| |
| |||||||
Log-Analyse und Auswertung: Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.12.2011, 11:26
| #1 |
| | ![Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] - Standard](images/icons/icon1.gif){kind=icon} Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] Hallo liebe Helfer, ich bin habe meinen PC mit "aswMBR" gescannt und dabei einen rot markierten Bereich angezeigt bekommen: Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-18 10:24:08
-----------------------------
10:24:08.699 OS Version: Windows x64 6.1.7601 Service Pack 1
10:24:08.699 Number of processors: 4 586 0x403
10:24:08.699 ComputerName: MAZ-PC UserName: maz
10:24:09.934 Initialize success
10:24:57.568 AVAST engine defs: 11121800
10:25:07.803 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
10:25:07.803 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
10:25:07.803 Disk 0 MBR read successfully
10:25:07.803 Disk 0 MBR scan
10:25:07.803 Disk 0 Windows XP default MBR code
10:25:07.818 Service scanning
10:25:08.256 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:25:08.787 Modules scanning
10:25:08.787 Disk 0 trace - called modules:
10:25:08.787 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]<<
10:25:08.787 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fa8060]
10:25:08.787 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80049419b0]
10:25:08.787 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004f9a060]
10:25:08.787 \Driver\atapi[0xfffffa8003ac0de0] -> IRP_MJ_CREATE -> 0xfffffa8003a912c0
10:25:21.209 AVAST engine scan C:\Windows
10:25:32.178 AVAST engine scan C:\Windows\system32
10:26:52.443 AVAST engine scan C:\Windows\system32\drivers
10:26:59.459 AVAST engine scan C:\Users\maz
10:30:05.803 AVAST engine scan C:\ProgramData
10:30:53.600 Scan finished successfully
10:32:47.741 Disk 0 MBR has been saved successfully to "C:\Users\maz\Desktop\MBR.dat"
10:32:47.741 The log file has been saved successfully to "C:\Users\maz\Desktop\aswMBRlog1.txt"
Code:
ATTFilter OTL logfile created on: 18.12.2011 10:13:11 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = E:\Viren und Trojaner Hilfeordner\Analyse\2 OTL 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,40% Memory free 11,81 Gb Paging File | 10,20 Gb Available in Paging File | 86,36% Paging File free Paging file location(s): c:\pagefile.sys 8000 8000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 802,03 Gb Free Space | 86,11% Space Free | Partition Type: NTFS Drive E: | 596,17 Gb Total Space | 366,03 Gb Free Space | 61,40% Space Free | Partition Type: NTFS Computer Name: MAZ-PC | User Name: maz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.17 13:34:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\Viren und Trojaner Hilfeordner\Analyse\2 OTL\OTL.exe PRC - [2011.12.09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe PRC - [2011.12.06 19:18:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.11.24 05:59:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011.11.23 19:29:22 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.11.09 19:27:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.01.07 01:03:20 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe ========== Modules (No Company Name) ========== MOD - [2011.11.23 19:29:08 | 000,349,504 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011.11.09 19:27:12 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.01.07 01:03:20 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.08.09 03:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service) SRV - [2011.12.09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011.12.06 19:18:22 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.11.24 05:59:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.11.23 19:29:22 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.09 08:38:03 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.11.09 15:21:39 | 000,187,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.10.19 16:56:15 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.05.22 17:38:52 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.05.13 22:30:05 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.04.17 17:11:50 | 000,108,032 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3) DRV:64bit: - [2010.04.16 15:49:06 | 000,114,048 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mr8980x64.sys -- (mr8980) DRV:64bit: - [2010.03.17 09:14:02 | 000,302,632 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2009.10.07 07:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam S7500(UVC) DRV:64bit: - [2009.10.07 07:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2009.07.31 11:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XENfiltv.sys -- (XENfiltv) DRV:64bit: - [2009.07.30 12:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.04 17:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2008.01.19 05:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir) DRV - [2010.04.16 15:49:06 | 000,114,048 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MR8980x64.sys -- (mr8980) DRV - [2009.07.29 18:55:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 6F 93 F0 D4 10 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://www.google.com/webhp?