Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Weiterleitung auf Werbewebsites und Werbefenster unten rechts (https://www.trojaner-board.de/120258-weiterleitung-werbewebsites-werbefenster-unten-rechts.html)

derpate030 24.07.2012 11:45
Weiterleitung auf Werbewebsites und Werbefenster unten rechts
 
Guten Tag,

nach meiner letzte Infektion http://www.trojaner-board.de/search....archid=2237523 hatte ich damals schon einige Probleme, aber aus Zeitgründen, schaffe ich es erst jetzt wieder bei euch reinzuschauen.

Problem: Ich suche bzw. besuche diverse Websites z.b. eure, fitnessartikel etc.

Es erscheint unten rechts laufend ein Werbefenster und der hinweis, "site moved" und ab geht es auf eine Werbeseite. Es ist ziemlich nervig, laufend wieder zurück zu klicken. Gelesen habe ich hier schon, dass es viele betroffen hat. Ich bitte um Hilfe.
Anbei die Zipp der Gamer und Extra Log
Code:
OTL logfile created on: 24.07.2012 11:53:03 - Run 1
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Dokumente und Einstellungen\Mona\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 77,34% Memory free
4,59 Gb Paging File | 3,90 Gb Available in Paging File | 85,04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 29,45 Gb Free Space | 60,32% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 48,57 Gb Free Space | 99,47% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 45,73 Gb Free Space | 93,66% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 48,53 Gb Free Space | 99,38% Space Free | Partition Type: NTFS
Drive G: | 37,57 Gb Total Space | 37,22 Gb Free Space | 99,09% Space Free | Partition Type: NTFS
 
Computer Name: RAMONA-59694EC3 | User Name: Mona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.24 11:45:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mona\Desktop\OTL.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.09 18:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
PRC - [2004.12.16 02:04:00 | 000,229,376 | ---- | M] (AVM Berlin) -- C:\Programme\ComCenter\IWatch.exe
PRC - [2004.03.18 16:55:48 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.24 11:41:43 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_353dc67e\system.drawing.dll
MOD - [2012.07.24 11:41:38 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_956ddfae\system.windows.forms.dll
MOD - [2012.07.24 11:41:28 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012.01.21 21:29:43 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a62a07d9\mscorlib.dll
MOD - [2012.01.21 21:29:35 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_6241af2d\system.xml.dll
MOD - [2012.01.21 21:29:20 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_e0055f98\system.dll
MOD - [2012.01.21 21:29:10 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012.01.21 21:29:09 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.07.07 23:39:06 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2008.07.07 23:39:06 | 000,006,144 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_de_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2008.07.07 23:39:02 | 000,614,400 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2008.07.07 23:39:02 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz.resources\3.0.0.0_de_a53cf5803f4c3827\hpqietpz.resources.dll
MOD - [2008.07.07 23:38:39 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2008.07.07 23:38:39 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_de_a53cf5803f4c3827\hpqisrtb.resources.dll
MOD - [2008.07.07 23:38:20 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2008.07.07 23:38:20 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889f53ea9b907\lead.drawing.dll
MOD - [2008.07.07 23:38:20 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b907\lead.dll
MOD - [2008.07.07 23:38:20 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.66__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2008.07.07 23:38:19 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2008.07.07 23:38:19 | 000,241,664 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_de_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2008.07.07 23:38:19 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2008.07.07 23:38:19 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2008.07.07 23:38:19 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2008.07.07 23:38:19 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2008.07.07 23:38:19 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2008.07.07 23:38:19 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2008.07.07 23:38:19 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2008.07.07 23:38:19 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_de_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2008.07.07 23:37:22 | 000,557,056 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2008.07.07 23:37:22 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2008.07.07 23:37:22 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2008.07.07 23:37:22 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2008.07.07 23:37:22 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2008.07.07 23:37:22 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2008.07.04 10:14:49 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008.07.04 10:13:52 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.11.08 23:52:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.07.19 08:50:58 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.12 10:37:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2007.01.09 18:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2004.03.18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.06.19 02:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.06.14 20:39:26 | 000,369,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120722.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012.05.31 10:27:21 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.05.31 10:27:21 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.05.16 10:12:22 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120723.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.05.16 10:12:22 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120723.034\NAVENG.SYS -- (NAVENG)
DRV - [2011.05.11 15:02:17 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.04.21 03:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symtdi.sys -- (SYMTDI)
DRV - [2011.03.31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011.03.31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011.03.15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011.01.27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011.01.27 07:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010.08.27 13:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.04.14 03:49:03 | 000,188,800 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007.03.06 06:27:32 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.03.06 06:27:28 | 000,058,752 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007.03.01 11:27:26 | 004,484,608 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.02.16 02:50:32 | 000,012,032 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.10.04 10:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.11.29 02:00:00 | 000,547,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (FXUSBASE)
DRV - [2004.11.29 02:00:00 | 000,053,248 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E B9 D6 C2 33 3E CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://silberbarren-discount.de/kurse/|hxxp://my.ebay.de/ws/eBayISAPI.dll?MyEbay&gbh=1"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012.02.11 09:23:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_10_1 [2012.07.24 11:51:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.19 08:50:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2012.05.14 19:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mona\Anwendungsdaten\Mozilla\Extensions
[2012.05.15 19:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mona\Anwendungsdaten\Mozilla\Firefox\Profiles\igehltor.default\extensions
[2012.07.24 11:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.24 11:36:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.19 08:50:59 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.11 12:10:04 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ISDNWatch.lnk = C:\Programme\ComCenter\IWatch.exe (AVM Berlin)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1222251871 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85E2BA84-C660-4113-BE28-195EC46D23F5}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.04 09:58:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.24 11:51:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mona\Desktop\logs
[2012.07.24 11:45:38 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mona\Desktop\OTL.exe
[7 C:\Dokumente und Einstellungen\Mona\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Mona\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.24 11:51:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.24 11:51:10 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.24 11:48:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.24 11:48:26 | 000,459,532 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.24 11:48:26 | 000,441,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.24 11:48:26 | 000,084,914 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.24 11:48:26 | 000,071,632 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.24 11:46:53 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Mona\Desktop\2imjuxr1.exe
[2012.07.24 11:46:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.24 11:45:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mona\Desktop\OTL.exe
[2012.07.24 11:41:55 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FA517E7C-586C-47AD-B8A2-3E13E5BA824F}.job
[2012.07.24 11:37:20 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.23 10:55:11 | 000,002,982 | ---- | M] () -- C:\Dokumente und Einstellungen\Mona\Eigene Dateien\cc_20120723_105506.reg
[2012.07.17 17:45:23 | 000,002,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Mona\Desktop\Microsoft Word.lnk
[7 C:\Dokumente und Einstellungen\Mona\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Mona\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.24 11:46:52 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Mona\Desktop\2imjuxr1.exe
[2012.07.23 10:55:08 | 000,002,982 | ---- | C] () -- C:\Dokumente und Einstellungen\Mona\Eigene Dateien\cc_20120723_105506.reg
[2012.05.14 19:38:18 | 000,120,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.12 02:45:26 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Mona\defogger_reenable
[2012.05.11 12:27:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.06.07 18:00:36 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.03.04 11:45:55 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Mona\Anwendungsdaten\winscp.rnd
[2011.03.04 11:43:22 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Mona\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2011.02.27 19:45:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010.11.20 16:00:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.10.27 11:38:58 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Mona\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.10.27 11:33:56 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2008.09.29 18:09:27 | 000,030,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Mona\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.04 10:14:28 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Mona\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== LOP Check ==========
 
[2011.06.07 18:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.03.27 11:08:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Eumex 400
[2010.03.27 10:59:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch
[2008.07.07 22:41:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2009.09.30 22:26:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings
[2009.03.10 20:09:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2009.03.10 18:45:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online_ZusatzSoftware
[2011.06.07 18:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mona\Anwendungsdaten\Canneverbe Limited
[2010.03.27 10:59:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mona\Anwendungsdaten\ComCenter
[2010.03.27 11:09:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mona\Anwendungsdaten\Eumex 400
[2009.03.10 20:09:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mona\Anwendungsdaten\T-Online
[2012.07.24 11:41:55 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FA517E7C-586C-47AD-B8A2-3E13E5BA824F}.job
 
========== Purity Check ==========
 
 

< End of report >

Danke

markusg 24.07.2012 17:23
hi
tritt das problem bei allen browsern auf? falls nein, bei welchen?

derpate030 24.07.2012 17:40
Hi,
Ja tritt bei beiden Browsern auf. Firefox und Explorer.
Gruß

Guten Morgen,

was mir aufgefallen ist, die Weiterleitung erfolgt auf Websites die in etwa ähnlich dem eigentlichen Thema ist was ich suche bzw. besuche.

Beispiel:
Habe mich gerade hier eingeloggt mit derpate030, und schon kam ein Werbefenster rechts unten mit derpate030:-(


Viele Grüße

markusg 25.07.2012 17:10
hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

derpate030 26.07.2012 07:54
Guten Morgen,

es wurde was gefunden, alles auf "skip". Bitte um was genau handelt es sich bei den daten? An diesem Rechner wird viel über Banking gearbeitet!

