrv - ok
    13:11:48.0078 0352	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
    13:11:48.0203 0352	WMPNetworkSvc - ok
    13:11:48.0343 0352	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    13:11:48.0375 0352	WpdUsb - ok
    13:11:48.0640 0352	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
    13:11:48.0843 0352	wscsvc - ok
    13:11:48.0968 0352	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    13:11:49.0187 0352	WSTCODEC - ok
    13:11:49.0296 0352	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
    13:11:49.0531 0352	wuauserv - ok
    13:11:49.0734 0352	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    13:11:49.0796 0352	WudfPf - ok
    13:11:49.0953 0352	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    13:11:49.0968 0352	WudfRd - ok
    13:11:50.0093 0352	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    13:11:50.0125 0352	WudfSvc - ok
    13:11:50.0265 0352	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
    13:11:50.0500 0352	WZCSVC - ok
    13:11:50.0640 0352	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
    13:11:50.0828 0352	xmlprov - ok
    13:11:50.0937 0352	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
    13:11:51.0109 0352	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
    13:11:51.0109 0352	\Device\Harddisk0\DR0 - detected TDSS File System (1)
    13:11:51.0140 0352	MBR (0x1B8)     (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR2
    13:11:51.0843 0352	\Device\Harddisk1\DR2 - ok
    13:11:51.0859 0352	Boot (0x1200)   (ae5b167d3454d614c6692f26ae0a9b92) \Device\Harddisk0\DR0\Partition0
    13:11:51.0859 0352	\Device\Harddisk0\DR0\Partition0 - ok
    13:11:51.0875 0352	Boot (0x1200)   (89b7fda2e2c04c534e218e39fc303ba5) \Device\Harddisk1\DR2\Partition0
    13:11:51.0890 0352	\Device\Harddisk1\DR2\Partition0 - ok
    13:11:51.0890 0352	============================================================
    13:11:51.0890 0352	Scan finished
    13:11:51.0890 0352	============================================================
    13:11:52.0031 1832	Detected object count: 10
    13:11:52.0031 1832	Actual detected object count: 10
    13:13:33.0328 1832	CHIPDRIVE USB SmartCardReader ( UnsignedFile.Multi.Generic ) - skipped by user
    13:13:33.0328 1832	CHIPDRIVE USB SmartCardReader ( UnsignedFile.Multi.Generic ) - User select action: Skip 
    13:13:33.0328 1832	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
    13:13:33.0328 1832	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
    13:13:33.0328 1832	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
    13:13:33.0328 1832	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
    13:13:33.0328 1832	HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
    13:13:33.0328 1832	HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
    13:13:33.0343 1832	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
    13:13:33.0343 1832	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
    13:13:33.0343 1832	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
    13:13:33.0343 1832	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
    13:13:33.0343 1832	sptd ( LockedFile.Multi.Generic ) - skipped by user
    13:13:33.0343 1832	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
    13:13:33.0359 1832	TwkMs ( UnsignedFile.Multi.Generic ) - skipped by user
    13:13:33.0359 1832	TwkMs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
    13:13:33.0359 1832	TWKSER2K ( UnsignedFile.Multi.Generic ) - skipped by user
    13:13:33.0359 1832	TWKSER2K ( UnsignedFile.Multi.Generic ) - User select action: Skip 
    13:13:33.0359 1832	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    13:13:33.0359 1832	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
    13:15:29.0750 1280	Deinitialize success
    Brgds

    taeckel

  6. #46
    Anti-Botnet-Team Avatar von Petra
    Registriert seit
    07.09.2011
    Ort
    Nähe Düsseldorf
    Beiträge
    17.129
    Hallo teaeckel,

    bitte verschiebe alle unsignierten Dateien in Quarantäne inkl. des sptd und Dann starte

    und diesen hier mit cure, wenn möglich:

    13:13:33.0359 1832 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    13:13:33.0359 1832 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

  7. #47
    Stammgast
    Registriert seit
    18.03.2012
    Beiträge
    28
    Hi Petra,

    habe ich gemacht. Außer daß
    13:13:33.0359 1832 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    13:13:33.0359 1832 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    nicht mit "cure" zu markieren waren. Habe es auf "skip" gelassen.