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\maz\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.22 14:28:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.22 14:28:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 19:27:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.17 19:13:37 | 000,000,000 | ---D | M] [2011.05.12 19:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maz\AppData\Roaming\mozilla\Extensions [2011.12.16 06:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maz\AppData\Roaming\mozilla\Firefox\Profiles\l17q9gvj.default\extensions [2011.11.11 21:39:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\maz\AppData\Roaming\mozilla\Firefox\Profiles\l17q9gvj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.09 19:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\MAZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L17Q9GVJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.09 19:27:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.09.05 10:44:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.05 10:44:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.05 10:44:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.05.14 18:46:57 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2011.09.05 10:44:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.05 10:44:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.05 10:44:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6B46ADE-73F0-4405-890F-AB73DE899EDE}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.18 09:41:37 | 000,000,000 | ---D | C] -- C:\Users\maz\Documents\3DMark 11 [2011.12.18 09:41:18 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\IsolatedStorage [2011.12.18 09:41:16 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Futuremark_Corporation [2011.12.18 09:22:08 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner [2011.12.18 09:22:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner [2011.12.17 18:18:41 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Malwarebytes [2011.12.17 18:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.17 18:18:32 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.13 20:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2011.12.13 20:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2011.12.13 20:44:39 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.12.13 20:44:39 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.12.11 20:18:21 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Chromium [2011.12.11 18:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2011.12.11 18:25:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.12.11 17:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SamsungPrinterLiveUpdate [2011.12.11 17:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers [2011.12.11 17:53:12 | 000,000,000 | ---D | C] -- C:\Windows\Samsung [2011.12.11 17:53:02 | 000,151,552 | ---- | C] (SS) -- C:\Windows\SysNative\ssp7mci.exe [2011.12.11 17:53:02 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\ssp7mci.dll [2011.12.11 17:53:02 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\ssdevm.dll [2011.12.11 17:53:02 | 000,074,240 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\ssdevm64.dll [2011.12.11 17:53:02 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\ssusbpn.dll [2011.12.11 17:53:02 | 000,047,104 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\ssusbp64.dll [2011.12.11 17:51:39 | 000,011,576 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\drivers\SSPORT.SYS [2011.12.11 17:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2011.12.11 17:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games [2011.12.11 17:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2011.12.10 19:17:20 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\pokerth [2011.12.06 21:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode [2011.12.06 21:09:42 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Apple Computer [2011.12.04 08:42:39 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Avira [2011.12.04 08:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.12.04 08:37:14 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.04 08:37:14 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.12.04 08:37:14 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.12.04 08:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.12.04 08:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg [2011.12.04 08:10:46 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\F-Secure [2011.12.04 08:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2011.12.03 22:09:34 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\GetRightToGo [2011.12.03 22:09:34 | 000,000,000 | ---D | C] -- C:\Users\maz\Documents\Downloads [2011.12.03 17:45:28 | 000,000,000 | ---D | C] -- C:\Users\maz\Documents\Take On Helicopters Demo [2011.12.03 17:45:28 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Take On Helicopters Demo [2011.12.02 17:45:12 | 000,000,000 | ---D | C] -- C:\Users\maz\Documents\sec4 [2011.12.02 17:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec [2011.11.26 21:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs [2011.11.26 20:10:53 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\TP [2011.11.25 07:19:45 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\lazarus [2011.11.24 18:51:37 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Need for Speed World [2011.11.22 18:45:10 | 000,000,000 | ---D | C] -- C:\LH1 [2011.11.21 19:43:53 | 000,000,000 | ---D | C] -- C:\WinSetupFromUSB [2011.11.19 23:32:40 | 000,000,000 | ---D | C] -- C:\cuprojects [2011.11.19 21:58:00 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Electronic_Arts_Inc [2011.11.19 21:54:17 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Akamai [2011.11.18 18:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2011.11.18 18:38:08 | 000,256,000 | ---- | C] (SEC) -- C:\Windows\SysNative\SIPDUtil.dll [2011.11.18 18:38:08 | 000,162,096 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\Windows\SysNative\SUPDSvcA.dll [2011.11.18 18:38:07 | 000,166,704 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\Windows\SysNative\SUPDSvc.exe [2011.11.18 18:38:07 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\spd__ci.