Code:
08:50:05.0859 2876        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
08:50:07.0578 2876        ============================================================
08:50:07.0578 2876        Current date / time: 2012/07/26 08:50:07.0578
08:50:07.0578 2876        SystemInfo:
08:50:07.0578 2876       
08:50:07.0578 2876        OS Version: 5.1.2600 ServicePack: 3.0
08:50:07.0578 2876        Product type: Workstation
08:50:07.0578 2876        ComputerName: RAMONA-59694EC3
08:50:07.0578 2876        UserName: Mona
08:50:07.0578 2876        Windows directory: C:\WINDOWS
08:50:07.0578 2876        System windows directory: C:\WINDOWS
08:50:07.0578 2876        Processor architecture: Intel x86
08:50:07.0578 2876        Number of processors: 1
08:50:07.0578 2876        Page size: 0x1000
08:50:07.0578 2876        Boot type: Normal boot
08:50:07.0578 2876        ============================================================
08:50:09.0703 2876        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:50:09.0703 2876        ============================================================
08:50:09.0703 2876        \Device\Harddisk0\DR0:
08:50:09.0718 2876        MBR partitions:
08:50:09.0718 2876        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
08:50:09.0718 2876        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0x61A7927
08:50:09.0750 2876        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x61A7927
08:50:09.0796 2876        \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F6C71, BlocksNum 0x61A7927
08:50:09.0812 2876        \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0x4B220E9
08:50:09.0812 2876        ============================================================
08:50:09.0843 2876        C: <-> \Device\Harddisk0\DR0\Partition0
08:50:10.0671 2876        D: <-> \Device\Harddisk0\DR0\Partition1
08:50:10.0859 2876        E: <-> \Device\Harddisk0\DR0\Partition2
08:50:10.0921 2876        F: <-> \Device\Harddisk0\DR0\Partition3
08:50:16.0203 2876        G: <-> \Device\Harddisk0\DR0\Partition4
08:50:16.0203 2876        ============================================================
08:50:16.0203 2876        Initialize success
08:50:16.0203 2876        ============================================================
08:51:02.0281 4004        ============================================================
08:51:02.0281 4004        Scan started
08:51:02.0281 4004        Mode: Manual; SigCheck; TDLFS;
08:51:02.0281 4004        ============================================================
08:51:02.0781 4004        Abiosdsk - ok
08:51:02.0796 4004        abp480n5 - ok
08:51:02.0843 4004        ACPI            (95cdd68b6dca09f581b043734854c87d) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:51:02.0843 4004        Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: 95cdd68b6dca09f581b043734854c87d, Fake md5: ac407f1a62c3a300b4f2b5a9f1d55b2c
08:51:02.0843 4004        ACPI ( Virus.Win32.Rloader.a ) - infected
08:51:02.0843 4004        ACPI - detected Virus.Win32.Rloader.a (0)
08:51:02.0875 4004        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:51:04.0265 4004        ACPIEC - ok
08:51:04.0343 4004        AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:51:04.0359 4004        AdobeFlashPlayerUpdateSvc - ok
08:51:04.0359 4004        adpu160m - ok
08:51:04.0375 4004        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:51:04.0546 4004        aec - ok
08:51:04.0578 4004        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:51:04.0609 4004        AFD - ok
08:51:04.0625 4004        Aha154x - ok
08:51:04.0640 4004        aic78u2 - ok
08:51:04.0640 4004        aic78xx - ok
08:51:04.0671 4004        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
08:51:04.0796 4004        Alerter - ok
08:51:04.0828 4004        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
08:51:04.0890 4004        ALG - ok
08:51:04.0906 4004        AliIde - ok
08:51:04.0937 4004        AmdK8          (58be3c2f1aa041ea56f7305a6463035c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
08:51:04.0968 4004        AmdK8 - ok
08:51:04.0984 4004        amsint - ok
08:51:05.0031 4004        AppMgmt        (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
08:51:05.0078 4004        AppMgmt - ok
08:51:05.0093 4004        asc - ok
08:51:05.0109 4004        asc3350p - ok
08:51:05.0109 4004        asc3550 - ok
08:51:05.0218 4004        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:51:05.0234 4004        aspnet_state - ok
08:51:05.0281 4004        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:51:05.0375 4004        AsyncMac - ok
08:51:05.0421 4004        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:51:05.0546 4004        atapi - ok
08:51:05.0562 4004        Atdisk - ok
08:51:05.0593 4004        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:51:05.0718 4004        Atmarpc - ok
08:51:05.0750 4004        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
08:51:05.0906 4004        AudioSrv - ok
08:51:05.0937 4004        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:51:06.0046 4004        audstub - ok
08:51:06.0078 4004        AVMCOWAN        (b092b71977cceb0f66fea6773ff23cb3) C:\WINDOWS\system32\DRIVERS\AVMCOWAN.sys
08:51:06.0125 4004        AVMCOWAN - ok
08:51:06.0171 4004        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:51:06.0312 4004        Beep - ok
08:51:06.0437 4004        BHDrvx86        (a9e111a358ac5f7eba7ac61e43fc6725) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
08:51:06.0484 4004        BHDrvx86 - ok
08:51:06.0546 4004        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
08:51:06.0687 4004        BITS - ok
08:51:06.0703 4004        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
08:51:06.0859 4004        Browser - ok
08:51:06.0890 4004        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:51:07.0046 4004        cbidf2k - ok
08:51:07.0046 4004        cd20xrnt - ok
08:51:07.0078 4004        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:51:07.0234 4004        Cdaudio - ok
08:51:07.0265 4004        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:51:07.0421 4004        Cdfs - ok
08:51:07.0437 4004        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:51:07.0609 4004        Cdrom - ok
08:51:07.0609 4004        Changer - ok
08:51:07.0640 4004        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
08:51:07.0796 4004        CiSvc - ok
08:51:07.0812 4004        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
08:51:07.0968 4004        ClipSrv - ok
08:51:08.0046 4004        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:51:08.0093 4004        clr_optimization_v2.0.50727_32 - ok
08:51:08.0093 4004        CmdIde - ok
08:51:08.0109 4004        COMSysApp - ok
08:51:08.0125 4004        Cpqarray - ok
08:51:08.0156 4004        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
08:51:08.0281 4004        CryptSvc - ok
08:51:08.0296 4004        dac2w2k - ok
08:51:08.0296 4004        dac960nt - ok
08:51:08.0359 4004        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
08:51:08.0421 4004        DcomLaunch - ok
08:51:08.0453 4004        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
08:51:08.0578 4004        Dhcp - ok
08:51:08.0609 4004        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:51:08.0750 4004        Disk - ok
08:51:08.0765 4004        dmadmin - ok
08:51:08.0828 4004        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
08:51:08.0984 4004        dmboot - ok
08:51:09.0000 4004        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
08:51:09.0140 4004        dmio - ok
08:51:09.0156 4004        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:51:09.0281 4004        dmload - ok
08:51:09.0312 4004        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
08:51:09.0453 4004        dmserver - ok
08:51:09.0468 4004        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:51:09.0625 4004        DMusic - ok
08:51:09.0656 4004        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
08:51:09.0734 4004        Dnscache - ok
08:51:09.0765 4004        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
08:51:09.0875 4004        Dot3svc - ok
08:51:09.0875 4004        dpti2o - ok
08:51:09.0890 4004        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:51:10.0015 4004        drmkaud - ok
08:51:10.0046 4004        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
08:51:10.0171 4004        EapHost - ok
08:51:10.0265 4004        eeCtrl          (fce87ba643d5e9a8b6e0378508d1b22d) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
08:51:10.0296 4004        eeCtrl - ok
08:51:10.0343 4004        ehRecvr        (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
08:51:10.0421 4004        ehRecvr - ok
08:51:10.0453 4004        ehSched        (e774bf24a6cb798dce67ad1c8e917152) C:\WINDOWS\eHome\ehSched.exe
08:51:10.0515 4004        ehSched - ok
08:51:10.0578 4004        EraserSvc11210  (e78a365cc3e0fbfc018a33dce01909f8) C:\Programme\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
08:51:10.0593 4004        EraserSvc11210 - ok
08:51:10.0625 4004        EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:51:10.0640 4004        EraserUtilRebootDrv - ok
08:51:10.0687 4004        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
08:51:10.0812 4004        ERSvc - ok
08:51:10.0859 4004        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
08:51:10.0875 4004        Eventlog - ok
08:51:10.0921 4004        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
08:51:10.0968 4004        EventSystem - ok
08:51:11.0015 4004        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:51:11.0156 4004        Fastfat - ok
08:51:11.0187 4004        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
08:51:11.0343 4004        FastUserSwitchingCompatibility - ok
08:51:11.0375 4004        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:51:11.0500 4004        Fdc - ok
08:51:11.0546 4004        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
08:51:11.0687 4004        Fips - ok
08:51:11.0703 4004        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:51:11.0859 4004        Flpydisk - ok
08:51:11.0890 4004        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:51:12.0015 4004        FltMgr - ok
08:51:12.0093 4004        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:51:12.0093 4004        FontCache3.0.0.0 - ok
08:51:12.0109 4004        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:51:12.0250 4004        Fs_Rec - ok
08:51:12.0437 4004        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:51:12.0578 4004        Ftdisk - ok
08:51:12.0625 4004        FXUSBASE        (710c2ff58656f478f67363a7038d1ae2) C:\WINDOWS\system32\DRIVERS\fxusbase.sys
08:51:12.0687 4004        FXUSBASE - ok
08:51:12.0718 4004        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:51:12.0828 4004        Gpc - ok
08:51:12.0859 4004        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:51:12.0984 4004        HDAudBus - ok
08:51:13.0031 4004        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:51:13.0156 4004        helpsvc - ok
08:51:13.0171 4004        HidServ - ok
08:51:13.0218 4004        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:51:13.0343 4004        HidUsb - ok
08:51:13.0390 4004        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
08:51:13.0484 4004        hkmsvc - ok
08:51:13.0500 4004        hpn - ok
08:51:13.0531 4004        HPZid412        (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:51:13.0593 4004        HPZid412 - ok
08:51:13.0609 4004        HPZipr12        (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:51:13.0656 4004        HPZipr12 - ok
08:51:13.0687 4004        HPZius12        (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:51:13.0750 4004        HPZius12 - ok
08:51:13.0796 4004        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:51:13.0843 4004        HTTP - ok
08:51:13.0875 4004        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
08:51:13.0968 4004        HTTPFilter - ok
08:51:13.0984 4004        i2omgmt - ok
08:51:13.0984 4004        i2omp - ok
08:51:14.0031 4004        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:51:14.0187 4004        i8042prt - ok
08:51:14.0296 4004        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:51:14.0328 4004        idsvc - ok
08:51:14.0437 4004        IDSxpx86        (eeebf3616db90124c1c57019d39aa9a2) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120724.001\IDSxpx86.sys
08:51:14.0453 4004        IDSxpx86 - ok
08:51:14.0500 4004        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:51:14.0656 4004        Imapi - ok
08:51:14.0687 4004        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
08:51:14.0828 4004        ImapiService - ok
08:51:14.0843 4004        ini910u - ok
