| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner im Recycle.bin, Datei nicht existend?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.10.2011, 09:55
| #16 |
 |  Trojaner im Recycle.bin, Datei nicht existend? otl fix log Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6519598c-ed30-11e0-aca8-001fd09ebcdb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6519598c-ed30-11e0-aca8-001fd09ebcdb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6519598c-ed30-11e0-aca8-001fd09ebcdb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6519598c-ed30-11e0-aca8-001fd09ebcdb}\ not found.
File "H:\WD SmartWare.exe" autoplay=true not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 1332365 bytes
->Temporary Internet Files folder emptied: 24462121 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46856484 bytes
->Flash cache emptied: 645 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3128320 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7256 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 72,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.29.1 log created on 10082011_105109
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
08.10.2011, 16:52
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner im Recycle.bin, Datei nicht existend? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ |
|
08.10.2011, 20:45
| #18 |
| | Trojaner im Recycle.bin, Datei nicht existend? Hi, hab ich mir ein rootkit eingefangen oder wie?
__________________ich hab alle Funde geskippt, sollte ich nochmal mit Kaserpersky Tool scannen und die Funde entfernen? Oder Fehlmeldungen... Kasepersky tool log Code:
ATTFilter 21:40:46.0795 4984 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
21:40:46.0864 4984 ============================================================
21:40:46.0864 4984 Current date / time: 2011/10/08 21:40:46.0864
21:40:46.0864 4984 SystemInfo:
21:40:46.0864 4984
21:40:46.0864 4984 OS Version: 6.1.7601 ServicePack: 1.0
21:40:46.0864 4984 Product type: Workstation
21:40:46.0864 4984 ComputerName: ADMINS_KNECHT
21:40:46.0864 4984 UserName: Admin
21:40:46.0864 4984 Windows directory: C:\Windows
21:40:46.0864 4984 System windows directory: C:\Windows
21:40:46.0864 4984 Processor architecture: Intel x86
21:40:46.0864 4984 Number of processors: 4
21:40:46.0864 4984 Page size: 0x1000
21:40:46.0864 4984 Boot type: Normal boot
21:40:46.0864 4984 ============================================================
21:40:47.0979 4984 Initialize success
21:41:36.0651 6076 ============================================================
21:41:36.0651 6076 Scan started
21:41:36.0651 6076 Mode: Manual; SigCheck; TDLFS;
21:41:36.0651 6076 ============================================================
21:41:36.0978 6076 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:41:37.0025 6076 1394ohci - ok
21:41:37.0056 6076 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:41:37.0056 6076 ACPI - ok
21:41:37.0088 6076 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:41:37.0119 6076 AcpiPmi - ok
21:41:37.0150 6076 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:41:37.0150 6076 adp94xx - ok
21:41:37.0181 6076 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:41:37.0181 6076 adpahci - ok
21:41:37.0197 6076 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:41:37.0212 6076 adpu320 - ok
21:41:37.0244 6076 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:41:37.0290 6076 AFD - ok
21:41:37.0306 6076 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:41:37.0322 6076 agp440 - ok
21:41:37.0337 6076 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:41:37.0337 6076 aic78xx - ok
21:41:37.0353 6076 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:41:37.0368 6076 aliide - ok
21:41:37.0368 6076 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:41:37.0368 6076 amdagp - ok
21:41:37.0384 6076 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:41:37.0384 6076 amdide - ok
21:41:37.0400 6076 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:41:37.0446 6076 AmdK8 - ok
21:41:37.0446 6076 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:41:37.0462 6076 AmdPPM - ok
21:41:37.0493 6076 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:41:37.0493 6076 amdsata - ok
21:41:37.0509 6076 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:41:37.0524 6076 amdsbs - ok
21:41:37.0524 6076 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:41:37.0540 6076 amdxata - ok
21:41:37.0587 6076 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:41:37.0696 6076 AppID - ok
21:41:37.0774 6076 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:41:37.0774 6076 arc - ok
21:41:37.0790 6076 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:41:37.0790 6076 arcsas - ok
21:41:37.0805 6076 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:41:37.0899 6076 AsyncMac - ok