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.18 09:54:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.18 09:22:08 | 000,001,086 | ---- | M] () -- C:\Users\maz\Desktop\MSI Afterburner.lnk [2011.12.18 08:51:48 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.18 08:51:48 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.18 08:49:16 | 001,506,326 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.18 08:49:16 | 000,656,544 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.18 08:49:16 | 000,618,426 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.18 08:49:16 | 000,131,014 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.18 08:49:16 | 000,107,404 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.18 08:44:26 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.18 08:44:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.18 08:44:19 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2011.12.17 22:23:39 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.12.17 22:23:39 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.12.17 21:58:57 | 000,000,600 | ---- | M] () -- C:\Users\maz\AppData\Local\PUTTY.RND [2011.12.17 21:03:04 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011.12.11 18:01:18 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.12.11 17:42:46 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\L.A. Noire.lnk [2011.12.09 08:38:03 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.09 06:33:06 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2011.12.06 19:19:03 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2011.12.06 19:18:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.04 08:12:44 | 001,544,938 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.04 08:12:37 | 000,019,476 | ---- | M] () -- C:\Windows\prodsett_copy.ini [2011.11.27 14:42:59 | 000,001,467 | ---- | M] () -- C:\Users\maz\.recently-used.xbel [2011.11.26 21:20:59 | 000,000,052 | RH-- | M] () -- C:\Windows\ctfile.rfc [2011.11.26 07:43:03 | 000,052,275 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2011.11.24 05:59:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.11.24 05:59:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.11.24 05:59:00 | 000,007,653 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2011.11.23 19:29:36 | 000,406,336 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.18 09:22:08 | 000,001,086 | ---- | C] () -- C:\Users\maz\Desktop\MSI Afterburner.lnk [2011.12.13 20:44:39 | 000,007,653 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2011.12.11 18:01:18 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.12.11 17:53:13 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2011.12.11 17:53:03 | 000,000,357 | ---- | C] () -- C:\Windows\SysNative\ssp7ml6.smt [2011.12.11 17:42:46 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\L.A. Noire.lnk [2011.12.04 08:12:37 | 000,019,476 | ---- | C] () -- C:\Windows\prodsett_copy.ini [2011.12.04 08:12:36 | 001,544,938 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.27 14:42:59 | 000,001,467 | ---- | C] () -- C:\Users\maz\.recently-used.xbel [2011.11.23 19:29:36 | 000,406,336 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.11.18 18:38:07 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\DscPnt.dll [2011.11.18 18:38:07 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe [2011.11.18 18:38:07 | 000,151,552 | ---- | C] () -- C:\Windows\SysNative\spd__ci.exe [2011.11.18 18:38:07 | 000,027,648 | ---- | C] () -- C:\Windows\SysNative\spd__l.dll [2011.11.18 18:38:07 | 000,000,357 | ---- | C] () -- C:\Windows\SysNative\spd__l.smt [2011.11.03 22:43:36 | 000,004,096 | -H-- | C] () -- C:\Users\maz\AppData\Local\keyfile3.drm [2011.10.31 23:10:18 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys [2011.10.31 23:09:11 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg [2011.10.31 23:09:10 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.19 18:12:11 | 000,000,096 | -HS- | C] () -- C:\Windows\WSYS049.SYS [2011.09.19 14:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2011.09.11 07:44:01 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011.09.04 16:49:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.05.14 22:35:55 | 000,007,595 | ---- | C] () -- C:\Users\maz\AppData\Local\Resmon.ResmonCfg [2011.05.12 22:51:12 | 000,000,600 | ---- | C] () -- C:\Users\maz\AppData\Local\PUTTY.RND [2011.05.12 22:24:42 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.12 22:24:41 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.05.12 22:24:41 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.05.29 17:47:44 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\.purple [2011.09.20 19:35:19 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Ableton [2011.09.19 17:10:42 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\aborange [2011.05.15 08:47:37 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Ashampoo [2011.09.07 07:33:40 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Blender Foundation [2011.10.18 19:55:34 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\calibre [2011.12.18 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\DAEMON Tools Lite [2011.12.18 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\FileZilla [2011.12.03 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\GetRightToGo [2011.05.15 19:12:45 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\gtk-2.0 [2011.09.25 10:13:29 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Image-Line [2011.05.14 16:50:41 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Leadertech [2011.11.24 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Need for Speed World [2011.05.28 19:48:28 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Notepad++ [2011.05.13 23:00:14 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\OpenOffice.org [2011.10.26 18:03:34 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Origin [2011.09.19 18:23:29 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\PhotoScape [2011.12.10 19:17:20 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\pokerth [2011.05.15 09:05:59 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Serif [2011.11.26 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Steinberg [2011.09.28 17:48:31 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\SynthMaker [2011.11.21 18:13:07 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\TeamViewer [2011.11.26 20:10:53 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\TP [2011.05.13 22:58:53 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\TrueCrypt [2011.12.18 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\TS3Client [2011.05.14 18:24:26 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Unity [2011.09.07 14:49:15 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Windows Live Writer [2011.09.13 10:34:25 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\XMedia Recode [2011.05.13 22:27:05 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\XProfanFree [2011.11.04 23:21:59 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\{50A2320B-16F8-4CD0-9404-2F8F9C2128A7} [2011.10.29 07:37:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Vielen Dank im voraus. Anhang 25975 Anhang 25976 |