08:51:15.0062 4004        IntcAzAudAddService (41ef008d7b089ce6f5f2e4a61d5638e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:51:15.0281 4004        IntcAzAudAddService - ok
08:51:15.0343 4004        IntelIde - ok
08:51:15.0375 4004        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:51:15.0468 4004        Ip6Fw - ok
08:51:15.0500 4004        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:51:15.0671 4004        IpFilterDriver - ok
08:51:15.0687 4004        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:51:15.0843 4004        IpInIp - ok
08:51:15.0859 4004        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:51:15.0968 4004        IpNat - ok
08:51:15.0984 4004        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:51:16.0125 4004        IPSec - ok
08:51:16.0140 4004        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:51:16.0203 4004        IRENUM - ok
08:51:16.0218 4004        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:51:16.0328 4004        isapnp - ok
08:51:16.0437 4004        JavaQuickStarterService (28e8a9984ba1297efe44b6138d2ca51e) C:\Programme\Java\jre6\bin\jqs.exe
08:51:16.0453 4004        JavaQuickStarterService - ok
08:51:16.0484 4004        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:51:16.0625 4004        Kbdclass - ok
08:51:16.0671 4004        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:51:16.0796 4004        kmixer - ok
08:51:16.0828 4004        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:51:16.0859 4004        KSecDD - ok
08:51:16.0890 4004        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
08:51:16.0937 4004        lanmanserver - ok
08:51:16.0968 4004        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
08:51:17.0046 4004        lanmanworkstation - ok
08:51:17.0046 4004        lbrtfdc - ok
08:51:17.0078 4004        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
08:51:17.0187 4004        LmHosts - ok
08:51:17.0234 4004        MACNDIS5        (e949d673842858d458f7e6bcd46a2a5d) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
08:51:17.0234 4004        MACNDIS5 ( UnsignedFile.Multi.Generic ) - warning
08:51:17.0234 4004        MACNDIS5 - detected UnsignedFile.Multi.Generic (1)
08:51:17.0296 4004        McrdSvc        (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe
08:51:17.0312 4004        McrdSvc - ok
08:51:17.0343 4004        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
08:51:17.0500 4004        Messenger - ok
08:51:17.0531 4004        MHN            (ded60230e3019c508769ec3c15bcda44) C:\WINDOWS\System32\mhn.dll
08:51:17.0546 4004        MHN ( UnsignedFile.Multi.Generic ) - warning
08:51:17.0546 4004        MHN - detected UnsignedFile.Multi.Generic (1)
08:51:17.0562 4004        MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
08:51:17.0578 4004        MHNDRV ( UnsignedFile.Multi.Generic ) - warning
08:51:17.0578 4004        MHNDRV - detected UnsignedFile.Multi.Generic (1)
08:51:17.0609 4004        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:51:17.0718 4004        mnmdd - ok
08:51:17.0750 4004        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
08:51:17.0906 4004        mnmsrvc - ok
08:51:17.0968 4004        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
08:51:18.0093 4004        Modem - ok
08:51:18.0171 4004        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:51:18.0296 4004        Mouclass - ok
08:51:18.0328 4004        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:51:18.0453 4004        mouhid - ok
08:51:18.0484 4004        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:51:18.0625 4004        MountMgr - ok
08:51:18.0671 4004        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
08:51:18.0718 4004        MozillaMaintenance - ok
08:51:18.0718 4004        mraid35x - ok
08:51:18.0750 4004        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:51:18.0843 4004        MRxDAV - ok
08:51:18.0890 4004        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:51:18.0953 4004        MRxSmb - ok
08:51:18.0984 4004        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
08:51:19.0109 4004        MSDTC - ok
08:51:19.0140 4004        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:51:19.0234 4004        Msfs - ok
08:51:19.0250 4004        MSIServer - ok
08:51:19.0265 4004        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:51:19.0406 4004        MSKSSRV - ok
08:51:19.0421 4004        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:51:19.0515 4004        MSPCLOCK - ok
08:51:19.0531 4004        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:51:19.0671 4004        MSPQM - ok
08:51:19.0703 4004        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:51:19.0796 4004        mssmbios - ok
08:51:19.0890 4004        MTOnlPktAlyX    (036300114255b3c78bfb616ce8bc7ad9) C:\PROGRA~1\T-Online\T-ONLI~2\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
08:51:19.0890 4004        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning
08:51:19.0890 4004        MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1)
08:51:19.0906 4004        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:51:19.0937 4004        Mup - ok
08:51:19.0984 4004        MZCCntrl        (5f9ba398f88fc8928ea6dbd5d144cfca) C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
08:51:20.0000 4004        MZCCntrl ( UnsignedFile.Multi.Generic ) - warning
08:51:20.0000 4004        MZCCntrl - detected UnsignedFile.Multi.Generic (1)
08:51:20.0046 4004        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
08:51:20.0140 4004        napagent - ok
08:51:20.0234 4004        NAVENG          (f11033730b38260b6892e837c457fb4b) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120724.033\NAVENG.SYS
08:51:20.0250 4004        NAVENG - ok
08:51:20.0328 4004        NAVEX15        (4e4e7c0259d3bb97de24a636c0e06aba) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120724.033\NAVEX15.SYS
08:51:20.0390 4004        NAVEX15 - ok
08:51:20.0500 4004        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:51:20.0609 4004        NDIS - ok
08:51:20.0640 4004        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:51:20.0687 4004        NdisTapi - ok
08:51:20.0718 4004        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:51:20.0843 4004        Ndisuio - ok
08:51:20.0859 4004        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:51:20.0968 4004        NdisWan - ok
08:51:20.0984 4004        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:51:21.0046 4004        NDProxy - ok
08:51:21.0062 4004        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:51:21.0187 4004        NetBIOS - ok
08:51:21.0218 4004        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:51:21.0343 4004        NetBT - ok
08:51:21.0375 4004        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
08:51:21.0484 4004        NetDDE - ok
08:51:21.0484 4004        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
08:51:21.0609 4004        NetDDEdsdm - ok
08:51:21.0640 4004        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:51:21.0734 4004        Netlogon - ok
08:51:21.0765 4004        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
08:51:21.0875 4004        Netman - ok
08:51:21.0953 4004        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:51:21.0968 4004        NetTcpPortSharing - ok
08:51:22.0078 4004        NIS            (e78a365cc3e0fbfc018a33dce01909f8) C:\Programme\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
08:51:22.0078 4004        NIS - ok
08:51:22.0125 4004        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
08:51:22.0140 4004        Nla - ok
08:51:22.0171 4004        nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
08:51:22.0281 4004        nm - ok
08:51:22.0312 4004        NMSAccess      (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Programme\CDBurnerXP\NMSAccessU.exe
08:51:22.0328 4004        NMSAccess - ok
08:51:22.0343 4004        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:51:22.0453 4004        Npfs - ok
08:51:22.0500 4004        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:51:22.0640 4004        Ntfs - ok
08:51:22.0671 4004        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:51:22.0781 4004        NtLmSsp - ok
08:51:22.0812 4004        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
08:51:22.0968 4004        NtmsSvc - ok
08:51:22.0984 4004        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:51:23.0093 4004        Null - ok
08:51:23.0421 4004        nv              (430f3783943c61b1cd7010fe84df3674) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:51:23.0687 4004        nv - ok
08:51:23.0781 4004        NVENETFD        (d875346596bd48d74ac9b9be791b8d69) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
08:51:23.0828 4004        NVENETFD - ok
08:51:23.0843 4004        nvnetbus        (f02c1c5e84c37667ecd3eea5958449bc) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
08:51:23.0890 4004        nvnetbus - ok
08:51:23.0921 4004        nvsmu          (9aebc32f9d6e02ebee0369ab296fe7c8) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
08:51:23.0953 4004        nvsmu - ok
08:51:23.0984 4004        NVSvc          (b9e3304492d817b2d5bc0ffd18f18512) C:\WINDOWS\system32\nvsvc32.exe
08:51:24.0015 4004        NVSvc - ok
08:51:24.0046 4004        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:51:24.0140 4004        NwlnkFlt - ok
08:51:24.0171 4004        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:51:24.0312 4004        NwlnkFwd - ok
08:51:24.0343 4004        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
08:51:24.0484 4004        Parport - ok
08:51:24.0500 4004        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:51:24.0640 4004        PartMgr - ok
08:51:24.0687 4004        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
08:51:24.0796 4004        ParVdm - ok
08:51:24.0812 4004        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
08:51:24.0921 4004        PCI - ok
08:51:24.0937 4004        PCIDump - ok
08:51:24.0953 4004        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:51:25.0046 4004        PCIIde - ok
08:51:25.0078 4004        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:51:25.0187 4004        Pcmcia - ok
08:51:25.0203 4004        PDCOMP - ok
08:51:25.0203 4004        PDFRAME - ok
08:51:25.0218 4004        PDRELI - ok
08:51:25.0218 4004        PDRFRAME - ok
08:51:25.0234 4004        perc2 - ok
08:51:25.0234 4004        perc2hib - ok
08:51:25.0296 4004        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
08:51:25.0328 4004        PlugPlay - ok
08:51:25.0359 4004        Pml Driver HPZ12 (901c43516504cbe582e4c4193e00876a) C:\WINDOWS\system32\HPZipm12.exe
08:51:25.0359 4004        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:51:25.0359 4004        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:51:25.0390 4004        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:51:25.0484 4004        PolicyAgent - ok
08:51:25.0500 4004        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:51:25.0625 4004        PptpMiniport - ok
08:51:25.0656 4004        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
08:51:25.0765 4004        Processor - ok
08:51:25.0765 4004        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:51:25.0875 4004        ProtectedStorage - ok
08:51:25.0890 4004        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:51:25.0984 4004        PSched - ok
08:51:26.0000 4004        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:51:26.0109 4004        Ptilink - ok
08:51:26.0125 4004        PxHelp20        (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:51:26.0140 4004        PxHelp20 - ok
08:51:26.0156 4004        ql1080 - ok
08:51:26.0171 4004        Ql10wnt - ok
08:51:26.0171 4004        ql12160 - ok
08:51:26.0187 4004        ql1240 - ok
08:51:26.0187 4004        ql1280 - ok
08:51:26.0218 4004        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:51:26.0312 4004        RasAcd - ok
08:51:26.0343 4004        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
08:51:26.0453 4004        RasAuto - ok
08:51:26.0484 4004        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:51:26.0609 4004        Rasl2tp - ok
08:51:26.0656 4004        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
08:51:26.0765 4004        RasMan - ok
08:51:26.0781 4004        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:51:26.0875 4004        RasPppoe - ok
08:51:26.0890 4004        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:51:27.0031 4004        Raspti - ok
08:51:27.0046 4004        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:51:27.0171 4004        Rdbss - ok
08:51:27.0203 4004        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:51:27.0312 4004        RDPCDD - ok
08:51:27.0328 4004        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:51:27.0453 4004        rdpdr - ok