    Hier noch das logfile
    Code:
    14:52:17.0515 3072	TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
    14:52:17.0812 3072	============================================================
    14:52:17.0812 3072	Current date / time: 2012/03/23 14:52:17.0812
    14:52:17.0812 3072	SystemInfo:
    14:52:17.0812 3072	
    14:52:17.0812 3072	OS Version: 5.1.2600 ServicePack: 3.0
    14:52:17.0812 3072	Product type: Workstation
    14:52:17.0812 3072	ComputerName: FLO
    14:52:17.0875 3072	UserName: Florian
    14:52:17.0875 3072	Windows directory: C:\WINDOWS
    14:52:17.0875 3072	System windows directory: C:\WINDOWS
    14:52:17.0875 3072	Processor architecture: Intel x86
    14:52:17.0875 3072	Number of processors: 1
    14:52:17.0875 3072	Page size: 0x1000
    14:52:17.0875 3072	Boot type: Normal boot
    14:52:17.0875 3072	============================================================
    14:52:18.0343 3072	Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    14:52:18.0625 3072	Drive \Device\Harddisk1\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    14:52:18.0640 3072	\Device\Harddisk0\DR0:
    14:52:18.0640 3072	MBR used
    14:52:18.0640 3072	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
    14:52:18.0656 3072	\Device\Harddisk1\DR2:
    14:52:18.0656 3072	MBR used
    14:52:18.0656 3072	\Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
    14:52:19.0015 3072	Initialize success
    14:52:19.0015 3072	============================================================
    14:52:28.0843 3368	============================================================
    14:52:28.0843 3368	Scan started
    14:52:28.0843 3368	Mode: Manual; SigCheck; TDLFS; 
    14:52:28.0843 3368	============================================================
    14:52:30.0609 3368	Abiosdsk - ok
    14:52:30.0656 3368	abp480n5 - ok
    14:52:30.0781 3368	ac97intc        (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
    14:52:42.0500 3368	ac97intc - ok
    14:52:42.0703 3368	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    14:52:42.0937 3368	ACPI - ok
    14:52:43.0062 3368	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
    14:52:43.0265 3368	ACPIEC - ok
    14:52:43.0515 3368	adpu160m - ok
    14:52:44.0000 3368	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    14:52:44.0328 3368	aec - ok
    14:52:44.0468 3368	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    14:52:44.0750 3368	AFD - ok
    14:52:45.0250 3368	AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Programme\LSI SoftModem\agrsmsvc.exe
    14:52:45.0718 3368	AgereModemAudio - ok
    14:52:46.0437 3368	AgereSoftModem  (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    14:52:46.0937 3368	AgereSoftModem - ok
    14:52:47.0031 3368	Aha154x - ok
    14:52:47.0125 3368	aic78u2 - ok
    14:52:47.0187 3368	aic78xx - ok
    14:52:47.0515 3368	ALCXWDM         (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    14:52:48.0343 3368	ALCXWDM - ok
    14:52:48.0484 3368	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
    14:52:49.0203 3368	Alerter - ok
    14:52:49.0390 3368	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
    14:52:49.0500 3368	ALG - ok
    14:52:49.0671 3368	AliIde - ok
    14:52:49.0734 3368	amsint - ok
    14:52:49.0843 3368	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
    14:52:50.0015 3368	AppMgmt - ok
    14:52:50.0093 3368	asc - ok
    14:52:50.0171 3368	asc3350p - ok
    14:52:50.0250 3368	asc3550 - ok
    14:52:50.0421 3368	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    14:52:50.0718 3368	aspnet_state - ok
    14:52:50.0859 3368	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    14:52:51.0093 3368	AsyncMac - ok
    14:52:51.0203 3368	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    14:52:51.0500 3368	atapi - ok
    14:52:51.0671 3368	Atdisk - ok
    14:52:51.0781 3368	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    14:52:51.0953 3368	Atmarpc - ok
    14:52:52.0031 3368	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
    14:52:52.0234 3368	AudioSrv - ok
    14:52:52.0390 3368	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    14:52:52.0593 3368	audstub - ok
    14:52:52.0718 3368	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    14:52:52.0937 3368	Beep - ok
    14:52:53.0046 3368	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
    14:52:53.0390 3368	BITS - ok
    14:52:53.0515 3368	BlueletAudio - ok
    14:52:53.0656 3368	BlueletSCOAudio - ok
    14:52:53.0781 3368	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
    14:52:54.0000 3368	Browser - ok
    14:52:54.0093 3368	BT - ok
    14:52:54.0250 3368	btaudio         (faba1418646a2b433c0bded6ff92d2fa) C:\WINDOWS\system32\drivers\btaudio.sys
    14:52:56.0125 3368	btaudio - ok
    14:52:56.0250 3368	Btcsrusb - ok
    14:52:56.0375 3368	BTDriver        (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
    14:52:56.0390 3368	BTDriver - ok
    14:52:56.0500 3368	BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    14:52:56.0734 3368	BthEnum - ok
    14:52:56.0828 3368	BTHidEnum - ok
    14:52:56.0921 3368	BTHidMgr - ok
    14:52:57.0062 3368	BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
    14:52:57.0296 3368	BthPan - ok
    14:52:57.0468 3368	BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
    14:52:57.0562 3368	BTHPORT - ok
    14:52:57.0734 3368	BthServ         (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll
    14:52:57.0937 3368	BthServ - ok
    14:52:58.0078 3368	BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
    14:52:58.0296 3368	BTHUSB - ok
    14:52:58.0468 3368	BTKRNL          (aef038061bc1cafb4865d43a85beb1a1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
    14:52:58.0750 3368	BTKRNL - ok
    14:52:58.0890 3368	btwdins         (f20629ff9ed48efa98fdc5d99919e8c0) C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    14:52:58.0937 3368	btwdins - ok
    14:52:59.0078 3368	BTWDNDIS        (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
    14:52:59.0125 3368	BTWDNDIS - ok