21:41:37.0914 6076 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:41:37.0930 6076 atapi - ok
21:41:37.0946 6076 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
21:41:37.0977 6076 avgntflt - ok
21:41:37.0992 6076 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys
21:41:38.0008 6076 avipbb - ok
21:41:38.0024 6076 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
21:41:38.0024 6076 avkmgr - ok
21:41:38.0055 6076 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:41:38.0086 6076 b06bdrv - ok
21:41:38.0117 6076 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:41:38.0133 6076 b57nd60x - ok
21:41:38.0148 6076 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:41:38.0164 6076 Beep - ok
21:41:38.0180 6076 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:41:38.0211 6076 blbdrive - ok
21:41:38.0242 6076 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:41:38.0273 6076 bowser - ok
21:41:38.0273 6076 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:41:38.0320 6076 BrFiltLo - ok
21:41:38.0320 6076 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:41:38.0351 6076 BrFiltUp - ok
21:41:38.0367 6076 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:41:38.0398 6076 Brserid - ok
21:41:38.0429 6076 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:41:38.0445 6076 BrSerWdm - ok
21:41:38.0460 6076 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:41:38.0460 6076 BrUsbMdm - ok
21:41:38.0523 6076 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:41:38.0554 6076 BrUsbSer - ok
21:41:38.0570 6076 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:41:38.0570 6076 BTHMODEM - ok
21:41:38.0585 6076 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:41:38.0601 6076 cdfs - ok
21:41:38.0648 6076 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
21:41:38.0663 6076 cdrom - ok
21:41:38.0679 6076 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:41:38.0694 6076 circlass - ok
21:41:38.0710 6076 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:41:38.0726 6076 CLFS - ok
21:41:38.0726 6076 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:41:38.0741 6076 CmBatt - ok
21:41:38.0757 6076 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:41:38.0772 6076 cmdide - ok
21:41:38.0788 6076 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
21:41:38.0804 6076 CNG - ok
21:41:38.0804 6076 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:41:38.0819 6076 Compbatt - ok
21:41:38.0850 6076 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:41:38.0866 6076 CompositeBus - ok
21:41:38.0882 6076 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:41:38.0882 6076 crcdisk - ok
21:41:38.0913 6076 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:41:38.0944 6076 CSC - ok
21:41:38.0975 6076 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:41:38.0991 6076 DfsC - ok
21:41:39.0038 6076 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:41:39.0069 6076 discache - ok
21:41:39.0069 6076 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:41:39.0084 6076 Disk - ok
21:41:39.0116 6076 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:41:39.0131 6076 drmkaud - ok
21:41:39.0178 6076 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:41:39.0194 6076 DXGKrnl - ok
21:41:39.0272 6076 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:41:39.0350 6076 ebdrv - ok
21:41:39.0365 6076 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:41:39.0381 6076 elxstor - ok
21:41:39.0443 6076 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:41:39.0474 6076 ErrDev - ok
21:41:39.0490 6076 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:41:39.0521 6076 exfat - ok
21:41:39.0537 6076 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:41:39.0568 6076 fastfat - ok
21:41:39.0584 6076 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:41:39.0599 6076 fdc - ok
21:41:39.0599 6076 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:41:39.0615 6076 FileInfo - ok
21:41:39.0615 6076 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:41:39.0630 6076 Filetrace - ok
21:41:39.0646 6076 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:41:39.0662 6076 flpydisk - ok
21:41:39.0677 6076 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:41:39.0693 6076 FltMgr - ok
21:41:39.0708 6076 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:41:39.0708 6076 FsDepends - ok
21:41:39.0724 6076 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:41:39.0724 6076 Fs_Rec - ok
21:41:39.0740 6076 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:41:39.0755 6076 fvevol - ok
21:41:39.0786 6076 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:41:39.0786 6076 gagp30kx - ok
21:41:39.0802 6076 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\Windows\gdrv.sys
21:41:39.0818 6076 gdrv - ok
21:41:39.0849 6076 GVTDrv (689a8eef2a2d62b28a0a578a6196531c) C:\Windows\system32\Drivers\GVTDrv.sys