08:51:27.0484 4004        RDPWD          (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
08:51:27.0531 4004        RDPWD - ok
08:51:27.0578 4004        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
08:51:27.0687 4004        RDSessMgr - ok
08:51:27.0718 4004        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:51:27.0828 4004        redbook - ok
08:51:27.0859 4004        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
08:51:27.0984 4004        RemoteAccess - ok
08:51:28.0046 4004        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
08:51:28.0140 4004        RemoteRegistry - ok
08:51:28.0171 4004        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
08:51:28.0281 4004        RpcLocator - ok
08:51:28.0406 4004        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
08:51:28.0468 4004        RpcSs - ok
08:51:28.0515 4004        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
08:51:28.0609 4004        RSVP - ok
08:51:28.0625 4004        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:51:28.0734 4004        SamSs - ok
08:51:28.0765 4004        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
08:51:28.0875 4004        SCardSvr - ok
08:51:28.0906 4004        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
08:51:29.0046 4004        Schedule - ok
08:51:29.0062 4004        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:51:29.0109 4004        Secdrv - ok
08:51:29.0140 4004        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
08:51:29.0250 4004        seclogon - ok
08:51:29.0265 4004        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
08:51:29.0390 4004        SENS - ok
08:51:29.0421 4004        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
08:51:29.0531 4004        Serial - ok
08:51:29.0562 4004        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:51:29.0671 4004        Sfloppy - ok
08:51:29.0687 4004        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
08:51:29.0796 4004        SharedAccess - ok
08:51:29.0828 4004        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
08:51:29.0859 4004        ShellHWDetection - ok
08:51:29.0859 4004        Simbad - ok
08:51:29.0875 4004        Sparrow - ok
08:51:29.0906 4004        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:51:30.0015 4004        splitter - ok
08:51:30.0046 4004        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:51:30.0109 4004        Spooler - ok
08:51:30.0125 4004        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
08:51:30.0203 4004        sr - ok
08:51:30.0218 4004        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
08:51:30.0296 4004        srservice - ok
08:51:30.0359 4004        SRTSP          (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NIS\1207020.003\SRTSP.SYS
08:51:30.0390 4004        SRTSP - ok
08:51:30.0406 4004        SRTSPX          (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1207020.003\SRTSPX.SYS
08:51:30.0406 4004        SRTSPX - ok
08:51:30.0453 4004        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:51:30.0515 4004        Srv - ok
08:51:30.0531 4004        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
08:51:30.0593 4004        SSDPSRV - ok
08:51:30.0609 4004        StarOpen        (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
08:51:30.0625 4004        StarOpen ( UnsignedFile.Multi.Generic ) - warning
08:51:30.0625 4004        StarOpen - detected UnsignedFile.Multi.Generic (1)
08:51:30.0656 4004        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
08:51:30.0750 4004        stisvc - ok
08:51:30.0781 4004        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:51:30.0890 4004        swenum - ok
08:51:30.0906 4004        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:51:31.0046 4004        swmidi - ok
08:51:31.0046 4004        SwPrv - ok
08:51:31.0062 4004        symc810 - ok
08:51:31.0078 4004        symc8xx - ok
08:51:31.0078 4004        SYMDNS - ok
08:51:31.0109 4004        SymDS          (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1207020.003\SYMDS.SYS
08:51:31.0140 4004        SymDS - ok
08:51:31.0187 4004        SymEFA          (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1207020.003\SYMEFA.SYS
08:51:31.0234 4004        SymEFA - ok
08:51:31.0265 4004        SymEvent        (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
08:51:31.0281 4004        SymEvent - ok
08:51:31.0281 4004        SYMFW - ok
08:51:31.0296 4004        SYMIDS - ok
08:51:31.0328 4004        SymIRON        (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1207020.003\Ironx86.SYS
08:51:31.0343 4004        SymIRON - ok
08:51:31.0343 4004        SYMNDIS - ok
08:51:31.0359 4004        SYMREDRV - ok
08:51:31.0390 4004        SYMTDI          (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\NIS\1207020.003\SYMTDI.SYS
08:51:31.0406 4004        SYMTDI - ok
08:51:31.0406 4004        sym_hi - ok
08:51:31.0421 4004        sym_u3 - ok
08:51:31.0453 4004        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:51:31.0546 4004        sysaudio - ok
08:51:31.0562 4004        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
08:51:31.0687 4004        SysmonLog - ok
08:51:31.0718 4004        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
08:51:31.0828 4004        TapiSrv - ok
08:51:31.0859 4004        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:51:31.0906 4004        Tcpip - ok
08:51:31.0937 4004        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:51:32.0062 4004        TDPIPE - ok
08:51:32.0078 4004        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:51:32.0171 4004        TDTCP - ok
08:51:32.0187 4004        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:51:32.0296 4004        TermDD - ok
08:51:32.0328 4004        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
08:51:32.0437 4004        TermService - ok
08:51:32.0484 4004        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
08:51:32.0500 4004        Themes - ok
08:51:32.0531 4004        TlntSvr        (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
08:51:32.0625 4004        TlntSvr - ok
08:51:32.0625 4004        TosIde - ok
08:51:32.0656 4004        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
08:51:32.0750 4004        TrkWks - ok
08:51:32.0781 4004        tunmp          (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
08:51:32.0890 4004        tunmp - ok
08:51:32.0906 4004        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:51:33.0046 4004        Udfs - ok
08:51:33.0046 4004        ultra - ok
08:51:33.0093 4004        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:51:33.0203 4004        Update - ok
08:51:33.0218 4004        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
08:51:33.0281 4004        upnphost - ok
08:51:33.0296 4004        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
08:51:33.0406 4004        UPS - ok
08:51:33.0437 4004        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:51:33.0546 4004        usbccgp - ok
08:51:33.0562 4004        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:51:33.0656 4004        usbehci - ok
08:51:33.0671 4004        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:51:33.0765 4004        usbhub - ok
08:51:33.0781 4004        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:51:33.0890 4004        usbohci - ok
08:51:33.0921 4004        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:51:34.0015 4004        usbprint - ok
08:51:34.0046 4004        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:51:34.0156 4004        usbscan - ok
08:51:34.0156 4004        usbstor        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:51:34.0250 4004        usbstor - ok
08:51:34.0281 4004        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:51:34.0390 4004        VgaSave - ok
08:51:34.0390 4004        ViaIde - ok
08:51:34.0421 4004        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
08:51:34.0515 4004        VolSnap - ok
08:51:34.0546 4004        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
08:51:34.0609 4004        VSS - ok
08:51:34.0640 4004        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
08:51:34.0750 4004        W32Time - ok
08:51:34.0765 4004        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:51:34.0906 4004        Wanarp - ok
08:51:34.0906 4004        WDICA - ok
08:51:34.0937 4004        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:51:35.0046 4004        wdmaud - ok
08:51:35.0078 4004        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
08:51:35.0203 4004        WebClient - ok
08:51:35.0265 4004        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:51:35.0359 4004        winmgmt - ok
08:51:35.0406 4004        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:51:35.0484 4004        WmdmPmSN - ok
08:51:35.0531 4004        Wmi            (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
08:51:35.0562 4004        Wmi - ok
08:51:35.0593 4004        WmiAcpi        (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:51:35.0718 4004        WmiAcpi - ok
08:51:35.0750 4004        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:51:35.0859 4004        WmiApSrv - ok
08:51:35.0984 4004        WMPNetworkSvc  (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
08:51:36.0031 4004        WMPNetworkSvc - ok
08:51:36.0062 4004        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
08:51:36.0187 4004        wscsvc - ok
08:51:36.0218 4004        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
08:51:36.0328 4004        wuauserv - ok
08:51:36.0359 4004        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:51:36.0421 4004        WudfPf - ok
08:51:36.0437 4004        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:51:36.0453 4004        WudfRd - ok
08:51:36.0468 4004        WudfSvc        (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:51:36.0500 4004        WudfSvc - ok
08:51:36.0531 4004        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
08:51:36.0640 4004        WZCSVC - ok
08:51:36.0656 4004        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
08:51:36.0781 4004        xmlprov - ok
08:51:36.0796 4004        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
08:51:37.0234 4004        \Device\Harddisk0\DR0 - ok
08:51:37.0250 4004        Boot (0x1200)  (12eac14394eece3158b9c5c34ed5a506) \Device\Harddisk0\DR0\Partition0
08:51:37.0250 4004        \Device\Harddisk0\DR0\Partition0 - ok
08:51:37.0250 4004        Boot (0x1200)  (d7c8c3545ece020414a65f45084bdfd4) \Device\Harddisk0\DR0\Partition1
08:51:37.0250 4004        \Device\Harddisk0\DR0\Partition1 - ok
08:51:37.0281 4004        Boot (0x1200)  (6df634aaba57795d4091e4c4b449d714) \Device\Harddisk0\DR0\Partition2
08:51:37.0281 4004        \Device\Harddisk0\DR0\Partition2 - ok
08:51:37.0296 4004        Boot (0x1200)  (557436e1fb6f5ec5b25f6a2621727fbc) \Device\Harddisk0\DR0\Partition3
08:51:37.0296 4004        \Device\Harddisk0\DR0\Partition3 - ok
08:51:37.0328 4004        Boot (0x1200)  (27715ffbe678a0ee72678a44f9bfdca2) \Device\Harddisk0\DR0\Partition4
08:51:37.0328 4004        \Device\Harddisk0\DR0\Partition4 - ok
08:51:37.0328 4004        ============================================================
08:51:37.0328 4004        Scan finished
08:51:37.0328 4004        ============================================================
08:51:37.0437 2144        Detected object count: 8
08:51:37.0437 2144        Actual detected object count: 8
08:52:03.0765 2144        ACPI ( Virus.Win32.Rloader.a ) - skipped by user
08:52:03.0765 2144        ACPI ( Virus.Win32.Rloader.a ) - User select action: Skip
08:52:03.0765 2144        MACNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
08:52:03.0765 2144        MACNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:52:03.0781 2144        MHN ( UnsignedFile.Multi.Generic ) - skipped by user
08:52:03.0781 2144        MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:52:03.0781 2144        MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
08:52:03.0781 2144        MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:52:03.0781 2144        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - skipped by user
08:52:03.0781 2144        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:52:03.0781 2144        MZCCntrl ( UnsignedFile.Multi.Generic ) - skipped by user
08:52:03.0781 2144        MZCCntrl ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:52:03.0781 2144        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:52:03.0781 2144        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:52:03.0781 2144        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
08:52:03.0781 2144        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 26.07.2012 17:24
ok
08:52:03.0765 2144 ACPI ( Virus.Win32.Rloader.a ) - skipped by user
das auf restore