    14:52:59.0218 3368	btwhid          (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
    14:52:59.0234 3368	btwhid - ok
    14:52:59.0375 3368	BTWUSB          (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys
    14:52:59.0390 3368	BTWUSB - ok
    14:52:59.0484 3368	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    14:52:59.0687 3368	cbidf2k - ok
    14:52:59.0843 3368	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    14:53:00.0062 3368	CCDECODE - ok
    14:53:00.0140 3368	cd20xrnt - ok
    14:53:00.0218 3368	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    14:53:00.0421 3368	Cdaudio - ok
    14:53:00.0515 3368	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    14:53:00.0734 3368	Cdfs - ok
    14:53:01.0203 3368	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    14:53:01.0437 3368	Cdrom - ok
    14:53:01.0531 3368	Changer - ok
    14:53:01.0687 3368	CHIPDRIVE USB SmartCardReader (937c7cea2703d07312d540831814288c) C:\WINDOWS\system32\DRIVERS\TwkUsb2K.sys
    14:53:01.0703 3368	CHIPDRIVE USB SmartCardReader ( UnsignedFile.Multi.Generic ) - warning
    14:53:01.0703 3368	CHIPDRIVE USB SmartCardReader - detected UnsignedFile.Multi.Generic (1)
    14:53:01.0796 3368	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
    14:53:01.0984 3368	CiSvc - ok
    14:53:02.0093 3368	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
    14:53:02.0281 3368	ClipSrv - ok
    14:53:02.0468 3368	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    14:53:02.0531 3368	clr_optimization_v2.0.50727_32 - ok
    14:53:02.0656 3368	CmdIde - ok
    14:53:02.0734 3368	COMSysApp - ok
    14:53:02.0875 3368	Cpqarray - ok
    14:53:03.0000 3368	cpuz132 - ok
    14:53:03.0156 3368	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
    14:53:03.0343 3368	CryptSvc - ok
    14:53:03.0468 3368	dac2w2k - ok
    14:53:03.0531 3368	dac960nt - ok
    14:53:03.0718 3368	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
    14:53:03.0812 3368	DcomLaunch - ok
    14:53:03.0953 3368	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
    14:53:04.0171 3368	Dhcp - ok
    14:53:04.0312 3368	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    14:53:04.0531 3368	Disk - ok
    14:53:04.0656 3368	dmadmin - ok
    14:53:04.0765 3368	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
    14:53:05.0046 3368	dmboot - ok
    14:53:05.0187 3368	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
    14:53:05.0375 3368	dmio - ok
    14:53:05.0890 3368	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    14:53:06.0171 3368	dmload - ok
    14:53:06.0359 3368	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
    14:53:06.0515 3368	dmserver - ok
    14:53:06.0953 3368	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    14:53:07.0156 3368	DMusic - ok
    14:53:07.0281 3368	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
    14:53:07.0390 3368	Dnscache - ok
    14:53:07.0828 3368	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
    14:53:08.0031 3368	Dot3svc - ok
    14:53:08.0125 3368	dpti2o - ok
    14:53:08.0250 3368	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    14:53:08.0437 3368	drmkaud - ok
    14:53:08.0546 3368	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
    14:53:08.0734 3368	EapHost - ok
    14:53:08.0828 3368	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
    14:53:09.0046 3368	ERSvc - ok
    14:53:09.0171 3368	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
    14:53:09.0187 3368	Eventlog - ok
    14:53:09.0359 3368	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
    14:53:09.0421 3368	EventSystem - ok
    14:53:09.0750 3368	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    14:53:09.0953 3368	Fastfat - ok
    14:53:10.0093 3368	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
    14:53:10.0187 3368	FastUserSwitchingCompatibility - ok
    14:53:10.0296 3368	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    14:53:10.0609 3368	Fdc - ok
    14:53:10.0890 3368	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
    14:53:11.0093 3368	Fips - ok
    14:53:11.0203 3368	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    14:53:11.0437 3368	Flpydisk - ok
    14:53:11.0562 3368	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    14:53:11.0796 3368	FltMgr - ok
    14:53:12.0031 3368	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    14:53:12.0046 3368	FontCache3.0.0.0 - ok
    14:53:12.0187 3368	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    14:53:12.0390 3368	Fs_Rec - ok
    14:53:12.0484 3368	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    14:53:12.0687 3368	Ftdisk - ok
    14:53:12.0812 3368	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    14:53:13.0031 3368	Gpc - ok
    14:53:13.0062 3368	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    14:53:13.0234 3368	helpsvc - ok
    14:53:13.0343 3368	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
    14:53:13.0531 3368	HidServ - ok
    14:53:13.0765 3368	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    14:53:13.0953 3368	hidusb - ok
    14:53:14.0078 3368	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
    14:53:14.0265 3368	hkmsvc - ok
    14:53:14.0359 3368	hpn - ok
    14:53:14.0656 3368	hpqcxs08        (ce0fcec4d4d860f36d972759b11eaf0f) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
    14:53:14.0703 3368	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
    14:53:14.0703 3368	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
    14:53:14.0796 3368	hpqddsvc        (7da3211ac63edd90b8eca1ca1abfd43b) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
    14:53:14.0828 3368	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
    14:53:14.0828 3368	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
    14:53:15.0015 3368	HPSLPSVC        (14229263aa19c704e0d6d2e7404a8455) C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    14:53:15.0156 3368	HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
    14:53:15.0156 3368	HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