21:41:39.0849 6076 GVTDrv - ok
21:41:39.0864 6076 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:41:39.0911 6076 hcw85cir - ok
21:41:39.0942 6076 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:41:39.0974 6076 HdAudAddService - ok
21:41:39.0989 6076 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:41:40.0020 6076 HDAudBus - ok
21:41:40.0036 6076 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:41:40.0052 6076 HidBatt - ok
21:41:40.0052 6076 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:41:40.0067 6076 HidBth - ok
21:41:40.0098 6076 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:41:40.0114 6076 HidIr - ok
21:41:40.0192 6076 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
21:41:40.0208 6076 HidUsb - ok
21:41:40.0223 6076 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:41:40.0239 6076 HpSAMD - ok
21:41:40.0270 6076 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:41:40.0301 6076 HTTP - ok
21:41:40.0332 6076 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:41:40.0348 6076 hwpolicy - ok
21:41:40.0364 6076 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:41:40.0395 6076 i8042prt - ok
21:41:40.0410 6076 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:41:40.0426 6076 iaStorV - ok
21:41:40.0442 6076 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:41:40.0457 6076 iirsp - ok
21:41:40.0504 6076 IntcAzAudAddService (c3c499a704a2d7958d9d7e5a9db60ce4) C:\Windows\system32\drivers\RTKVHDA.sys
21:41:40.0582 6076 IntcAzAudAddService - ok
21:41:40.0598 6076 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:41:40.0598 6076 intelide - ok
21:41:40.0613 6076 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:41:40.0644 6076 intelppm - ok
21:41:40.0644 6076 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:41:40.0676 6076 IpFilterDriver - ok
21:41:40.0691 6076 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:41:40.0707 6076 IPMIDRV - ok
21:41:40.0722 6076 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:41:40.0754 6076 IPNAT - ok
21:41:40.0769 6076 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:41:40.0800 6076 IRENUM - ok
21:41:40.0832 6076 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:41:40.0832 6076 isapnp - ok
21:41:40.0863 6076 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:41:40.0863 6076 iScsiPrt - ok
21:41:40.0894 6076 JRAID (b07084095f8c03aadb9811c9df14b5e4) C:\Windows\system32\DRIVERS\jraid.sys
21:41:40.0925 6076 JRAID - ok
21:41:40.0988 6076 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:41:41.0003 6076 kbdclass - ok
21:41:41.0034 6076 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
21:41:41.0050 6076 kbdhid - ok
21:41:41.0081 6076 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
21:41:41.0081 6076 KSecDD - ok
21:41:41.0097 6076 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
21:41:41.0112 6076 KSecPkg - ok
21:41:41.0128 6076 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
21:41:41.0144 6076 Lbd - ok
21:41:41.0175 6076 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:41:41.0175 6076 LHidFilt - ok
21:41:41.0190 6076 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:41:41.0206 6076 lltdio - ok
21:41:41.0222 6076 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:41:41.0222 6076 LMouFilt - ok
21:41:41.0253 6076 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:41:41.0253 6076 LSI_FC - ok
21:41:41.0268 6076 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:41:41.0268 6076 LSI_SAS - ok
21:41:41.0284 6076 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:41:41.0284 6076 LSI_SAS2 - ok
21:41:41.0300 6076 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:41:41.0300 6076 LSI_SCSI - ok
21:41:41.0315 6076 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:41:41.0346 6076 luafv - ok
21:41:41.0378 6076 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:41:41.0378 6076 megasas - ok
21:41:41.0409 6076 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:41:41.0409 6076 MegaSR - ok
21:41:41.0424 6076 MEMSWEEP2 - ok
21:41:41.0424 6076 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:41:41.0456 6076 Modem - ok
21:41:41.0471 6076 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:41:41.0502 6076 monitor - ok
21:41:41.0518 6076 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:41:41.0534 6076 mouclass - ok
21:41:41.0534 6076 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:41:41.0565 6076 mouhid - ok
21:41:41.0596 6076 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:41:41.0596 6076 mountmgr - ok
21:41:41.0612 6076 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:41:41.0627 6076 mpio - ok
21:41:41.0643 6076 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:41:41.0674 6076 mpsdrv - ok
21:41:41.0752 6076 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:41:41.0799 6076 MRxDAV - ok