derpate030 26.07.2012 19:55
Hi,
meinst du die Funktion "Cure" ein restore gibt es dort nicht oder Quarantäne?
Nur die Datei. Log wieder posten?

Hi,
also habe gestern die Datei in die Quarantäne geschoben und nach dem Neustart einen erneuten Scan durchgeführt. Die Datei wurde nicht mehr gefunden. Ist das damit erledigt? Was genau war das für ein Tool?

Viele Grüße

Code:
3:29:00.0390 3836        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:29:00.0812 3836        ============================================================
13:29:00.0812 3836        Current date / time: 2012/07/27 13:29:00.0812
13:29:00.0812 3836        SystemInfo:
13:29:00.0812 3836       
13:29:00.0812 3836        OS Version: 5.1.2600 ServicePack: 3.0
13:29:00.0812 3836        Product type: Workstation
13:29:00.0812 3836        ComputerName: RAMONA-59694EC3
13:29:00.0812 3836        UserName: Mona
13:29:00.0812 3836        Windows directory: C:\WINDOWS
13:29:00.0812 3836        System windows directory: C:\WINDOWS
13:29:00.0812 3836        Processor architecture: Intel x86
13:29:00.0812 3836        Number of processors: 1
13:29:00.0812 3836        Page size: 0x1000
13:29:00.0812 3836        Boot type: Normal boot
13:29:00.0812 3836        ============================================================
13:29:02.0609 3836        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:29:02.0625 3836        ============================================================
13:29:02.0625 3836        \Device\Harddisk0\DR0:
13:29:02.0625 3836        MBR partitions:
13:29:02.0625 3836        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
13:29:02.0640 3836        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0x61A7927
13:29:02.0656 3836        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x61A7927
13:29:02.0671 3836        \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F6C71, BlocksNum 0x61A7927
13:29:02.0687 3836        \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0x4B220E9
13:29:02.0687 3836        ============================================================
13:29:02.0718 3836        C: <-> \Device\Harddisk0\DR0\Partition0
13:29:02.0828 3836        D: <-> \Device\Harddisk0\DR0\Partition1
13:29:02.0890 3836        E: <-> \Device\Harddisk0\DR0\Partition2
13:29:02.0921 3836        F: <-> \Device\Harddisk0\DR0\Partition3
13:29:03.0187 3836        G: <-> \Device\Harddisk0\DR0\Partition4
13:29:03.0187 3836        ============================================================
13:29:03.0187 3836        Initialize success
13:29:03.0187 3836        ============================================================
13:29:23.0156 2796        ============================================================
13:29:23.0156 2796        Scan started
13:29:23.0156 2796        Mode: Manual; SigCheck; TDLFS;
13:29:23.0156 2796        ============================================================
13:29:24.0000 2796        Abiosdsk - ok
13:29:24.0015 2796        abp480n5 - ok
13:29:24.0062 2796        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:29:24.0718 2796        ACPI - ok
13:29:24.0734 2796        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:29:24.0859 2796        ACPIEC - ok
13:29:24.0953 2796        AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:29:24.0968 2796        AdobeFlashPlayerUpdateSvc - ok
13:29:24.0968 2796        adpu160m - ok
13:29:25.0000 2796        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:29:25.0125 2796        aec - ok
13:29:25.0171 2796        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:29:25.0187 2796        AFD - ok
13:29:25.0203 2796        Aha154x - ok
13:29:25.0203 2796        aic78u2 - ok
13:29:25.0218 2796        aic78xx - ok
13:29:25.0250 2796        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
13:29:25.0375 2796        Alerter - ok
13:29:25.0406 2796        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
13:29:25.0468 2796        ALG - ok
13:29:25.0484 2796        AliIde - ok
13:29:25.0515 2796        AmdK8          (58be3c2f1aa041ea56f7305a6463035c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
13:29:25.0515 2796        AmdK8 - ok
13:29:25.0531 2796        amsint - ok
13:29:25.0578 2796        AppMgmt        (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
13:29:25.0640 2796        AppMgmt - ok
13:29:25.0640 2796        asc - ok
13:29:25.0656 2796        asc3350p - ok
13:29:25.0656 2796        asc3550 - ok
13:29:25.0765 2796        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:29:25.0781 2796        aspnet_state - ok
13:29:25.0812 2796        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:29:25.0921 2796        AsyncMac - ok
13:29:25.0937 2796        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:29:26.0078 2796        atapi - ok
13:29:26.0093 2796        Atdisk - ok
13:29:26.0125 2796        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:29:26.0250 2796        Atmarpc - ok
13:29:26.0265 2796        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
13:29:26.0421 2796        AudioSrv - ok
13:29:26.0453 2796        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:29:26.0578 2796        audstub - ok
13:29:26.0609 2796        AVMCOWAN        (b092b71977cceb0f66fea6773ff23cb3) C:\WINDOWS\system32\DRIVERS\AVMCOWAN.sys
13:29:26.0656 2796        AVMCOWAN - ok
13:29:26.0687 2796        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:29:26.0812 2796        Beep - ok
13:29:26.0968 2796        BHDrvx86        (a9e111a358ac5f7eba7ac61e43fc6725) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
13:29:27.0031 2796        BHDrvx86 - ok
13:29:27.0062 2796        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
13:29:27.0218 2796        BITS - ok
13:29:27.0250 2796        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
13:29:27.0390 2796        Browser - ok
13:29:27.0437 2796        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:29:27.0593 2796        cbidf2k - ok
13:29:27.0609 2796        cd20xrnt - ok
13:29:27.0640 2796        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:29:27.0796 2796        Cdaudio - ok
13:29:27.0828 2796        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:29:28.0015 2796        Cdfs - ok
13:29:28.0031 2796        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:29:28.0171 2796        Cdrom - ok
13:29:28.0187 2796        Changer - ok
13:29:28.0203 2796        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
13:29:28.0359 2796        CiSvc - ok
13:29:28.0390 2796        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
13:29:28.0531 2796        ClipSrv - ok
13:29:28.0625 2796        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:29:28.0640 2796        clr_optimization_v2.0.50727_32 - ok
13:29:28.0656 2796        CmdIde - ok
13:29:28.0656 2796        COMSysApp - ok
13:29:28.0671 2796        Cpqarray - ok
13:29:28.0703 2796        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
13:29:28.0843 2796        CryptSvc - ok
13:29:28.0859 2796        dac2w2k - ok
13:29:28.0859 2796        dac960nt - ok
13:29:28.0921 2796        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
13:29:28.0937 2796        DcomLaunch - ok
13:29:29.0000 2796        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
13:29:29.0125 2796        Dhcp - ok
13:29:29.0140 2796        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:29:29.0312 2796        Disk - ok
13:29:29.0312 2796        dmadmin - ok
13:29:29.0375 2796        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:29:29.0531 2796        dmboot - ok
13:29:29.0546 2796        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:29:29.0687 2796        dmio - ok
13:29:29.0687 2796        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:29:29.0828 2796        dmload - ok
13:29:29.0843 2796        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
13:29:29.0984 2796        dmserver - ok
13:29:30.0031 2796        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:29:30.0171 2796        DMusic - ok
13:29:30.0187 2796        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
13:29:30.0203 2796        Dnscache - ok
13:29:30.0234 2796        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
13:29:30.0343 2796        Dot3svc - ok
13:29:30.0359 2796        dpti2o - ok
13:29:30.0375 2796        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:29:30.0515 2796        drmkaud - ok
13:29:30.0546 2796        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
13:29:30.0687 2796        EapHost - ok
13:29:30.0781 2796        eeCtrl          (fce87ba643d5e9a8b6e0378508d1b22d) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
13:29:30.0796 2796        eeCtrl - ok
13:29:30.0843 2796        ehRecvr        (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
13:29:30.0859 2796        ehRecvr - ok
13:29:30.0875 2796        ehSched        (e774bf24a6cb798dce67ad1c8e917152) C:\WINDOWS\eHome\ehSched.exe
13:29:30.0906 2796        ehSched - ok
13:29:30.0953 2796        EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:29:30.0953 2796        EraserUtilRebootDrv - ok
13:29:31.0000 2796        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
13:29:31.0156 2796        ERSvc - ok
13:29:31.0187 2796        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:29:31.0218 2796        Eventlog - ok
13:29:31.0250 2796        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
13:29:31.0281 2796        EventSystem - ok
13:29:31.0328 2796        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:29:31.0453 2796        Fastfat - ok
13:29:31.0484 2796        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:29:31.0531 2796        FastUserSwitchingCompatibility - ok
13:29:31.0546 2796        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:29:31.0703 2796        Fdc - ok
13:29:31.0718 2796        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:29:31.0890 2796        Fips - ok
13:29:31.0906 2796        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:29:32.0031 2796        Flpydisk - ok
13:29:32.0062 2796        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:29:32.0203 2796        FltMgr - ok
13:29:32.0281 2796        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:29:32.0296 2796        FontCache3.0.0.0 - ok
13:29:32.0328 2796        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:29:32.0484 2796        Fs_Rec - ok
13:29:32.0500 2796        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:29:32.0640 2796        Ftdisk - ok
13:29:32.0671 2796        FXUSBASE        (710c2ff58656f478f67363a7038d1ae2) C:\WINDOWS\system32\DRIVERS\fxusbase.sys
13:29:32.0734 2796        FXUSBASE - ok
13:29:32.0765 2796        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:29:32.0921 2796        Gpc - ok
13:29:32.0937 2796        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:29:33.0093 2796        HDAudBus - ok
13:29:33.0156 2796        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:29:33.0312 2796        helpsvc - ok
13:29:33.0312 2796        HidServ - ok
13:29:33.0343 2796        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:29:33.0468 2796        HidUsb - ok
13:29:33.0515 2796        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
13:29:33.0671 2796        hkmsvc - ok
13:29:33.0671 2796        hpn - ok
13:29:33.0703 2796        HPZid412        (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:29:33.0718 2796        HPZid412 - ok
13:29:33.0734 2796        HPZipr12        (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:29:33.0750 2796        HPZipr12 - ok
13:29:33.0781 2796        HPZius12        (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:29:33.0812 2796        HPZius12 - ok
13:29:33.0843 2796        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:29:33.0890 2796        HTTP - ok
13:29:33.0906 2796        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
13:29:34.0046 2796        HTTPFilter - ok
13:29:34.0046 2796        i2omgmt - ok
13:29:34.0062 2796        i2omp - ok
13:29:34.0109 2796        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:29:34.0265 2796        i8042prt - ok
13:29:34.0390 2796        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:29:34.0437 2796        idsvc - ok
13:29:34.0578 2796        IDSxpx86        (eeebf3616db90124c1c57019d39aa9a2) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120726.001\IDSxpx86.sys
13:29:34.0609 2796        IDSxpx86 - ok
13:29:34.0656 2796        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:29:34.0781 2796        Imapi - ok
13:29:34.0828 2796        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
13:29:34.0968 2796        ImapiService - ok
13:29:34.0984 2796        ini910u - ok