|
18.12.2011, 16:19
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
18.12.2011, 21:16
| #3 |
| | Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] MBAM:
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8392
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
18.12.2011 20:12:21
mbam-log-2011-12-18 (20-12-21).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 384256
Laufzeit: 39 Minute(n), 28 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7ab7e40f3267f14c9db2b19a590c9533
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-18 08:10:51
# local_time=2011-12-18 09:10:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1255274 1255274 0 0
# compatibility_mode=5893 16776574 100 94 17669408 75865758 0 0
# compatibility_mode=8192 67108863 100 0 3676 3676 0 0
# scanned=229796
# found=0
# cleaned=0
# scan_time=3143
|
|
19.12.2011, 12:01
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.12.2011, 18:26
| #5 |
| | Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] TDSS: Code:
ATTFilter 18:22:23.0634 3644 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
18:22:23.0765 3644 ============================================================
18:22:23.0765 3644 Current date / time: 2011/12/19 18:22:23.0765
18:22:23.0765 3644 SystemInfo:
18:22:23.0765 3644
18:22:23.0765 3644 OS Version: 6.1.7601 ServicePack: 1.0
18:22:23.0765 3644 Product type: Workstation
18:22:23.0765 3644 ComputerName: MAZ-PC
18:22:23.0765 3644 UserName: maz
18:22:23.0765 3644 Windows directory: C:\Windows
18:22:23.0765 3644 System windows directory: C:\Windows
18:22:23.0766 3644 Running under WOW64
18:22:23.0766 3644 Processor architecture: Intel x64
18:22:23.0766 3644 Number of processors: 4
18:22:23.0766 3644 Page size: 0x1000
18:22:23.0766 3644 Boot type: Normal boot
18:22:23.0766 3644 ============================================================
18:22:26.0309 3644 Initialize success
18:22:38.0121 2964 ============================================================
18:22:38.0121 2964 Scan started
18:22:38.0121 2964 Mode: Manual; SigCheck; TDLFS;
18:22:38.0121 2964 ============================================================
18:22:39.0390 2964 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:22:39.0486 2964 1394ohci - ok
18:22:39.0524 2964 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:22:39.0553 2964 ACPI - ok
18:22:39.0571 2964 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:22:39.0722 2964 AcpiPmi - ok
18:22:39.0801 2964 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:22:39.0819 2964 adp94xx - ok
18:22:39.0841 2964 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:22:39.0856 2964 adpahci - ok
18:22:39.0879 2964 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:22:39.0890 2964 adpu320 - ok
18:22:39.0957 2964 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:22:40.0028 2964 AFD - ok
18:22:40.0053 2964 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:22:40.0065 2964 agp440 - ok
18:22:40.0105 2964 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:22:40.0114 2964 aliide - ok
18:22:40.0144 2964 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:22:40.0167 2964 amdide - ok
18:22:40.0189 2964 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:22:40.0232 2964 AmdK8 - ok
18:22:40.0263 2964 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:22:40.0281 2964 AmdPPM - ok
18:22:40.0304 2964 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:22:40.0315 2964 amdsata - ok
18:22:40.0351 2964 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:22:40.0363 2964 amdsbs - ok
18:22:40.0378 2964 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:22:40.0404 2964 amdxata - ok
18:22:40.0499 2964 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:22:40.0765 2964 AppID - ok
18:22:40.0792 2964 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:22:40.0800 2964 arc - ok
18:22:40.0819 2964 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:22:40.0829 2964 arcsas - ok
18:22:40.0868 2964 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:22:41.0086 2964 AsyncMac - ok
18:22:41.0117 2964 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:22:41.0124 2964 atapi - ok
18:22:41.0179 2964 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:22:41.0196 2964 AtiPcie - ok
18:22:41.0258 2964 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
18:22:41.0269 2964 avgntflt - ok
18:22:41.0335 2964 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
18:22:41.0347 2964 avipbb - ok
18:22:41.0407 2964 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:22:41.0416 2964 avkmgr - ok
18:22:41.0495 2964 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:22:41.0550 2964 b06bdrv - ok
18:22:41.0608 2964 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:22:41.0631 2964 b57nd60a - ok
18:22:41.0668 2964 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:22:41.0706 2964 Beep - ok
18:22:41.0776 2964 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:22:41.0798 2964 blbdrive - ok
18:22:41.0841 2964 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:22:41.0923 2964 bowser - ok
18:22:41.0935 2964 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:22:41.0954 2964 BrFiltLo - ok
18:22:41.0963 2964 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:22:41.0976 2964 BrFiltUp - ok
18:22:42.0026 2964 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:22:42.0050 2964 Brserid - ok
18:22:42.0067 2964 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:22:42.0087 2964 BrSerWdm - ok
18:22:42.0117 2964 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:22:42.0141 2964 BrUsbMdm - ok
18:22:42.0170 2964 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:22:42.0180 2964 BrUsbSer - ok
18:22:42.0197 2964 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:22:42.0234 2964 BTHMODEM - ok
18:22:42.0292 2964 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:22:42.0347 2964 cdfs - ok