21:41:41.0846 6076 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:41:41.0877 6076 mrxsmb - ok
21:41:41.0892 6076 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:41:41.0924 6076 mrxsmb10 - ok
21:41:41.0955 6076 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:41:41.0970 6076 mrxsmb20 - ok
21:41:42.0002 6076 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:41:42.0002 6076 msahci - ok
21:41:42.0033 6076 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:41:42.0033 6076 msdsm - ok
21:41:42.0048 6076 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:41:42.0064 6076 Msfs - ok
21:41:42.0080 6076 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:41:42.0111 6076 mshidkmdf - ok
21:41:42.0142 6076 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:41:42.0142 6076 msisadrv - ok
21:41:42.0158 6076 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:41:42.0189 6076 MSKSSRV - ok
21:41:42.0204 6076 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:41:42.0236 6076 MSPCLOCK - ok
21:41:42.0236 6076 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:41:42.0251 6076 MSPQM - ok
21:41:42.0282 6076 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:41:42.0298 6076 MsRPC - ok
21:41:42.0314 6076 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:41:42.0314 6076 mssmbios - ok
21:41:42.0329 6076 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:41:42.0360 6076 MSTEE - ok
21:41:42.0392 6076 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:41:42.0407 6076 MTConfig - ok
21:41:42.0407 6076 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:41:42.0423 6076 Mup - ok
21:41:42.0454 6076 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:41:42.0470 6076 NativeWifiP - ok
21:41:42.0501 6076 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:41:42.0532 6076 NDIS - ok
21:41:42.0548 6076 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:41:42.0563 6076 NdisCap - ok
21:41:42.0626 6076 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:41:42.0657 6076 NdisTapi - ok
21:41:42.0688 6076 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:41:42.0704 6076 Ndisuio - ok
21:41:42.0750 6076 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:41:42.0766 6076 NdisWan - ok
21:41:42.0797 6076 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:41:42.0828 6076 NDProxy - ok
21:41:42.0844 6076 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:41:42.0875 6076 NetBIOS - ok
21:41:42.0906 6076 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:41:42.0938 6076 NetBT - ok
21:41:42.0984 6076 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:41:42.0984 6076 nfrd960 - ok
21:41:43.0000 6076 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:41:43.0031 6076 Npfs - ok
21:41:43.0031 6076 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:41:43.0047 6076 nsiproxy - ok
21:41:43.0109 6076 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:41:43.0156 6076 Ntfs - ok
21:41:43.0172 6076 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:41:43.0203 6076 Null - ok
21:41:43.0421 6076 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:41:43.0686 6076 nvlddmkm - ok
21:41:43.0718 6076 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:41:43.0718 6076 nvraid - ok
21:41:43.0733 6076 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:41:43.0749 6076 nvstor - ok
21:41:43.0764 6076 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:41:43.0780 6076 nv_agp - ok
21:41:43.0811 6076 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:41:43.0827 6076 ohci1394 - ok
21:41:43.0905 6076 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:41:43.0920 6076 Parport - ok
21:41:43.0967 6076 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:41:43.0967 6076 partmgr - ok
21:41:43.0983 6076 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:41:43.0998 6076 Parvdm - ok
21:41:44.0030 6076 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:41:44.0030 6076 pci - ok
21:41:44.0045 6076 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:41:44.0061 6076 pciide - ok
21:41:44.0076 6076 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:41:44.0076 6076 pcmcia - ok
21:41:44.0092 6076 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:41:44.0092 6076 pcw - ok
21:41:44.0123 6076 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:41:44.0154 6076 PEAUTH - ok
21:41:44.0186 6076 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:41:44.0217 6076 PptpMiniport - ok
21:41:44.0232 6076 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:41:44.0248 6076 Processor - ok
21:41:44.0264 6076 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:41:44.0295 6076 Psched - ok
21:41:44.0326 6076 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
21:41:44.0326 6076 PSI - ok
21:41:44.0373 6076 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:41:44.0435 6076 ql2300 - ok