13:29:35.0218 2796        IntcAzAudAddService (41ef008d7b089ce6f5f2e4a61d5638e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:29:35.0406 2796        IntcAzAudAddService - ok
13:29:35.0468 2796        IntelIde - ok
13:29:35.0500 2796        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:29:35.0609 2796        Ip6Fw - ok
13:29:35.0656 2796        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:29:35.0796 2796        IpFilterDriver - ok
13:29:35.0828 2796        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:29:35.0953 2796        IpInIp - ok
13:29:35.0984 2796        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:29:36.0125 2796        IpNat - ok
13:29:36.0156 2796        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:29:36.0281 2796        IPSec - ok
13:29:36.0296 2796        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:29:36.0359 2796        IRENUM - ok
13:29:36.0375 2796        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:29:36.0500 2796        isapnp - ok
13:29:36.0593 2796        JavaQuickStarterService (28e8a9984ba1297efe44b6138d2ca51e) C:\Programme\Java\jre6\bin\jqs.exe
13:29:36.0625 2796        JavaQuickStarterService - ok
13:29:36.0656 2796        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:29:36.0812 2796        Kbdclass - ok
13:29:36.0843 2796        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:29:36.0984 2796        kmixer - ok
13:29:37.0000 2796        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:29:37.0015 2796        KSecDD - ok
13:29:37.0046 2796        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
13:29:37.0078 2796        lanmanserver - ok
13:29:37.0125 2796        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
13:29:37.0171 2796        lanmanworkstation - ok
13:29:37.0187 2796        lbrtfdc - ok
13:29:37.0203 2796        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
13:29:37.0343 2796        LmHosts - ok
13:29:37.0375 2796        MACNDIS5        (e949d673842858d458f7e6bcd46a2a5d) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
13:29:37.0390 2796        MACNDIS5 ( UnsignedFile.Multi.Generic ) - warning
13:29:37.0390 2796        MACNDIS5 - detected UnsignedFile.Multi.Generic (1)
13:29:37.0453 2796        McrdSvc        (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe
13:29:37.0484 2796        McrdSvc - ok
13:29:37.0500 2796        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
13:29:37.0640 2796        Messenger - ok
13:29:37.0671 2796        MHN            (ded60230e3019c508769ec3c15bcda44) C:\WINDOWS\System32\mhn.dll
13:29:37.0687 2796        MHN ( UnsignedFile.Multi.Generic ) - warning
13:29:37.0687 2796        MHN - detected UnsignedFile.Multi.Generic (1)
13:29:37.0703 2796        MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
13:29:37.0718 2796        MHNDRV ( UnsignedFile.Multi.Generic ) - warning
13:29:37.0718 2796        MHNDRV - detected UnsignedFile.Multi.Generic (1)
13:29:37.0750 2796        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:29:37.0859 2796        mnmdd - ok
13:29:37.0890 2796        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
13:29:38.0031 2796        mnmsrvc - ok
13:29:38.0062 2796        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:29:38.0187 2796        Modem - ok
13:29:38.0218 2796        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:29:38.0375 2796        Mouclass - ok
13:29:38.0406 2796        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:29:38.0531 2796        mouhid - ok
13:29:38.0578 2796        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:29:38.0718 2796        MountMgr - ok
13:29:38.0765 2796        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
13:29:38.0781 2796        MozillaMaintenance - ok
13:29:38.0796 2796        mraid35x - ok
13:29:38.0812 2796        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:29:38.0937 2796        MRxDAV - ok
13:29:38.0984 2796        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:29:39.0000 2796        MRxSmb - ok
13:29:39.0015 2796        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
13:29:39.0156 2796        MSDTC - ok
13:29:39.0171 2796        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:29:39.0312 2796        Msfs - ok
13:29:39.0312 2796        MSIServer - ok
13:29:39.0343 2796        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:29:39.0468 2796        MSKSSRV - ok
13:29:39.0500 2796        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:29:39.0593 2796        MSPCLOCK - ok
13:29:39.0625 2796        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:29:39.0765 2796        MSPQM - ok
13:29:39.0781 2796        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:29:39.0906 2796        mssmbios - ok
13:29:40.0000 2796        MTOnlPktAlyX    (036300114255b3c78bfb616ce8bc7ad9) C:\PROGRA~1\T-Online\T-ONLI~2\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
13:29:40.0000 2796        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning
13:29:40.0000 2796        MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1)
13:29:40.0015 2796        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:29:40.0046 2796        Mup - ok
13:29:40.0109 2796        MZCCntrl        (5f9ba398f88fc8928ea6dbd5d144cfca) C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
13:29:40.0125 2796        MZCCntrl ( UnsignedFile.Multi.Generic ) - warning
13:29:40.0125 2796        MZCCntrl - detected UnsignedFile.Multi.Generic (1)
13:29:40.0156 2796        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
13:29:40.0296 2796        napagent - ok
13:29:40.0421 2796        NAVENG          (f11033730b38260b6892e837c457fb4b) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120726.038\NAVENG.SYS
13:29:40.0437 2796        NAVENG - ok
13:29:40.0531 2796        NAVEX15        (4e4e7c0259d3bb97de24a636c0e06aba) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120726.038\NAVEX15.SYS
13:29:40.0578 2796        NAVEX15 - ok
13:29:40.0687 2796        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:29:40.0828 2796        NDIS - ok
13:29:40.0859 2796        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:29:40.0875 2796        NdisTapi - ok
13:29:40.0906 2796        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:29:41.0046 2796        Ndisuio - ok
13:29:41.0062 2796        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:29:41.0203 2796        NdisWan - ok
13:29:41.0218 2796        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:29:41.0250 2796        NDProxy - ok
13:29:41.0265 2796        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:29:41.0406 2796        NetBIOS - ok
13:29:41.0421 2796        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:29:41.0562 2796        NetBT - ok
13:29:41.0593 2796        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:29:41.0734 2796        NetDDE - ok
13:29:41.0750 2796        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:29:41.0859 2796        NetDDEdsdm - ok
13:29:41.0875 2796        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:29:42.0031 2796        Netlogon - ok
13:29:42.0046 2796        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
13:29:42.0171 2796        Netman - ok
13:29:42.0250 2796        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:29:42.0265 2796        NetTcpPortSharing - ok
13:29:42.0375 2796        NIS            (e78a365cc3e0fbfc018a33dce01909f8) C:\Programme\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
13:29:42.0390 2796        NIS - ok
13:29:42.0437 2796        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
13:29:42.0453 2796        Nla - ok
13:29:42.0484 2796        nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
13:29:42.0609 2796        nm - ok
13:29:42.0640 2796        NMSAccess      (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Programme\CDBurnerXP\NMSAccessU.exe
13:29:42.0656 2796        NMSAccess - ok
13:29:42.0671 2796        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:29:42.0781 2796        Npfs - ok
13:29:42.0812 2796        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:29:42.0968 2796        Ntfs - ok
13:29:42.0984 2796        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:29:43.0125 2796        NtLmSsp - ok
13:29:43.0156 2796        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
13:29:43.0296 2796        NtmsSvc - ok
13:29:43.0328 2796        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:29:43.0453 2796        Null - ok
13:29:43.0781 2796        nv              (430f3783943c61b1cd7010fe84df3674) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:29:44.0031 2796        nv - ok
13:29:44.0125 2796        NVENETFD        (d875346596bd48d74ac9b9be791b8d69) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:29:44.0140 2796        NVENETFD - ok
13:29:44.0171 2796        nvnetbus        (f02c1c5e84c37667ecd3eea5958449bc) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:29:44.0203 2796        nvnetbus - ok
13:29:44.0234 2796        nvsmu          (9aebc32f9d6e02ebee0369ab296fe7c8) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
13:29:44.0250 2796        nvsmu - ok
13:29:44.0281 2796        NVSvc          (b9e3304492d817b2d5bc0ffd18f18512) C:\WINDOWS\system32\nvsvc32.exe
13:29:44.0312 2796        NVSvc - ok
13:29:44.0343 2796        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:29:44.0453 2796        NwlnkFlt - ok
13:29:44.0468 2796        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:29:44.0640 2796        NwlnkFwd - ok
13:29:44.0671 2796        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:29:44.0796 2796        Parport - ok
13:29:44.0812 2796        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:29:44.0953 2796        PartMgr - ok
13:29:44.0984 2796        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:29:45.0109 2796        ParVdm - ok
13:29:45.0125 2796        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:29:45.0234 2796        PCI - ok
13:29:45.0250 2796        PCIDump - ok
13:29:45.0265 2796        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:29:45.0390 2796        PCIIde - ok
13:29:45.0406 2796        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:29:45.0531 2796        Pcmcia - ok
13:29:45.0546 2796        PDCOMP - ok
13:29:45.0546 2796        PDFRAME - ok
13:29:45.0562 2796        PDRELI - ok
13:29:45.0562 2796        PDRFRAME - ok
13:29:45.0578 2796        perc2 - ok
13:29:45.0593 2796        perc2hib - ok
13:29:45.0656 2796        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:29:45.0656 2796        PlugPlay - ok
13:29:45.0687 2796        Pml Driver HPZ12 (901c43516504cbe582e4c4193e00876a) C:\WINDOWS\system32\HPZipm12.exe
13:29:45.0703 2796        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:29:45.0703 2796        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:29:45.0734 2796        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:29:45.0859 2796        PolicyAgent - ok
13:29:45.0875 2796        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:29:46.0015 2796        PptpMiniport - ok
13:29:46.0046 2796        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
13:29:46.0171 2796        Processor - ok
13:29:46.0171 2796        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:29:46.0296 2796        ProtectedStorage - ok
13:29:46.0296 2796        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:29:46.0437 2796        PSched - ok
13:29:46.0437 2796        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:29:46.0578 2796        Ptilink - ok
13:29:46.0593 2796        PxHelp20        (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:29:46.0609 2796        PxHelp20 - ok
13:29:46.0625 2796        ql1080 - ok
13:29:46.0625 2796        Ql10wnt - ok
13:29:46.0640 2796        ql12160 - ok
13:29:46.0656 2796        ql1240 - ok
13:29:46.0656 2796        ql1280 - ok
13:29:46.0687 2796        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:29:46.0796 2796        RasAcd - ok
13:29:46.0828 2796        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
13:29:46.0953 2796        RasAuto - ok
13:29:46.0968 2796        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:29:47.0109 2796        Rasl2tp - ok
13:29:47.0140 2796        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
13:29:47.0281 2796        RasMan - ok
13:29:47.0281 2796        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:29:47.0406 2796        RasPppoe - ok
13:29:47.0421 2796        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:29:47.0531 2796        Raspti - ok
13:29:47.0562 2796        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:29:47.0687 2796        Rdbss - ok
13:29:47.0718 2796        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:29:47.0828 2796        RDPCDD - ok