18:22:42.0403 2964 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:22:42.0534 2964 cdrom - ok
18:22:42.0720 2964 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:22:42.0832 2964 circlass - ok
18:22:43.0060 2964 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:22:43.0074 2964 CLFS - ok
18:22:43.0124 2964 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:22:43.0165 2964 CmBatt - ok
18:22:43.0178 2964 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:22:43.0188 2964 cmdide - ok
18:22:43.0229 2964 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:22:43.0250 2964 CNG - ok
18:22:43.0269 2964 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:22:43.0279 2964 Compbatt - ok
18:22:43.0334 2964 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:22:43.0374 2964 CompositeBus - ok
18:22:43.0475 2964 cpuz130 - ok
18:22:43.0573 2964 cpuz135 - ok
18:22:43.0584 2964 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:22:43.0591 2964 crcdisk - ok
18:22:43.0611 2964 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:22:43.0672 2964 DfsC - ok
18:22:43.0685 2964 DgiVecp - ok
18:22:43.0707 2964 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:22:43.0737 2964 discache - ok
18:22:43.0760 2964 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:22:43.0769 2964 Disk - ok
18:22:43.0845 2964 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:22:43.0875 2964 drmkaud - ok
18:22:43.0949 2964 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:22:43.0972 2964 DXGKrnl - ok
18:22:44.0035 2964 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:22:44.0131 2964 ebdrv - ok
18:22:44.0174 2964 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:22:44.0189 2964 elxstor - ok
18:22:44.0227 2964 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:22:44.0264 2964 ErrDev - ok
18:22:44.0303 2964 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:22:44.0349 2964 exfat - ok
18:22:44.0375 2964 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:22:44.0419 2964 fastfat - ok
18:22:44.0465 2964 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:22:44.0505 2964 fdc - ok
18:22:44.0524 2964 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:22:44.0543 2964 FileInfo - ok
18:22:44.0565 2964 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:22:44.0602 2964 Filetrace - ok
18:22:44.0771 2964 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:22:44.0783 2964 flpydisk - ok
18:22:44.0823 2964 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:22:44.0836 2964 FltMgr - ok
18:22:44.0889 2964 FLxHCIc (e35f19855192d025da41e8dfa318206a) C:\Windows\system32\DRIVERS\FLxHCIc.sys
18:22:44.0915 2964 FLxHCIc - ok
18:22:44.0955 2964 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:22:44.0964 2964 FsDepends - ok
18:22:44.0972 2964 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:22:44.0981 2964 Fs_Rec - ok
18:22:45.0057 2964 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:22:45.0070 2964 fvevol - ok
18:22:45.0116 2964 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:22:45.0125 2964 gagp30kx - ok
18:22:45.0182 2964 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:22:45.0193 2964 GEARAspiWDM - ok
18:22:45.0227 2964 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:22:45.0264 2964 hcw85cir - ok
18:22:45.0318 2964 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:22:45.0341 2964 HdAudAddService - ok
18:22:45.0372 2964 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:22:45.0391 2964 HDAudBus - ok
18:22:45.0421 2964 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:22:45.0438 2964 HidBatt - ok
18:22:45.0459 2964 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:22:45.0515 2964 HidBth - ok
18:22:45.0537 2964 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:22:45.0563 2964 HidIr - ok
18:22:45.0641 2964 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:22:45.0679 2964 HidUsb - ok
18:22:45.0731 2964 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:22:45.0742 2964 HpSAMD - ok
18:22:45.0822 2964 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:22:45.0880 2964 HTTP - ok
18:22:45.0941 2964 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:22:45.0948 2964 hwpolicy - ok
18:22:45.0984 2964 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:22:45.0999 2964 i8042prt - ok
18:22:46.0077 2964 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:22:46.0091 2964 iaStorV - ok
18:22:46.0136 2964 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:22:46.0153 2964 iirsp - ok
18:22:46.0529 2964 IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\Windows\system32\drivers\RTKVHD64.sys
18:22:46.0618 2964 IntcAzAudAddService - ok
18:22:46.0637 2964 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:22:46.0646 2964 intelide - ok
18:22:46.0684 2964 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:22:46.0707 2964 intelppm - ok
18:22:46.0755 2964 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:22:46.0797 2964 IpFilterDriver - ok
18:22:46.0815 2964 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:22:46.0828 2964 IPMIDRV - ok
18:22:46.0848 2964 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:22:46.0915 2964 IPNAT - ok
18:22:46.0961 2964 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
18:22:47.0084 2964 irda - ok
18:22:47.0104 2964 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:22:47.0127 2964 IRENUM - ok
18:22:47.0183 2964 irsir (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
18:22:47.0209 2964 irsir - ok
18:22:47.0254 2964 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:22:47.0266 2964 isapnp - ok
18:22:47.0297 2964 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:22:47.0309 2964 iScsiPrt - ok
18:22:47.0361 2964 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:22:47.0371 2964 kbdclass - ok
18:22:47.0391 2964 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:22:47.0411 2964 kbdhid - ok
18:22:47.0457 2964 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:22:47.0464 2964 KSecDD - ok
18:22:47.0501 2964 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:22:47.0512 2964 KSecPkg - ok