21:41:44.0435 6076 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:41:44.0451 6076 ql40xx - ok
21:41:44.0451 6076 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:41:44.0466 6076 QWAVEdrv - ok
21:41:44.0466 6076 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:41:44.0498 6076 RasAcd - ok
21:41:44.0529 6076 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:41:44.0560 6076 RasAgileVpn - ok
21:41:44.0576 6076 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:41:44.0607 6076 Rasl2tp - ok
21:41:44.0607 6076 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:41:44.0622 6076 RasPppoe - ok
21:41:44.0654 6076 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:41:44.0669 6076 RasSstp - ok
21:41:44.0700 6076 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:41:44.0732 6076 rdbss - ok
21:41:44.0794 6076 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:41:44.0810 6076 rdpbus - ok
21:41:44.0841 6076 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:41:44.0872 6076 RDPCDD - ok
21:41:44.0903 6076 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:41:44.0950 6076 RDPDR - ok
21:41:44.0966 6076 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:41:44.0981 6076 RDPENCDD - ok
21:41:44.0997 6076 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:41:45.0012 6076 RDPREFMP - ok
21:41:45.0044 6076 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
21:41:45.0059 6076 RDPWD - ok
21:41:45.0090 6076 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:41:45.0106 6076 rdyboost - ok
21:41:45.0153 6076 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
21:41:45.0153 6076 RsFx0103 - ok
21:41:45.0184 6076 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:41:45.0200 6076 rspndr - ok
21:41:45.0215 6076 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
21:41:45.0246 6076 RTL8167 - ok
21:41:45.0278 6076 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:41:45.0309 6076 s3cap - ok
21:41:45.0340 6076 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:41:45.0356 6076 sbp2port - ok
21:41:45.0371 6076 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:41:45.0402 6076 scfilter - ok
21:41:45.0434 6076 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:41:45.0465 6076 secdrv - ok
21:41:45.0465 6076 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:41:45.0480 6076 Serenum - ok
21:41:45.0512 6076 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:41:45.0527 6076 Serial - ok
21:41:45.0574 6076 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:41:45.0590 6076 sermouse - ok
21:41:45.0652 6076 sfdrv01 (00de597b81b381053cb5b21a7f20e365) C:\Windows\system32\drivers\sfdrv01.sys
21:41:45.0668 6076 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
21:41:45.0668 6076 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
21:41:45.0730 6076 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:41:45.0746 6076 sffdisk - ok
21:41:45.0746 6076 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:41:45.0777 6076 sffp_mmc - ok
21:41:45.0777 6076 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:41:45.0792 6076 sffp_sd - ok
21:41:45.0808 6076 sfhlp02 (64b9ab76f1b16eb059cb6cdd906c067a) C:\Windows\system32\drivers\sfhlp02.sys
21:41:45.0808 6076 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
21:41:45.0808 6076 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
21:41:45.0824 6076 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:41:45.0839 6076 sfloppy - ok
21:41:45.0855 6076 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\Windows\system32\drivers\sfsync02.sys
21:41:45.0870 6076 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
21:41:45.0870 6076 sfsync02 - detected UnsignedFile.Multi.Generic (1)
21:41:45.0917 6076 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:41:45.0917 6076 sisagp - ok
21:41:45.0933 6076 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:41:45.0948 6076 SiSRaid2 - ok
21:41:45.0948 6076 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:41:45.0964 6076 SiSRaid4 - ok
21:41:45.0964 6076 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:41:45.0995 6076 Smb - ok
21:41:46.0011 6076 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:41:46.0026 6076 spldr - ok
21:41:46.0058 6076 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys
21:41:46.0058 6076 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
21:41:46.0073 6076 sptd ( LockedFile.Multi.Generic ) - warning
21:41:46.0073 6076 sptd - detected LockedFile.Multi.Generic (1)
21:41:46.0104 6076 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:41:46.0136 6076 srv - ok
21:41:46.0151 6076 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:41:46.0182 6076 srv2 - ok
21:41:46.0198 6076 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:41:46.0214 6076 srvnet - ok
21:41:46.0260 6076 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:41:46.0260 6076 ssmdrv - ok
