Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]

Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]


Log-Analyse und Auswertung: Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 18.12.2011, 11:26   #1
kay2012
 
Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] - Standard

Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]


Hallo liebe Helfer,

ich bin habe meinen PC mit "aswMBR" gescannt und dabei einen rot markierten Bereich angezeigt bekommen:

Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-18 10:24:08
-----------------------------
10:24:08.699    OS Version: Windows x64 6.1.7601 Service Pack 1
10:24:08.699    Number of processors: 4 586 0x403
10:24:08.699    ComputerName: MAZ-PC  UserName: maz
10:24:09.934    Initialize success
10:24:57.568    AVAST engine defs: 11121800
10:25:07.803    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
10:25:07.803    Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
10:25:07.803    Disk 0 MBR read successfully
10:25:07.803    Disk 0 MBR scan
10:25:07.803    Disk 0 Windows XP default MBR code
10:25:07.818    Service scanning
10:25:08.256    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:25:08.787    Modules scanning
10:25:08.787    Disk 0 trace - called modules:
10:25:08.787    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]<<
10:25:08.787    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fa8060]
10:25:08.787    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80049419b0]
10:25:08.787    5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004f9a060]
10:25:08.787    \Driver\atapi[0xfffffa8003ac0de0] -> IRP_MJ_CREATE -> 0xfffffa8003a912c0
10:25:21.209    AVAST engine scan C:\Windows
10:25:32.178    AVAST engine scan C:\Windows\system32
10:26:52.443    AVAST engine scan C:\Windows\system32\drivers
10:26:59.459    AVAST engine scan C:\Users\maz
10:30:05.803    AVAST engine scan C:\ProgramData
10:30:53.600    Scan finished successfully
10:32:47.741    Disk 0 MBR has been saved successfully to "C:\Users\maz\Desktop\MBR.dat"
10:32:47.741    The log file has been saved successfully to "C:\Users\maz\Desktop\aswMBRlog1.txt"
Hier der Scan mit OTL:

Code:
ATTFilter
OTL logfile created on: 18.12.2011 10:13:11 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = E:\Viren und Trojaner Hilfeordner\Analyse\2 OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,40% Memory free
11,81 Gb Paging File | 10,20 Gb Available in Paging File | 86,36% Paging File free
Paging file location(s): c:\pagefile.sys 8000 8000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 802,03 Gb Free Space | 86,11% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 366,03 Gb Free Space | 61,40% Space Free | Partition Type: NTFS
 
Computer Name: MAZ-PC | User Name: maz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.17 13:34:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\Viren und Trojaner Hilfeordner\Analyse\2 OTL\OTL.exe
PRC - [2011.12.09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
PRC - [2011.12.06 19:18:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.11.24 05:59:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.11.23 19:29:22 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.11.09 19:27:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.01.07 01:03:20 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.23 19:29:08 | 000,349,504 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.11.09 19:27:12 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.01.07 01:03:20 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.09 03:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2011.12.09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011.12.06 19:18:22 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.11.24 05:59:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011.11.23 19:29:22 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.09 08:38:03 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.11.09 15:21:39 | 000,187,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.10.19 16:56:15 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.22 17:38:52 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.05.13 22:30:05 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.17 17:11:50 | 000,108,032 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2010.04.16 15:49:06 | 000,114,048 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mr8980x64.sys -- (mr8980)
DRV:64bit: - [2010.03.17 09:14:02 | 000,302,632 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2009.10.07 07:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam S7500(UVC)
DRV:64bit: - [2009.10.07 07:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.07.31 11:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XENfiltv.sys -- (XENfiltv)
DRV:64bit: - [2009.07.30 12:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.04 17:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008.01.19 05:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV - [2010.04.16 15:49:06 | 000,114,048 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MR8980x64.sys -- (mr8980)
DRV - [2009.07.29 18:55:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 6F 93 F0 D4 10 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.google.com/webhp?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\maz\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.22 14:28:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.22 14:28:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 19:27:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.17 19:13:37 | 000,000,000 | ---D | M]
 