    14:53:15.0296 3368	HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    14:53:15.0437 3368	HPZid412 - ok
    14:53:15.0640 3368	HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    14:53:15.0687 3368	HPZipr12 - ok
    14:53:16.0000 3368	HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    14:53:16.0109 3368	HPZius12 - ok
    14:53:16.0281 3368	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    14:53:16.0359 3368	HTTP - ok
    14:53:16.0640 3368	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
    14:53:16.0921 3368	HTTPFilter - ok
    14:53:17.0046 3368	i2omgmt - ok
    14:53:17.0109 3368	i2omp - ok
    14:53:17.0218 3368	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    14:53:17.0437 3368	i8042prt - ok
    14:53:17.0656 3368	ialm            (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    14:53:17.0781 3368	ialm - ok
    14:53:17.0937 3368	IdeBusDr        (791f0829de88dd0ca77192f0dfad03b6) C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
    14:53:17.0984 3368	IdeBusDr - ok
    14:53:18.0109 3368	IdeChnDr        (7d2b8be9e89628663c1fb571f7c34062) C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
    14:53:18.0156 3368	IdeChnDr - ok
    14:53:18.0359 3368	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    14:53:18.0562 3368	idsvc - ok
    14:53:18.0734 3368	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    14:53:18.0906 3368	Imapi - ok
    14:53:19.0046 3368	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
    14:53:19.0250 3368	ImapiService - ok
    14:53:19.0359 3368	ini910u - ok
    14:53:19.0453 3368	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
    14:53:19.0640 3368	IntelIde - ok
    14:53:19.0781 3368	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    14:53:19.0968 3368	intelppm - ok
    14:53:20.0093 3368	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    14:53:20.0281 3368	Ip6Fw - ok
    14:53:20.0406 3368	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    14:53:20.0625 3368	IpFilterDriver - ok
    14:53:20.0718 3368	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    14:53:20.0890 3368	IpInIp - ok
    14:53:21.0000 3368	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    14:53:21.0203 3368	IpNat - ok
    14:53:21.0281 3368	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    14:53:21.0515 3368	IPSec - ok
    14:53:21.0750 3368	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    14:53:21.0828 3368	IRENUM - ok
    14:53:21.0984 3368	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    14:53:22.0171 3368	isapnp - ok
    14:53:22.0203 3368	JavaQuickStarterService - ok
    14:53:22.0343 3368	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    14:53:22.0546 3368	Kbdclass - ok
    14:53:22.0781 3368	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    14:53:22.0984 3368	kbdhid - ok
    14:53:23.0078 3368	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    14:53:23.0312 3368	kmixer - ok
    14:53:23.0484 3368	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    14:53:23.0953 3368	KSecDD - ok
    14:53:24.0437 3368	LanmanServer    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
    14:53:24.0609 3368	LanmanServer - ok
    14:53:25.0015 3368	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
    14:53:25.0078 3368	lanmanworkstation - ok
    14:53:25.0171 3368	lbrtfdc - ok
    14:53:25.0281 3368	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
    14:53:25.0453 3368	LmHosts - ok
    14:53:25.0640 3368	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
    14:53:25.0687 3368	MBAMProtector - ok
    14:53:25.0718 3368	MBAMService - ok
    14:53:25.0828 3368	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
    14:53:26.0031 3368	Messenger - ok
    14:53:26.0187 3368	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    14:53:26.0390 3368	mnmdd - ok
    14:53:26.0515 3368	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
    14:53:26.0687 3368	mnmsrvc - ok
    14:53:26.0828 3368	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
    14:53:27.0000 3368	Modem - ok
    14:53:27.0109 3368	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    14:53:27.0281 3368	Mouclass - ok
    14:53:27.0390 3368	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    14:53:27.0562 3368	mouhid - ok
    14:53:27.0703 3368	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    14:53:27.0875 3368	MountMgr - ok
    14:53:27.0953 3368	mraid35x - ok
    14:53:28.0046 3368	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    14:53:28.0250 3368	MRxDAV - ok
    14:53:28.0390 3368	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    14:53:28.0484 3368	MRxSmb - ok
    14:53:28.0671 3368	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
    14:53:28.0859 3368	MSDTC - ok
    14:53:28.0968 3368	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    14:53:29.0171 3368	Msfs - ok
    14:53:29.0265 3368	MSIServer - ok
    14:53:29.0421 3368	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    14:53:29.0656 3368	MSKSSRV - ok
    14:53:29.0890 3368	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    14:53:30.0062 3368	MSPCLOCK - ok
    14:53:30.0187 3368	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    14:53:30.0406 3368	MSPQM - ok
    14:53:30.0640 3368	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    14:53:30.0796 3368	mssmbios - ok
    14:53:30.0953 3368	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    14:53:31.0125 3368	MSTEE - ok
    14:53:31.0265 3368	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    14:53:31.0328 3368	Mup - ok
    14:53:31.0484 3368	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    14:53:31.0671 3368	NABTSFEC - ok
    14:53:31.0812 3368	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
    14:53:32.0000 3368	napagent - ok
    14:53:32.0109 3368	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    14:53:32.0296 3368	NDIS - ok
    14:53:32.0468 3368	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    14:53:32.0687 3368	NdisIP - ok
    14:53:32.0843 3368	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    14:53:32.0921 3368	NdisTapi - ok