13:29:47.0859 2796        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:29:47.0984 2796        rdpdr - ok
13:29:48.0031 2796        RDPWD          (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
13:29:48.0046 2796        RDPWD - ok
13:29:48.0093 2796        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
13:29:48.0203 2796        RDSessMgr - ok
13:29:48.0218 2796        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:29:48.0359 2796        redbook - ok
13:29:48.0390 2796        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
13:29:48.0515 2796        RemoteAccess - ok
13:29:48.0531 2796        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
13:29:48.0671 2796        RemoteRegistry - ok
13:29:48.0687 2796        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
13:29:48.0812 2796        RpcLocator - ok
13:29:48.0859 2796        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
13:29:48.0875 2796        RpcSs - ok
13:29:48.0921 2796        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
13:29:49.0031 2796        RSVP - ok
13:29:49.0062 2796        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:29:49.0187 2796        SamSs - ok
13:29:49.0203 2796        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
13:29:49.0328 2796        SCardSvr - ok
13:29:49.0359 2796        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
13:29:49.0468 2796        Schedule - ok
13:29:49.0500 2796        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:29:49.0546 2796        Secdrv - ok
13:29:49.0578 2796        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
13:29:49.0718 2796        seclogon - ok
13:29:49.0734 2796        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
13:29:49.0843 2796        SENS - ok
13:29:49.0890 2796        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
13:29:50.0031 2796        Serial - ok
13:29:50.0046 2796        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:29:50.0187 2796        Sfloppy - ok
13:29:50.0218 2796        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
13:29:50.0343 2796        SharedAccess - ok
13:29:50.0375 2796        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:29:50.0390 2796        ShellHWDetection - ok
13:29:50.0390 2796        Simbad - ok
13:29:50.0406 2796        Sparrow - ok
13:29:50.0421 2796        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:29:50.0562 2796        splitter - ok
13:29:50.0593 2796        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:29:50.0625 2796        Spooler - ok
13:29:50.0640 2796        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:29:50.0718 2796        sr - ok
13:29:50.0750 2796        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
13:29:50.0812 2796        srservice - ok
13:29:50.0875 2796        SRTSP          (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NIS\1207020.003\SRTSP.SYS
13:29:50.0906 2796        SRTSP - ok
13:29:50.0921 2796        SRTSPX          (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1207020.003\SRTSPX.SYS
13:29:50.0937 2796        SRTSPX - ok
13:29:50.0968 2796        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:29:51.0000 2796        Srv - ok
13:29:51.0015 2796        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
13:29:51.0078 2796        SSDPSRV - ok
13:29:51.0109 2796        StarOpen        (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
13:29:51.0109 2796        StarOpen ( UnsignedFile.Multi.Generic ) - warning
13:29:51.0109 2796        StarOpen - detected UnsignedFile.Multi.Generic (1)
13:29:51.0156 2796        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
13:29:51.0265 2796        stisvc - ok
13:29:51.0296 2796        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:29:51.0421 2796        swenum - ok
13:29:51.0437 2796        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:29:51.0546 2796        swmidi - ok
13:29:51.0546 2796        SwPrv - ok
13:29:51.0562 2796        symc810 - ok
13:29:51.0578 2796        symc8xx - ok
13:29:51.0578 2796        SYMDNS - ok
13:29:51.0609 2796        SymDS          (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1207020.003\SYMDS.SYS
13:29:51.0640 2796        SymDS - ok
13:29:51.0687 2796        SymEFA          (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1207020.003\SYMEFA.SYS
13:29:51.0718 2796        SymEFA - ok
13:29:51.0750 2796        SymEvent        (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
13:29:51.0765 2796        SymEvent - ok
13:29:51.0781 2796        SYMFW - ok
13:29:51.0781 2796        SYMIDS - ok
13:29:51.0812 2796        SymIRON        (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1207020.003\Ironx86.SYS
13:29:51.0828 2796        SymIRON - ok
13:29:51.0843 2796        SYMNDIS - ok
13:29:51.0843 2796        SYMREDRV - ok
13:29:51.0890 2796        SYMTDI          (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\NIS\1207020.003\SYMTDI.SYS
13:29:51.0906 2796        SYMTDI - ok
13:29:51.0906 2796        sym_hi - ok
13:29:51.0921 2796        sym_u3 - ok
13:29:51.0953 2796        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:29:52.0062 2796        sysaudio - ok
13:29:52.0093 2796        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
13:29:52.0203 2796        SysmonLog - ok
13:29:52.0234 2796        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
13:29:52.0343 2796        TapiSrv - ok
13:29:52.0406 2796        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:29:52.0453 2796        Tcpip - ok
13:29:52.0468 2796        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:29:52.0609 2796        TDPIPE - ok
13:29:52.0625 2796        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:29:52.0734 2796        TDTCP - ok
13:29:52.0765 2796        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:29:52.0890 2796        TermDD - ok
13:29:52.0921 2796        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
13:29:53.0046 2796        TermService - ok
13:29:53.0093 2796        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:29:53.0093 2796        Themes - ok
13:29:53.0140 2796        TlntSvr        (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
13:29:53.0218 2796        TlntSvr - ok
13:29:53.0234 2796        TosIde - ok
13:29:53.0250 2796        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
13:29:53.0390 2796        TrkWks - ok
13:29:53.0421 2796        tunmp          (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
13:29:53.0531 2796        tunmp - ok
13:29:53.0562 2796        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:29:53.0671 2796        Udfs - ok
13:29:53.0671 2796        ultra - ok
13:29:53.0703 2796        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:29:53.0843 2796        Update - ok
13:29:53.0859 2796        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
13:29:53.0921 2796        upnphost - ok
13:29:53.0953 2796        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
13:29:54.0078 2796        UPS - ok
13:29:54.0109 2796        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:29:54.0234 2796        usbccgp - ok
13:29:54.0250 2796        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:29:54.0390 2796        usbehci - ok
13:29:54.0390 2796        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:29:54.0500 2796        usbhub - ok
13:29:54.0531 2796        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:29:54.0656 2796        usbohci - ok
13:29:54.0671 2796        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:29:54.0781 2796        usbprint - ok
13:29:54.0812 2796        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:29:54.0921 2796        usbscan - ok
13:29:54.0921 2796        usbstor        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:29:55.0046 2796        usbstor - ok
13:29:55.0078 2796        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:29:55.0171 2796        VgaSave - ok
13:29:55.0187 2796        ViaIde - ok
13:29:55.0203 2796        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:29:55.0328 2796        VolSnap - ok
13:29:55.0359 2796        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
13:29:55.0421 2796        VSS - ok
13:29:55.0437 2796        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
13:29:55.0546 2796        W32Time - ok
13:29:55.0578 2796        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:29:55.0750 2796        Wanarp - ok
13:29:55.0765 2796        WDICA - ok
13:29:55.0781 2796        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:29:55.0890 2796        wdmaud - ok
13:29:55.0906 2796        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
13:29:56.0062 2796        WebClient - ok
13:29:56.0125 2796        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:29:56.0234 2796        winmgmt - ok
13:29:56.0296 2796        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:29:56.0296 2796        WmdmPmSN - ok
13:29:56.0375 2796        Wmi            (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
13:29:56.0406 2796        Wmi - ok
13:29:56.0421 2796        WmiAcpi        (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:29:56.0578 2796        WmiAcpi - ok
13:29:56.0609 2796        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:29:56.0734 2796        WmiApSrv - ok
13:29:56.0859 2796        WMPNetworkSvc  (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
13:29:56.0921 2796        WMPNetworkSvc - ok
13:29:56.0953 2796        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
13:29:57.0093 2796        wscsvc - ok
13:29:57.0125 2796        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
13:29:57.0250 2796        wuauserv - ok
13:29:57.0328 2796        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:29:57.0343 2796        WudfPf - ok
13:29:57.0406 2796        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:29:57.0421 2796        WudfRd - ok
13:29:57.0500 2796        WudfSvc        (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:29:57.0515 2796        WudfSvc - ok
13:29:57.0734 2796        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
13:29:57.0906 2796        WZCSVC - ok
13:29:57.0921 2796        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
13:29:58.0062 2796        xmlprov - ok
13:29:58.0078 2796        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
13:29:58.0515 2796        \Device\Harddisk0\DR0 - ok
13:29:58.0531 2796        Boot (0x1200)  (12eac14394eece3158b9c5c34ed5a506) \Device\Harddisk0\DR0\Partition0
13:29:58.0531 2796        \Device\Harddisk0\DR0\Partition0 - ok
13:29:58.0531 2796        Boot (0x1200)  (d7c8c3545ece020414a65f45084bdfd4) \Device\Harddisk0\DR0\Partition1
13:29:58.0531 2796        \Device\Harddisk0\DR0\Partition1 - ok
13:29:58.0562 2796        Boot (0x1200)  (6df634aaba57795d4091e4c4b449d714) \Device\Harddisk0\DR0\Partition2
13:29:58.0562 2796        \Device\Harddisk0\DR0\Partition2 - ok
13:29:58.0593 2796        Boot (0x1200)  (557436e1fb6f5ec5b25f6a2621727fbc) \Device\Harddisk0\DR0\Partition3
13:29:58.0593 2796        \Device\Harddisk0\DR0\Partition3 - ok
13:29:58.0609 2796        Boot (0x1200)  (27715ffbe678a0ee72678a44f9bfdca2) \Device\Harddisk0\DR0\Partition4
13:29:58.0625 2796        \Device\Harddisk0\DR0\Partition4 - ok
13:29:58.0625 2796        ============================================================
13:29:58.0625 2796        Scan finished
13:29:58.0625 2796        ============================================================
13:29:58.0765 2752        Detected object count: 7
13:29:58.0765 2752        Actual detected object count: 7
13:30:05.0859 2752        MACNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:05.0859 2752        MACNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:05.0859 2752        MHN ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:05.0859 2752        MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:05.0859 2752        MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:05.0859 2752        MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:05.0859 2752        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:05.0859 2752        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:05.0859 2752        MZCCntrl ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:05.0859 2752        MZCCntrl ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:05.0875 2752        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:05.0875 2752        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:05.0875 2752        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:05.0875 2752        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 27.07.2012 22:22
die meinte ich.
nutzt du den pc für onlinebanking zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?