21:41:46.0292 6076 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:41:46.0292 6076 stexstor - ok
21:41:46.0338 6076 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:41:46.0338 6076 storflt - ok
21:41:46.0354 6076 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:41:46.0370 6076 storvsc - ok
21:41:46.0416 6076 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:41:46.0432 6076 swenum - ok
21:41:46.0494 6076 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
21:41:46.0541 6076 Tcpip - ok
21:41:46.0572 6076 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
21:41:46.0604 6076 TCPIP6 - ok
21:41:46.0619 6076 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:41:46.0650 6076 tcpipreg - ok
21:41:46.0697 6076 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:41:46.0713 6076 TDPIPE - ok
21:41:46.0728 6076 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
21:41:46.0760 6076 TDTCP - ok
21:41:46.0791 6076 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:41:46.0822 6076 tdx - ok
21:41:46.0838 6076 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:41:46.0853 6076 TermDD - ok
21:41:46.0884 6076 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:41:46.0900 6076 tssecsrv - ok
21:41:46.0931 6076 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:41:46.0978 6076 TsUsbFlt - ok
21:41:47.0118 6076 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
21:41:47.0118 6076 TuneUpUtilitiesDrv - ok
21:41:47.0181 6076 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:41:47.0212 6076 tunnel - ok
21:41:47.0259 6076 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:41:47.0274 6076 uagp35 - ok
21:41:47.0306 6076 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:41:47.0337 6076 udfs - ok
21:41:47.0352 6076 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:41:47.0368 6076 uliagpkx - ok
21:41:47.0384 6076 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
21:41:47.0399 6076 umbus - ok
21:41:47.0415 6076 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:41:47.0430 6076 UmPass - ok
21:41:47.0462 6076 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:41:47.0493 6076 usbccgp - ok
21:41:47.0524 6076 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:41:47.0540 6076 usbcir - ok
21:41:47.0555 6076 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:41:47.0586 6076 usbehci - ok
21:41:47.0602 6076 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:41:47.0618 6076 usbhub - ok
21:41:47.0633 6076 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:41:47.0664 6076 usbohci - ok
21:41:47.0680 6076 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:41:47.0696 6076 usbprint - ok
21:41:47.0711 6076 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:41:47.0742 6076 usbscan - ok
21:41:47.0742 6076 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:41:47.0789 6076 USBSTOR - ok
21:41:47.0820 6076 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:41:47.0820 6076 usbuhci - ok
21:41:47.0852 6076 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:41:47.0867 6076 vdrvroot - ok
21:41:47.0914 6076 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:41:47.0930 6076 vga - ok
21:41:47.0945 6076 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:41:47.0961 6076 VgaSave - ok
21:41:47.0976 6076 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:41:47.0992 6076 vhdmp - ok
21:41:48.0023 6076 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:41:48.0023 6076 viaagp - ok
21:41:48.0070 6076 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:41:48.0101 6076 ViaC7 - ok
21:41:48.0117 6076 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:41:48.0132 6076 viaide - ok
21:41:48.0164 6076 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
21:41:48.0164 6076 vmbus - ok
21:41:48.0195 6076 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
21:41:48.0210 6076 VMBusHID - ok
21:41:48.0242 6076 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:41:48.0242 6076 volmgr - ok
21:41:48.0273 6076 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:41:48.0273 6076 volmgrx - ok
21:41:48.0320 6076 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:41:48.0320 6076 volsnap - ok
21:41:48.0351 6076 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:41:48.0351 6076 vsmraid - ok
21:41:48.0460 6076 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
21:41:48.0476 6076 VSPerfDrv100 ( UnsignedFile.Multi.Generic ) - warning
21:41:48.0476 6076 VSPerfDrv100 - detected UnsignedFile.Multi.Generic (1)
21:41:48.0476 6076 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:41:48.0491 6076 vwifibus - ok
21:41:48.0522 6076 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:41:48.0538 6076 WacomPen - ok
21:41:48.0569 6076 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:41:48.0585 6076 WANARP - ok
21:41:48.0585 6076 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:41:48.0600 6076 Wanarpv6 - ok