    14:53:33.0046 3368	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    14:53:33.0234 3368	Ndisuio - ok
    14:53:33.0343 3368	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    14:53:33.0531 3368	NdisWan - ok
    14:53:33.0703 3368	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    14:53:33.0812 3368	NDProxy - ok
    14:53:33.0984 3368	Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
    14:53:33.0984 3368	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    14:53:33.0984 3368	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    14:53:34.0093 3368	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    14:53:34.0296 3368	NetBIOS - ok
    14:53:34.0406 3368	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    14:53:34.0593 3368	NetBT - ok
    14:53:34.0718 3368	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
    14:53:34.0906 3368	NetDDE - ok
    14:53:34.0937 3368	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
    14:53:35.0093 3368	NetDDEdsdm - ok
    14:53:35.0218 3368	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
    14:53:35.0406 3368	Netlogon - ok
    14:53:35.0546 3368	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
    14:53:35.0734 3368	Netman - ok
    14:53:35.0921 3368	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    14:53:35.0968 3368	NetTcpPortSharing - ok
    14:53:36.0125 3368	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
    14:53:36.0171 3368	Nla - ok
    14:53:36.0296 3368	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    14:53:36.0484 3368	Npfs - ok
    14:53:36.0796 3368	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    14:53:37.0031 3368	Ntfs - ok
    14:53:37.0140 3368	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
    14:53:37.0343 3368	NtLmSsp - ok
    14:53:37.0500 3368	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
    14:53:37.0750 3368	NtmsSvc - ok
    14:53:37.0906 3368	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    14:53:38.0093 3368	Null - ok
    14:53:38.0234 3368	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    14:53:38.0406 3368	NwlnkFlt - ok
    14:53:38.0515 3368	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    14:53:38.0703 3368	NwlnkFwd - ok
    14:53:38.0828 3368	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
    14:53:38.0843 3368	ose - ok
    14:53:39.0000 3368	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
    14:53:39.0187 3368	Parport - ok
    14:53:39.0265 3368	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    14:53:39.0468 3368	PartMgr - ok
    14:53:40.0015 3368	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
    14:53:40.0265 3368	ParVdm - ok
    14:53:40.0781 3368	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
    14:53:41.0046 3368	PCI - ok
    14:53:41.0453 3368	PCIDump - ok
    14:53:42.0156 3368	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\drivers\PCIIde.sys
    14:53:42.0406 3368	PCIIde - ok
    14:53:43.0296 3368	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
    14:53:43.0640 3368	Pcmcia - ok
    14:53:44.0359 3368	PDCOMP - ok
    14:53:44.0843 3368	PDFRAME - ok
    14:53:45.0265 3368	PDRELI - ok
    14:53:45.0671 3368	PDRFRAME - ok
    14:53:46.0031 3368	perc2 - ok
    14:53:46.0375 3368	perc2hib - ok
    14:53:46.0890 3368	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
    14:53:46.0906 3368	PlugPlay - ok
    14:53:47.0531 3368	Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
    14:53:47.0562 3368	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    14:53:47.0562 3368	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    14:53:47.0968 3368	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
    14:53:48.0140 3368	PolicyAgent - ok
    14:53:48.0812 3368	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    14:53:49.0031 3368	PptpMiniport - ok
    14:53:49.0421 3368	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
    14:53:49.0593 3368	ProtectedStorage - ok
    14:53:50.0062 3368	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    14:53:50.0265 3368	PSched - ok
    14:53:50.0796 3368	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    14:53:51.0015 3368	Ptilink - ok
    14:53:51.0359 3368	ql1080 - ok
    14:53:51.0750 3368	Ql10wnt - ok
    14:53:51.0859 3368	ql12160 - ok
    14:53:51.0953 3368	ql1240 - ok
    14:53:52.0031 3368	ql1280 - ok
    14:53:52.0109 3368	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    14:53:52.0281 3368	RasAcd - ok
    14:53:52.0390 3368	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
    14:53:52.0562 3368	RasAuto - ok
    14:53:53.0281 3368	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    14:53:53.0453 3368	Rasl2tp - ok
    14:53:53.0921 3368	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
    14:53:54.0156 3368	RasMan - ok
    14:53:54.0250 3368	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    14:53:54.0437 3368	RasPppoe - ok
    14:53:54.0859 3368	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    14:53:55.0140 3368	Raspti - ok
    14:53:55.0296 3368	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    14:53:55.0484 3368	Rdbss - ok
    14:53:55.0796 3368	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    14:53:56.0000 3368	RDPCDD - ok
    14:53:56.0281 3368	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    14:53:56.0546 3368	rdpdr - ok
    14:53:57.0250 3368	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    14:53:57.0328 3368	RDPWD - ok
    14:53:57.0593 3368	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
    14:53:57.0921 3368	RDSessMgr - ok
    14:53:58.0250 3368	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
    14:53:58.0437 3368	redbook - ok
    14:53:58.0687 3368	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
    14:53:58.0968 3368	RemoteAccess - ok
    14:53:59.0140 3368	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
    14:53:59.0328 3368	RemoteRegistry - ok
    14:53:59.0500 3368	RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    14:53:59.0890 3368	RFCOMM - ok