18:22:47.0548 2964 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:22:47.0582 2964 ksthunk - ok
18:22:47.0611 2964 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:22:47.0641 2964 lltdio - ok
18:22:47.0699 2964 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:22:47.0707 2964 LSI_FC - ok
18:22:47.0719 2964 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:22:47.0728 2964 LSI_SAS - ok
18:22:47.0749 2964 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:22:47.0756 2964 LSI_SAS2 - ok
18:22:47.0783 2964 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:22:47.0800 2964 LSI_SCSI - ok
18:22:47.0810 2964 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:22:47.0861 2964 luafv - ok
18:22:47.0879 2964 LVPr2M64 - ok
18:22:47.0951 2964 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
18:22:47.0972 2964 LVRS64 - ok
18:22:48.0322 2964 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
18:22:48.0482 2964 LVUVC64 - ok
18:22:48.0506 2964 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:22:48.0517 2964 megasas - ok
18:22:48.0550 2964 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:22:48.0563 2964 MegaSR - ok
18:22:48.0595 2964 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:22:48.0637 2964 Modem - ok
18:22:48.0670 2964 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:22:48.0694 2964 monitor - ok
18:22:48.0717 2964 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:22:48.0726 2964 mouclass - ok
18:22:48.0740 2964 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:22:48.0749 2964 mouhid - ok
18:22:48.0798 2964 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:22:48.0807 2964 mountmgr - ok
18:22:48.0847 2964 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:22:48.0858 2964 mpio - ok
18:22:48.0881 2964 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:22:48.0919 2964 mpsdrv - ok
18:22:49.0017 2964 mr8980 (a6bccf5e16b208b6b490b6efe6f98623) C:\Windows\system32\DRIVERS\mr8980x64.sys
18:22:49.0073 2964 mr8980 - ok
18:22:49.0132 2964 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:22:49.0181 2964 MRxDAV - ok
18:22:49.0221 2964 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:22:49.0249 2964 mrxsmb - ok
18:22:49.0266 2964 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:22:49.0283 2964 mrxsmb10 - ok
18:22:49.0307 2964 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:22:49.0333 2964 mrxsmb20 - ok
18:22:49.0350 2964 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:22:49.0366 2964 msahci - ok
18:22:49.0375 2964 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:22:49.0384 2964 msdsm - ok
18:22:49.0398 2964 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:22:49.0421 2964 Msfs - ok
18:22:49.0434 2964 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:22:49.0505 2964 mshidkmdf - ok
18:22:49.0514 2964 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:22:49.0523 2964 msisadrv - ok
18:22:49.0558 2964 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:22:49.0624 2964 MSKSSRV - ok
18:22:49.0670 2964 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:22:49.0730 2964 MSPCLOCK - ok
18:22:49.0762 2964 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:22:49.0805 2964 MSPQM - ok
18:22:49.0842 2964 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:22:49.0856 2964 MsRPC - ok
18:22:49.0891 2964 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:22:49.0902 2964 mssmbios - ok
18:22:49.0911 2964 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:22:49.0940 2964 MSTEE - ok
18:22:49.0970 2964 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:22:49.0995 2964 MTConfig - ok
18:22:50.0021 2964 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:22:50.0031 2964 Mup - ok
18:22:50.0066 2964 mv91xx (77073c1af9c0921ff18ee628049bb1a9) C:\Windows\system32\DRIVERS\mv91xx.sys
18:22:50.0078 2964 mv91xx - ok
18:22:50.0142 2964 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:22:50.0172 2964 NativeWifiP - ok
18:22:50.0243 2964 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:22:50.0263 2964 NDIS - ok
18:22:50.0285 2964 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:22:50.0317 2964 NdisCap - ok
18:22:50.0354 2964 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:22:50.0389 2964 NdisTapi - ok
18:22:50.0440 2964 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:22:50.0478 2964 Ndisuio - ok
18:22:50.0508 2964 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:22:50.0548 2964 NdisWan - ok
18:22:50.0592 2964 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:22:50.0652 2964 NDProxy - ok
18:22:50.0662 2964 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:22:50.0707 2964 NetBIOS - ok
18:22:50.0728 2964 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:22:50.0760 2964 NetBT - ok
18:22:50.0843 2964 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:22:50.0852 2964 nfrd960 - ok
18:22:50.0988 2964 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
18:22:51.0019 2964 NPF - ok
18:22:51.0028 2964 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:22:51.0071 2964 Npfs - ok
18:22:51.0088 2964 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:22:51.0134 2964 nsiproxy - ok
18:22:51.0206 2964 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:22:51.0243 2964 Ntfs - ok
18:22:51.0266 2964 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:22:51.0316 2964 Null - ok
18:22:51.0359 2964 NVHDA (dd743dc997f26eddfdcebe7146b458b8) C:\Windows\system32\drivers\nvhda64v.sys
18:22:51.0369 2964 NVHDA - ok
18:22:51.0755 2964 nvlddmkm (88e141b9df63c41ea272b2f712d1a227) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:22:52.0066 2964 nvlddmkm - ok
18:22:52.0117 2964 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:22:52.0126 2964 nvraid - ok
18:22:52.0153 2964 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:22:52.0162 2964 nvstor - ok
18:22:52.0231 2964 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:22:52.0241 2964 nv_agp - ok
18:22:52.0258 2964 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:22:52.0280 2964 ohci1394 - ok
18:22:52.0324 2964 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:22:52.0347 2964 Parport - ok
18:22:52.0391 2964 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:22:52.0401 2964 partmgr - ok