[2011.05.12 19:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maz\AppData\Roaming\mozilla\Extensions
[2011.12.16 06:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maz\AppData\Roaming\mozilla\Firefox\Profiles\l17q9gvj.default\extensions
[2011.11.11 21:39:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\maz\AppData\Roaming\mozilla\Firefox\Profiles\l17q9gvj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.09 19:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\MAZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L17Q9GVJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.09 19:27:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.05 10:44:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.05 10:44:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.05 10:44:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.14 18:46:57 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.09.05 10:44:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.05 10:44:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.05 10:44:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6B46ADE-73F0-4405-890F-AB73DE899EDE}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.18 09:41:37 | 000,000,000 | ---D | C] -- C:\Users\maz\Documents\3DMark 11
[2011.12.18 09:41:18 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\IsolatedStorage
[2011.12.18 09:41:16 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Futuremark_Corporation
[2011.12.18 09:22:08 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2011.12.18 09:22:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2011.12.17 18:18:41 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Malwarebytes
[2011.12.17 18:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.17 18:18:32 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.13 20:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011.12.13 20:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011.12.13 20:44:39 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.12.13 20:44:39 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.12.11 20:18:21 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Chromium
[2011.12.11 18:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011.12.11 18:25:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.12.11 17:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SamsungPrinterLiveUpdate
[2011.12.11 17:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
[2011.12.11 17:53:12 | 000,000,000 | ---D | C] -- C:\Windows\Samsung
[2011.12.11 17:53:02 | 000,151,552 | ---- | C] (SS) -- C:\Windows\SysNative\ssp7mci.exe
[2011.12.11 17:53:02 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\ssp7mci.dll
[2011.12.11 17:53:02 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\ssdevm.dll
[2011.12.11 17:53:02 | 000,074,240 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\ssdevm64.dll
[2011.12.11 17:53:02 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\ssusbpn.dll
[2011.12.11 17:53:02 | 000,047,104 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\ssusbp64.dll
[2011.12.11 17:51:39 | 000,011,576 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\drivers\SSPORT.SYS
[2011.12.11 17:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2011.12.11 17:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2011.12.11 17:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2011.12.10 19:17:20 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\pokerth
[2011.12.06 21:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2011.12.06 21:09:42 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Apple Computer
[2011.12.04 08:42:39 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Avira
[2011.12.04 08:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.04 08:37:14 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.04 08:37:14 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.04 08:37:14 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.04 08:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.12.04 08:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg
[2011.12.04 08:10:46 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\F-Secure
[2011.12.04 08:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011.12.03 22:09:34 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\GetRightToGo
[2011.12.03 22:09:34 | 000,000,000 | ---D | C] -- C:\Users\maz\Documents\Downloads
[2011.12.03 17:45:28 | 000,000,000 | ---D | C] -- C:\Users\maz\Documents\Take On Helicopters Demo
[2011.12.03 17:45:28 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Take On Helicopters Demo
[2011.12.02 17:45:12 | 000,000,000 | ---D | C] -- C:\Users\maz\Documents\sec4
[2011.12.02 17:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec
[2011.11.26 21:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2011.11.26 20:10:53 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\TP
[2011.11.25 07:19:45 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\lazarus
[2011.11.24 18:51:37 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Need for Speed World
[2011.11.22 18:45:10 | 000,000,000 | ---D | C] -- C:\LH1
[2011.11.21 19:43:53 | 000,000,000 | ---D | C] -- C:\WinSetupFromUSB
[2011.11.19 23:32:40 | 000,000,000 | ---D | C] -- C:\cuprojects
[2011.11.19 21:58:00 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Electronic_Arts_Inc
[2011.11.19 21:54:17 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Akamai
[2011.11.18 18:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2011.11.18 18:38:08 | 000,256,000 | ---- | C] (SEC) -- C:\Windows\SysNative\SIPDUtil.dll
[2011.11.18 18:38:08 | 000,162,096 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\Windows\SysNative\SUPDSvcA.dll
[2011.11.18 18:38:07 | 000,166,704 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\Windows\SysNative\SUPDSvc.exe
[2011.11.18 18:38:07 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\spd__ci.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.18 09:54:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.18 09:22:08 | 000,001,086 | ---- | M] () -- C:\Users\maz\Desktop\MSI Afterburner.lnk