    14:54:00.0046 3368	ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    14:54:00.0234 3368	ROOTMODEM - ok
    14:54:00.0375 3368	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
    14:54:00.0578 3368	RpcLocator - ok
    14:54:01.0234 3368	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
    14:54:01.0265 3368	RpcSs - ok
    14:54:01.0390 3368	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
    14:54:01.0593 3368	RSVP - ok
    14:54:02.0046 3368	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    14:54:02.0218 3368	rtl8139 - ok
    14:54:02.0359 3368	RTL8192su       (19e1cc285f736616b7379a7462fc438a) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
    14:54:02.0468 3368	RTL8192su - ok
    14:54:02.0968 3368	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
    14:54:03.0140 3368	SamSs - ok
    14:54:03.0296 3368	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
    14:54:03.0468 3368	SCardSvr - ok
    14:54:03.0750 3368	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
    14:54:03.0953 3368	Schedule - ok
    14:54:04.0062 3368	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    14:54:04.0140 3368	Secdrv - ok
    14:54:04.0234 3368	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
    14:54:04.0406 3368	seclogon - ok
    14:54:04.0593 3368	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
    14:54:04.0796 3368	SENS - ok
    14:54:04.0937 3368	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    14:54:05.0109 3368	serenum - ok
    14:54:05.0203 3368	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
    14:54:05.0406 3368	Serial - ok
    14:54:05.0515 3368	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    14:54:05.0718 3368	Sfloppy - ok
    14:54:05.0843 3368	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
    14:54:06.0031 3368	SharedAccess - ok
    14:54:06.0218 3368	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
    14:54:06.0250 3368	ShellHWDetection - ok
    14:54:06.0375 3368	Simbad - ok
    14:54:06.0453 3368	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    14:54:06.0640 3368	SLIP - ok
    14:54:06.0812 3368	Sparrow - ok
    14:54:07.0218 3368	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    14:54:07.0390 3368	splitter - ok
    14:54:07.0828 3368	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    14:54:07.0937 3368	Spooler - ok
    14:54:08.0609 3368	sptd            (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
    14:54:08.0609 3368	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    14:54:08.0609 3368	sptd ( LockedFile.Multi.Generic ) - warning
    14:54:08.0609 3368	sptd - detected LockedFile.Multi.Generic (1)
    14:54:09.0031 3368	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
    14:54:09.0265 3368	sr - ok
    14:54:09.0812 3368	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
    14:54:10.0015 3368	srservice - ok
    14:54:10.0546 3368	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    14:54:11.0187 3368	Srv - ok
    14:54:11.0453 3368	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
    14:54:11.0531 3368	SSDPSRV - ok
    14:54:11.0687 3368	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
    14:54:11.0890 3368	stisvc - ok
    14:54:12.0031 3368	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    14:54:12.0234 3368	streamip - ok
    14:54:12.0328 3368	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    14:54:12.0515 3368	swenum - ok
    14:54:12.0687 3368	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    14:54:12.0890 3368	swmidi - ok
    14:54:12.0968 3368	SwPrv - ok
    14:54:13.0031 3368	symc810 - ok
    14:54:13.0093 3368	symc8xx - ok
    14:54:13.0171 3368	sym_hi - ok
    14:54:13.0250 3368	sym_u3 - ok
    14:54:13.0343 3368	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    14:54:13.0500 3368	sysaudio - ok
    14:54:13.0625 3368	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
    14:54:13.0812 3368	SysmonLog - ok
    14:54:13.0968 3368	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
    14:54:14.0187 3368	TapiSrv - ok
    14:54:14.0359 3368	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    14:54:14.0468 3368	Tcpip - ok
    14:54:14.0640 3368	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    14:54:14.0796 3368	TDPIPE - ok
    14:54:14.0937 3368	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    14:54:15.0109 3368	TDTCP - ok
    14:54:15.0203 3368	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    14:54:15.0421 3368	TermDD - ok
    14:54:15.0531 3368	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
    14:54:15.0718 3368	TermService - ok
    14:54:15.0859 3368	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
    14:54:15.0875 3368	Themes - ok
    14:54:16.0015 3368	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
    14:54:16.0109 3368	TlntSvr - ok
    14:54:16.0234 3368	TosIde - ok
    14:54:16.0625 3368	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
    14:54:16.0828 3368	TrkWks - ok
    14:54:16.0984 3368	TwkMs           (8c7d0928b76dc2b8235995a01ce33037) C:\WINDOWS\system32\drivers\TwkMs.sys
    14:54:17.0015 3368	TwkMs ( UnsignedFile.Multi.Generic ) - warning
    14:54:17.0015 3368	TwkMs - detected UnsignedFile.Multi.Generic (1)
    14:54:17.0156 3368	TWKSER2K        (be910aceab65fa3ae67ae98b19fcac4b) C:\WINDOWS\system32\DRIVERS\TWKSER2K.sys
    14:54:17.0187 3368	TWKSER2K ( UnsignedFile.Multi.Generic ) - warning
    14:54:17.0187 3368	TWKSER2K - detected UnsignedFile.Multi.Generic (1)
    14:54:17.0312 3368	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    14:54:17.0484 3368	Udfs - ok
    14:54:17.0656 3368	ultra - ok
    14:54:17.0781 3368	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    14:54:18.0046 3368	Update - ok
    14:54:18.0203 3368	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
    14:54:18.0343 3368	upnphost - ok
    14:54:18.0468 3368	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
    14:54:18.0656 3368	UPS - ok
    14:54:18.0796 3368	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    14:54:19.0000 3368	usbccgp - ok