derpate030 28.07.2012 08:52
Guten Morgen,

ja auf dem PC werden wichtige Sachen ausgeführt. Banking, einkaufen etc.

Warum?

Viele Grüße

markusg 30.07.2012 21:55
onlinebanking bitte aufgrund von rootkit befall sperren lassen.
am ende alle passwörter endern
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

derpate030 03.08.2012 09:16
Hi,
nicht das du denkst ich befolge deinen Rat nicht. Banking gesperrt, sichere seit Tagen die Daten.
Werde heute Abend das System neu aufsetzen, mir ist aufgefallen, dass zwar ein Tipp für ne Antivirensoftware vorliegt, aber welche Firewall ist zu empfehlen?

Vielen Dank für die Info

LG

markusg 03.08.2012 17:56
windows firewall reicht.
hier noch mal zusatz tipps:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.72

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

derpate030 04.08.2012 11:44
Hi,
also folgender Stand ist zur Zeit:
- Windows XP neu aufgesetzt
- SP2 +SP3 installiert
- alle Updates und optionalen Updates installiert
- Autorun mit TweakUi deaktiviert (muss der Flashdisinfector ausgeführt werden)
- Antimalware installiert und eingestellt
- eingeschränktes Benutzerkonto erstellt
- Windows-Dienste sicher konfigurieren und abschalten (Windows 7/Vista/XP/2000) - www.ntsvcfg.de scrip ausgeführt und punkt 3 ausgewählt
-automatischen Updates für Windows sowie der intelligente Hintergrundtransferdienst (BITS) aktiv sind und die Firewall auf automatisch gesetzt
-Datenausführungsverhinderung für alle Programme und Dienste mit Ausnahme der ausgewählten einschalten
- Quickscan auf webscan. hat 0 offene Dienste gefunden

Hi,
also folgender Stand ist zur Zeit:
- Windows XP neu aufgesetzt
- SP2 +SP3 installiert
- alle Updates und optionalen Updates installiert
- Autorun mit TweakUi deaktiviert (muss der Flashdisinfector ausgeführt werden)
- Antimalware installiert und eingestellt
- eingeschränktes Benutzerkonto erstellt
- Windows-Dienste sicher konfigurieren und abschalten (Windows 7/Vista/XP/2000) - www.ntsvcfg.de scrip ausgeführt und punkt 3 ausgewählt
-automatischen Updates für Windows sowie der intelligente Hintergrundtransferdienst (BITS) aktiv sind und die Firewall auf automatisch gesetzt
-Datenausführungsverhinderung für alle Programme und Dienste mit Ausnahme der ausgewählten einschalten
- Quickscan auf webscan. hat 0 offene Dienste gefunden
- Panda Vaccine ausgeführt und geimpft
- secunia psi installiert, allerdings habe ich nicht soviele einstellungen wie bei der anleitung aufgeführt ist
- file hippo installiert

Rest folgt morgen: Backup und Chrome + Sandies installieren

markusg 04.08.2012 16:55
- flash disinfektor ist nicht nötig, kannst du aber wenn du willst nutzen.
das sieht doch alles sehr gut aus, gucken das du für die hardware die neuesten treiber instalierst.
welche einstellungen fehlen dir denn bei secunia?

beachte:
secunia und file hippo bieten englische updates, überall wo du auf die nutzeroberfläche zugreifst, wie zb reader, browser, etc benötigst du deutsche updates, also hier die hersteller seiten in den favoriten deines browsers speichern und wenn ein update gezeigt wird, von dort hohlen, bei java, flash quicktime, ist es egal ob deutsch oder englisch.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131