[2011.12.18 08:51:48 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.18 08:51:48 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.18 08:49:16 | 001,506,326 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.18 08:49:16 | 000,656,544 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.18 08:49:16 | 000,618,426 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.18 08:49:16 | 000,131,014 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.18 08:49:16 | 000,107,404 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.18 08:44:26 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.18 08:44:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.18 08:44:19 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.17 22:23:39 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.12.17 22:23:39 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.17 21:58:57 | 000,000,600 | ---- | M] () -- C:\Users\maz\AppData\Local\PUTTY.RND
[2011.12.17 21:03:04 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.12.11 18:01:18 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.11 17:42:46 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\L.A. Noire.lnk
[2011.12.09 08:38:03 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.09 06:33:06 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011.12.06 19:19:03 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011.12.06 19:18:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.04 08:12:44 | 001,544,938 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.04 08:12:37 | 000,019,476 | ---- | M] () -- C:\Windows\prodsett_copy.ini
[2011.11.27 14:42:59 | 000,001,467 | ---- | M] () -- C:\Users\maz\.recently-used.xbel
[2011.11.26 21:20:59 | 000,000,052 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2011.11.26 07:43:03 | 000,052,275 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2011.11.24 05:59:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.11.24 05:59:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.11.24 05:59:00 | 000,007,653 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011.11.23 19:29:36 | 000,406,336 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.18 09:22:08 | 000,001,086 | ---- | C] () -- C:\Users\maz\Desktop\MSI Afterburner.lnk
[2011.12.13 20:44:39 | 000,007,653 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011.12.11 18:01:18 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.11 17:53:13 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.12.11 17:53:03 | 000,000,357 | ---- | C] () -- C:\Windows\SysNative\ssp7ml6.smt
[2011.12.11 17:42:46 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\L.A. Noire.lnk
[2011.12.04 08:12:37 | 000,019,476 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2011.12.04 08:12:36 | 001,544,938 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.27 14:42:59 | 000,001,467 | ---- | C] () -- C:\Users\maz\.recently-used.xbel
[2011.11.23 19:29:36 | 000,406,336 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.11.18 18:38:07 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\DscPnt.dll
[2011.11.18 18:38:07 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011.11.18 18:38:07 | 000,151,552 | ---- | C] () -- C:\Windows\SysNative\spd__ci.exe
[2011.11.18 18:38:07 | 000,027,648 | ---- | C] () -- C:\Windows\SysNative\spd__l.dll
[2011.11.18 18:38:07 | 000,000,357 | ---- | C] () -- C:\Windows\SysNative\spd__l.smt
[2011.11.03 22:43:36 | 000,004,096 | -H-- | C] () -- C:\Users\maz\AppData\Local\keyfile3.drm
[2011.10.31 23:10:18 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2011.10.31 23:09:11 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2011.10.31 23:09:10 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.19 18:12:11 | 000,000,096 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2011.09.19 14:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011.09.11 07:44:01 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.09.04 16:49:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.14 22:35:55 | 000,007,595 | ---- | C] () -- C:\Users\maz\AppData\Local\Resmon.ResmonCfg
[2011.05.12 22:51:12 | 000,000,600 | ---- | C] () -- C:\Users\maz\AppData\Local\PUTTY.RND
[2011.05.12 22:24:42 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.12 22:24:41 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.05.12 22:24:41 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.05.29 17:47:44 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\.purple
[2011.09.20 19:35:19 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Ableton
[2011.09.19 17:10:42 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\aborange
[2011.05.15 08:47:37 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Ashampoo
[2011.09.07 07:33:40 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Blender Foundation
[2011.10.18 19:55:34 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\calibre
[2011.12.18 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\DAEMON Tools Lite
[2011.12.18 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\FileZilla
[2011.12.03 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\GetRightToGo
[2011.05.15 19:12:45 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\gtk-2.0
[2011.09.25 10:13:29 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Image-Line
[2011.05.14 16:50:41 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Leadertech
[2011.11.24 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Need for Speed World
[2011.05.28 19:48:28 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Notepad++
[2011.05.13 23:00:14 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\OpenOffice.org
[2011.10.26 18:03:34 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Origin
[2011.09.19 18:23:29 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\PhotoScape
[2011.12.10 19:17:20 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\pokerth
[2011.05.15 09:05:59 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Serif
[2011.11.26 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Steinberg
[2011.09.28 17:48:31 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\SynthMaker
[2011.11.21 18:13:07 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\TeamViewer
[2011.11.26 20:10:53 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\TP
[2011.05.13 22:58:53 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\TrueCrypt
[2011.12.18 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\TS3Client
[2011.05.14 18:24:26 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Unity
[2011.09.07 14:49:15 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Windows Live Writer
[2011.09.13 10:34:25 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\XMedia Recode
[2011.05.13 22:27:05 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\XProfanFree
[2011.11.04 23:21:59 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\{50A2320B-16F8-4CD0-9404-2F8F9C2128A7}
[2011.10.29 07:37:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Was ist zu tun ?
Vielen Dank im voraus.