    14:54:19.0125 3368	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    14:54:19.0296 3368	usbehci - ok
    14:54:19.0421 3368	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    14:54:19.0625 3368	usbhub - ok
    14:54:19.0968 3368	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    14:54:20.0156 3368	usbprint - ok
    14:54:20.0296 3368	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    14:54:20.0484 3368	usbscan - ok
    14:54:20.0812 3368	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    14:54:20.0984 3368	USBSTOR - ok
    14:54:21.0062 3368	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    14:54:21.0234 3368	usbuhci - ok
    14:54:21.0343 3368	usb_rndisx      (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    14:54:21.0500 3368	usb_rndisx - ok
    14:54:21.0578 3368	VComm - ok
    14:54:21.0656 3368	VcommMgr - ok
    14:54:21.0750 3368	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    14:54:21.0937 3368	VgaSave - ok
    14:54:22.0015 3368	ViaIde - ok
    14:54:22.0093 3368	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
    14:54:22.0265 3368	VolSnap - ok
    14:54:22.0375 3368	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
    14:54:22.0468 3368	VSS - ok
    14:54:22.0593 3368	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
    14:54:22.0781 3368	W32Time - ok
    14:54:22.0906 3368	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    14:54:23.0078 3368	Wanarp - ok
    14:54:23.0234 3368	wceusbsh        (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    14:54:23.0281 3368	wceusbsh - ok
    14:54:23.0359 3368	WDICA - ok
    14:54:23.0453 3368	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    14:54:23.0640 3368	wdmaud - ok
    14:54:23.0718 3368	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
    14:54:23.0890 3368	WebClient - ok
    14:54:24.0062 3368	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
    14:54:24.0250 3368	winmgmt - ok
    14:54:24.0453 3368	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    14:54:24.0515 3368	WmdmPmSN - ok
    14:54:24.0671 3368	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
    14:54:24.0765 3368	Wmi - ok
    14:54:24.0906 3368	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    14:54:25.0109 3368	WmiApSrv - ok
    14:54:25.0312 3368	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
    14:54:25.0406 3368	WMPNetworkSvc - ok
    14:54:25.0734 3368	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    14:54:25.0781 3368	WpdUsb - ok
    14:54:25.0906 3368	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
    14:54:26.0140 3368	wscsvc - ok
    14:54:26.0453 3368	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    14:54:26.0625 3368	WSTCODEC - ok
    14:54:26.0765 3368	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
    14:54:26.0937 3368	wuauserv - ok
    14:54:27.0125 3368	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    14:54:27.0187 3368	WudfPf - ok
    14:54:27.0328 3368	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    14:54:27.0375 3368	WudfRd - ok
    14:54:27.0484 3368	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    14:54:27.0531 3368	WudfSvc - ok
    14:54:27.0656 3368	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
    14:54:27.0875 3368	WZCSVC - ok
    14:54:28.0078 3368	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
    14:54:28.0281 3368	xmlprov - ok
    14:54:28.0375 3368	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
    14:54:28.0546 3368	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
    14:54:28.0546 3368	\Device\Harddisk0\DR0 - detected TDSS File System (1)
    14:54:28.0593 3368	MBR (0x1B8)     (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR2
    14:54:29.0328 3368	\Device\Harddisk1\DR2 - ok
    14:54:29.0343 3368	Boot (0x1200)   (ae5b167d3454d614c6692f26ae0a9b92) \Device\Harddisk0\DR0\Partition0
    14:54:29.0343 3368	\Device\Harddisk0\DR0\Partition0 - ok
    14:54:29.0359 3368	Boot (0x1200)   (89b7fda2e2c04c534e218e39fc303ba5) \Device\Harddisk1\DR2\Partition0
    14:54:29.0359 3368	\Device\Harddisk1\DR2\Partition0 - ok
    14:54:29.0375 3368	============================================================
    14:54:29.0375 3368	Scan finished
    14:54:29.0375 3368	============================================================
    14:54:29.0546 0924	Detected object count: 10
    14:54:29.0546 0924	Actual detected object count: 10
    14:55:33.0171 0924	C:\WINDOWS\system32\DRIVERS\TwkUsb2K.sys - copied to quarantine
    14:55:33.0171 0924	CHIPDRIVE USB SmartCardReader ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
    14:55:33.0328 0924	C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll - copied to quarantine
    14:55:33.0328 0924	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
    14:55:33.0500 0924	C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll - copied to quarantine
    14:55:33.0500 0924	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
    14:55:33.0656 0924	C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL - copied to quarantine
    14:55:33.0656 0924	HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
    14:55:33.0828 0924	C:\WINDOWS\system32\HPZinw12.dll - copied to quarantine
    14:55:33.0828 0924	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
    14:55:34.0062 0924	C:\WINDOWS\system32\HPZipm12.dll - copied to quarantine
    14:55:34.0062 0924	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
    14:55:34.0281 0924	C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
    14:55:34.0281 0924	sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine 
    14:55:34.0359 0924	C:\WINDOWS\system32\drivers\TwkMs.sys - copied to quarantine
    14:55:34.0359 0924	TwkMs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
    14:55:34.0500 0924	C:\WINDOWS\system32\DRIVERS\TWKSER2K.sys - copied to quarantine
    14:55:34.0500 0924	TWKSER2K ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
    14:55:34.0515 0924	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    14:55:34.0515 0924	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    Und nun?
    Brgds