18:22:52.0422 2964 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:22:52.0433 2964 pci - ok
18:22:52.0462 2964 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:22:52.0468 2964 pciide - ok
18:22:52.0536 2964 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:22:52.0553 2964 pcmcia - ok
18:22:52.0571 2964 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:22:52.0579 2964 pcw - ok
18:22:52.0613 2964 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:22:52.0660 2964 PEAUTH - ok
18:22:52.0746 2964 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:22:52.0776 2964 PptpMiniport - ok
18:22:52.0810 2964 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:22:52.0832 2964 Processor - ok
18:22:52.0895 2964 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:22:52.0929 2964 Psched - ok
18:22:52.0994 2964 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:22:53.0041 2964 ql2300 - ok
18:22:53.0070 2964 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:22:53.0082 2964 ql40xx - ok
18:22:53.0122 2964 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:22:53.0145 2964 QWAVEdrv - ok
18:22:53.0286 2964 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:22:53.0350 2964 RasAcd - ok
18:22:53.0500 2964 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:22:53.0532 2964 RasAgileVpn - ok
18:22:53.0544 2964 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:22:53.0593 2964 Rasl2tp - ok
18:22:53.0607 2964 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:22:53.0656 2964 RasPppoe - ok
18:22:53.0672 2964 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:22:53.0703 2964 RasSstp - ok
18:22:53.0742 2964 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:22:53.0768 2964 rdbss - ok
18:22:53.0791 2964 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:22:53.0806 2964 rdpbus - ok
18:22:53.0824 2964 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:22:53.0861 2964 RDPCDD - ok
18:22:53.0892 2964 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:22:53.0932 2964 RDPENCDD - ok
18:22:53.0943 2964 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:22:53.0966 2964 RDPREFMP - ok
18:22:54.0000 2964 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:22:54.0026 2964 RDPWD - ok
18:22:54.0055 2964 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:22:54.0067 2964 rdyboost - ok
18:22:54.0121 2964 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:22:54.0155 2964 rspndr - ok
18:22:54.0231 2964 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:22:54.0260 2964 RTL8167 - ok
18:22:54.0341 2964 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:22:54.0353 2964 sbp2port - ok
18:22:54.0401 2964 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:22:54.0440 2964 scfilter - ok
18:22:54.0482 2964 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:22:54.0541 2964 secdrv - ok
18:22:54.0578 2964 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:22:54.0586 2964 Serenum - ok
18:22:54.0616 2964 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:22:54.0640 2964 Serial - ok
18:22:54.0682 2964 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:22:54.0705 2964 sermouse - ok
18:22:54.0729 2964 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:22:54.0768 2964 sffdisk - ok
18:22:54.0784 2964 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:22:54.0796 2964 sffp_mmc - ok
18:22:54.0819 2964 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:22:54.0842 2964 sffp_sd - ok
18:22:54.0879 2964 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:22:54.0891 2964 sfloppy - ok
18:22:54.0946 2964 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:22:54.0958 2964 SiSRaid2 - ok
18:22:54.0994 2964 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:22:55.0005 2964 SiSRaid4 - ok
18:22:55.0038 2964 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:22:55.0097 2964 Smb - ok
18:22:55.0124 2964 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:22:55.0134 2964 spldr - ok
18:22:55.0211 2964 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
18:22:55.0211 2964 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
18:22:55.0213 2964 sptd ( LockedFile.Multi.Generic ) - warning
18:22:55.0213 2964 sptd - detected LockedFile.Multi.Generic (1)
18:22:55.0238 2964 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:22:55.0284 2964 srv - ok
18:22:55.0308 2964 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:22:55.0358 2964 srv2 - ok
18:22:55.0381 2964 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:22:55.0405 2964 srvnet - ok
18:22:55.0445 2964 SSPORT - ok
18:22:55.0516 2964 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:22:55.0526 2964 stexstor - ok
18:22:55.0585 2964 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:22:55.0597 2964 swenum - ok
18:22:55.0722 2964 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:22:55.0772 2964 Tcpip - ok
18:22:55.0831 2964 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:22:55.0863 2964 TCPIP6 - ok
18:22:55.0916 2964 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:22:55.0974 2964 tcpipreg - ok
18:22:55.0993 2964 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:22:56.0035 2964 TDPIPE - ok
18:22:56.0062 2964 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:22:56.0095 2964 TDTCP - ok
18:22:56.0124 2964 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:22:56.0155 2964 tdx - ok
18:22:56.0235 2964 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:22:56.0245 2964 TermDD - ok
18:22:56.0323 2964 truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
18:22:56.0335 2964 truecrypt - ok
18:22:56.0375 2964 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:22:56.0442 2964 tssecsrv - ok
18:22:56.0529 2964 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:22:56.0544 2964 TsUsbFlt - ok
18:22:56.0579 2964 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:22:56.0625 2964 tunnel - ok
18:22:56.0653 2964 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:22:56.0664 2964 uagp35 - ok
18:22:56.0725 2964 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:22:56.0759 2964 udfs - ok