Anhang 25975
Anhang 25976

 

Themen zu Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]
adobe, antivir, aswmbr, avg, avira, bho, classpnp.sys, computer, desktop, document, error, excel.exe, firefox, format, helper, home, langs, launch, log file, logfile, mozilla, nvidia update, object, plug-in, realtek, registry, rootkit, senden, system, trojaner, viren, webcheck, windows, windows xp


« Ist mein System noch sicher? Häufige Antivir-(Fehler?)Meldungen | BKA Virus »


Ähnliche Themen: Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]


  1. Rootkit verdacht unter win7 64bit ultimate
    Log-Analyse und Auswertung - 30.11.2015 (35)
  2. Windows 8.1(Bootcamp;MacBookPro)- Verdacht auf Rootkit bzw. Malware
    Log-Analyse und Auswertung - 21.05.2015 (5)
  3. Windows 7 Verdacht auf Rootkit
    Log-Analyse und Auswertung - 22.09.2014 (3)
  4. AVG meldet Anti-Rootkit infektion unknown NtMapViewOfSection...
    Plagegeister aller Art und deren Bekämpfung - 04.05.2014 (14)
  5. Sporadische Adf.ly-Popups, Verdacht auf Rootkit
    Log-Analyse und Auswertung - 16.06.2013 (28)
  6. Verdacht auf ZeroAccess Rootkit
    Log-Analyse und Auswertung - 23.04.2013 (7)
  7. Hartnäckigen Virus! (5) (Verdacht auf Rootkit?)
    Plagegeister aller Art und deren Bekämpfung - 17.11.2012 (20)
  8. Verdacht auf Virus Trojaner Rootkit
    Log-Analyse und Auswertung - 08.06.2012 (1)
  9. Windows XP Service Pack 3 nicht installierbar (acpi.sys) - Rootkit-Befall?
    Log-Analyse und Auswertung - 15.02.2012 (43)
  10. Verdacht auf Rootkit-Verseuchung Windows 7 64bit
    Log-Analyse und Auswertung - 22.08.2011 (4)
  11. GMER Auswertung verdacht auf Rootkit
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (14)
  12. Gmer meldet Rootkit Verdacht: HIDDEN MSSQL Service
    Log-Analyse und Auswertung - 04.08.2010 (5)
  13. Rootkit verdacht aber kann keine scanner installieren!
    Plagegeister aller Art und deren Bekämpfung - 23.01.2010 (16)
  14. Hijack-Logfile (Rootkit-Verdacht unter Vista)
    Log-Analyse und Auswertung - 02.07.2008 (0)
  15. Verdacht auf RootKit
    Plagegeister aller Art und deren Bekämpfung - 29.11.2007 (57)
  16. Schreibzugriff auf ACPI
    Plagegeister aller Art und deren Bekämpfung - 22.11.2006 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] - Hallo liebe Helfer, ich bin habe meinen PC mit "aswMBR" gescannt und dabei einen rot markierten Bereich angezeigt bekommen: Code: Alles auswählen Aufklappen ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST - Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]...
Archiv
Du betrachtest: Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19