    taeckel

  8. #48
    Anti-Botnet-Team Avatar von Petra
    Registriert seit
    07.09.2011
    Ort
    Nähe Düsseldorf
    Beiträge
    17.129
    Malware mit Combofix beseitigen

    Lade Combofix von einem der folgenden Download-Spiegel herunter:

    BleepingComputer.com - ForoSpyware.com

    und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
    Beachte die ausführliche Original-Anleitung.

    Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
    • Windows XP (nur 32-bit)
    • Windows Vista (32-bit/64-bit)
    • Windows 7 (32-bit/64-bit)


    Vorbereitung und wichtige Hinweise
    • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
    • Liste der zu deaktivierenden Programme.
      Bei Unklarheiten bitte fragen.

    • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
    • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
    • {b]Mache nichts anderes[/b], wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
    • Teile uns das mit und warte auf unsere Anweisungen.

    • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
      Vista- und Windows 7-User starten die Combofix.exe mit Rechtsklick => Als Administrator ausführen
    • Während des Laufs von Combofix nichts anderes am Computer machen!
    • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".


    Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP
    • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
      Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
    • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.


    ** Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



    Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:




    • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
    • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
    • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
    • Bitte nicht in dieses Combofix-Fenster klicken.
    • Das könnte Dein System einfrieren oder hängen bleiben lassen.
    • Es wird ein Backup Deiner Registry erstellt.
    • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.

    • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
    • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
    • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

    • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
    • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.


    Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

  9. #49
    Stammgast
    Registriert seit
    18.03.2012
    Beiträge
    28
    Hi Petra,

    habe mir ComboFix heruntergeladen und gestartet. Lief zunächst einwandfrei.
    Dann kam diese Fehlermeldung
    combofix fehler.JPG
    Habe dann noch sehr lange gewartet, aber es rührte sich nichts mehr.

    Was jetzt?
    Brgds

    taeckel

  10. #50
    Anti-Botnet-Team Avatar von Petra
    Registriert seit
    07.09.2011
    Ort
    Nähe Düsseldorf
    Beiträge
    17.129
    Hallo taeckel, OK klicken und das Tool in Ruhe weiterlaufen lassen.
    Keine Panik, das braucht seine Zeit und es macht auch etwas, wenn Du denkst, es macht nichts.

Ähnliche Themen

  1. diverse Schadware
    Von Mato im Forum Windows
    Antworten: 16
    Letzter Beitrag: 03.06.2013, 10:46
  2. Beseitigung des GVU 2.07 Trojaners
    Von lunaa im Forum Archiv
    Antworten: 4
    Letzter Beitrag: 15.10.2012, 02:14
  3. Neue Version des BKA Trojaners?
    Von CrazyMatze im Forum Gelöst / Rechner bereinigt
    Antworten: 5
    Letzter Beitrag: 18.08.2012, 00:51
  4. Version das BKA-Trojaners?
    Von khf im Forum Unvollständig / Fehlendes Feedback
    Antworten: 11
    Letzter Beitrag: 22.03.2012, 01:36

Lesezeichen

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •  
G Data
forum.botfrei.de wird überprüft von der Initiative-S