18:22:56.0800 2964 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:22:56.0809 2964 uliagpkx - ok
18:22:56.0846 2964 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:22:56.0868 2964 umbus - ok
18:22:56.0895 2964 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:22:56.0917 2964 UmPass - ok
18:22:56.0949 2964 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:22:56.0971 2964 usbaudio - ok
18:22:57.0012 2964 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:22:57.0027 2964 usbccgp - ok
18:22:57.0058 2964 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:22:57.0085 2964 usbcir - ok
18:22:57.0126 2964 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:22:57.0147 2964 usbehci - ok
18:22:57.0178 2964 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:22:57.0199 2964 usbhub - ok
18:22:57.0219 2964 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:22:57.0237 2964 usbohci - ok
18:22:57.0259 2964 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:22:57.0273 2964 usbprint - ok
18:22:57.0307 2964 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:22:57.0324 2964 USBSTOR - ok
18:22:57.0341 2964 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:22:57.0381 2964 usbuhci - ok
18:22:57.0428 2964 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:22:57.0443 2964 usbvideo - ok
18:22:57.0479 2964 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:22:57.0490 2964 vdrvroot - ok
18:22:57.0512 2964 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:22:57.0558 2964 vga - ok
18:22:57.0602 2964 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:22:57.0667 2964 VgaSave - ok
18:22:57.0699 2964 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:22:57.0710 2964 vhdmp - ok
18:22:57.0768 2964 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:22:57.0775 2964 viaide - ok
18:22:57.0785 2964 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:22:57.0794 2964 volmgr - ok
18:22:57.0853 2964 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:22:57.0866 2964 volmgrx - ok
18:22:57.0898 2964 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:22:57.0909 2964 volsnap - ok
18:22:57.0930 2964 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:22:57.0939 2964 vsmraid - ok
18:22:57.0961 2964 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:22:57.0990 2964 vwifibus - ok
18:22:58.0022 2964 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:22:58.0037 2964 WacomPen - ok
18:22:58.0079 2964 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:58.0113 2964 WANARP - ok
18:22:58.0116 2964 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:58.0144 2964 Wanarpv6 - ok
18:22:58.0166 2964 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:22:58.0176 2964 Wd - ok
18:22:58.0193 2964 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:22:58.0213 2964 Wdf01000 - ok
18:22:58.0268 2964 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:22:58.0293 2964 WfpLwf - ok
18:22:58.0315 2964 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:22:58.0364 2964 WIMMount - ok
18:22:58.0462 2964 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:22:58.0489 2964 WinUsb - ok
18:22:58.0600 2964 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:22:58.0611 2964 WmiAcpi - ok
18:22:58.0650 2964 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:22:58.0681 2964 ws2ifsl - ok
18:22:58.0716 2964 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:22:58.0756 2964 WudfPf - ok
18:22:58.0768 2964 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:22:58.0818 2964 WUDFRd - ok
18:22:58.0919 2964 XENfiltv (754c8bf43f0dd4b54865f174a62761e9) C:\Windows\system32\drivers\XENfiltv.sys
18:22:59.0150 2964 XENfiltv - ok
18:22:59.0183 2964 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
18:22:59.0576 2964 \Device\Harddisk0\DR0 - ok
18:22:59.0666 2964 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
18:23:20.0396 2964 \Device\Harddisk1\DR1 - ok
18:23:20.0567 2964 Boot (0x1200) (0b98b9422d1b4471ba2b98eba915f335) \Device\Harddisk0\DR0\Partition0
18:23:20.0609 2964 \Device\Harddisk0\DR0\Partition0 - ok
18:23:20.0621 2964 Boot (0x1200) (89a6aeb194b8f3801d332890a478ee28) \Device\Harddisk0\DR0\Partition1
18:23:20.0624 2964 \Device\Harddisk0\DR0\Partition1 - ok
18:23:20.0679 2964 Boot (0x1200) (739420f675c5a2d3f93e8a3a5021d74a) \Device\Harddisk1\DR1\Partition0
18:23:20.0839 2964 \Device\Harddisk1\DR1\Partition0 - ok
18:23:20.0839 2964 ============================================================
18:23:20.0839 2964 Scan finished
18:23:20.0839 2964 ============================================================
18:23:20.0846 2648 Detected object count: 1
18:23:20.0846 2648 Actual detected object count: 1
18:23:52.0121 2648 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:23:52.0121 2648 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
|
|
22.12.2011, 18:27
| #6 |
| | Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] War es nun ein Fehlalarm oder ist das kein Rootbot ö.ä. ? |
|
22.12.2011, 18:42
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] SPTD ist ein Treiber für CD/DVD Emus wie zB DaemonTools. Soweit war alles unauffällig. Rechner im Lot, gibt noch Probleme die uns veranlassen sollten tiefer zu buddeln? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.12.2011, 20:23
| #8 |
| | Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] Hab soweit keine weitere Probleme. Das mit dem Treiber hab ich schon vermutet aber auch "Roots" verstecken sich ja gern hinter solchen Namen. Ich werd ab und zu mal "nachscannen" und mit TCP Viewer gucken, ob da Pakete gesendet werden, die nicht sein sollten. Vielen Dank für eure Hilfe & fröhlichen Weihnachten !!! |
|
22.12.2011, 20:26
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] |
| adobe, antivir, aswmbr, avg, avira, bho, classpnp.sys, computer, desktop, document, error, excel.exe, firefox, format, helper, home, langs, launch, log file, logfile, mozilla, nvidia update, object, plug-in, realtek, registry, rootkit, senden, system, trojaner, viren, webcheck, windows, windows xp |
![Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]](iconimages/log-analyse-auswertung/verdacht-rootkit-acpi-sys-unknown-0xfffffa8003a912c0_ltr.gif)
Linear-Darstellung