21:41:48.0647 6076 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:41:48.0663 6076 Wd - ok
21:41:48.0678 6076 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:41:48.0678 6076 Wdf01000 - ok
21:41:48.0710 6076 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:41:48.0725 6076 WfpLwf - ok
21:41:48.0725 6076 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:41:48.0741 6076 WIMMount - ok
21:41:48.0772 6076 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:41:48.0788 6076 WinUsb - ok
21:41:48.0834 6076 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:41:48.0866 6076 WmiAcpi - ok
21:41:48.0881 6076 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:41:48.0912 6076 ws2ifsl - ok
21:41:48.0959 6076 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:41:48.0990 6076 WudfPf - ok
21:41:49.0006 6076 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:41:49.0037 6076 WUDFRd - ok
21:41:49.0068 6076 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:41:49.0115 6076 \Device\Harddisk0\DR0 - ok
21:41:49.0115 6076 Boot (0x1200) (e454c02e3d5dce5b1b6203a90fb833d8) \Device\Harddisk0\DR0\Partition0
21:41:49.0115 6076 \Device\Harddisk0\DR0\Partition0 - ok
21:41:49.0115 6076 Boot (0x1200) (dafb31c84c823fc3b2d15ca2d5a9dd8b) \Device\Harddisk0\DR0\Partition1
21:41:49.0115 6076 \Device\Harddisk0\DR0\Partition1 - ok
21:41:49.0131 6076 Boot (0x1200) (9b2a7cccec1bb0775bd8edd54e5c12d8) \Device\Harddisk0\DR0\Partition2
21:41:49.0131 6076 \Device\Harddisk0\DR0\Partition2 - ok
21:41:49.0131 6076 ============================================================
21:41:49.0131 6076 Scan finished
21:41:49.0131 6076 ============================================================
21:41:49.0146 3796 Detected object count: 5
21:41:49.0146 3796 Actual detected object count: 5
21:43:25.0451 3796 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
21:43:25.0451 3796 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:43:25.0452 3796 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
21:43:25.0452 3796 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:43:25.0453 3796 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
21:43:25.0453 3796 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:43:25.0453 3796 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:43:25.0454 3796 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:43:25.0454 3796 VSPerfDrv100 ( UnsignedFile.Multi.Generic ) - skipped by user
21:43:25.0454 3796 VSPerfDrv100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
10.10.2011, 10:56
| #19 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im Recycle.bin, Datei nicht existend? sfdrv, sfhlp und sfsync scheinen Kopierschutztreiber zu sein. Hast du irgendwelche Spiele installiert? Die meisten neuen Spiele sollte so einen Kopierschutztreiber mitbringen. SPTD ist ok, kannste so lassen. VSPerfDrv100 scheint von Microsoft zu sein, ist also auch ok. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.10.2011, 20:04
| #20 |
| | Trojaner im Recycle.bin, Datei nicht existend? hm obwohl avira aus war, hat es sich am ende paar mal gemeldet, erst nach mehrmaligem ignorieren der combo fix warnung von avira, hat es Ruhe gegeben... combofix log Combofix Logfile: Code:
ATTFilter ComboFix 11-10-12.01 - Admin 12.10.2011 20:37:19.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3326.2181 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\logboot_08.10.2011.tureg.log
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-12 bis 2011-10-12 ))))))))))))))))))))))))))))))
.
.
2011-10-12 18:43 . 2011-10-12 18:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-12 18:18 . 2011-10-12 18:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D535193-E90D-40D1-9844-8AE415EBCC98}\offreg.dll
2011-10-12 18:18 . 2011-09-21 07:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D535193-E90D-40D1-9844-8AE415EBCC98}\mpengine.dll
2011-10-08 20:57 . 2011-10-08 20:57 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-10-08 20:56 . 2011-10-08 20:59 -------- d-----w- c:\program files\NVIDIA Corporation
2011-10-08 20:56 . 2011-10-08 20:56 -------- d-----w- C:\NVIDIA
2011-10-08 20:46 . 2011-10-08 20:46 -------- d-----w- c:\program files\Driver Cleaner Pro
2011-10-08 12:15 . 2011-10-08 12:15 -------- d-----w- c:\program files\Avira
2011-10-08 12:15 . 2011-09-18 06:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-08 12:15 . 2011-09-15 21:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-08 12:15 . 2011-09-15 21:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-08 10:03 . 2011-10-08 10:03 -------- d-----w- c:\program files\CCleaner
2011-10-08 08:51 . 2011-10-08 08:51 -------- d-----w- C:\_OTL
2011-10-07 19:05 . 2011-10-08 12:15 -------- d-----w- c:\programdata\Avira
2011-10-05 17:10 . 2011-10-05 17:10 -------- d-----w- c:\program files\Sophos
2011-10-04 19:19 . 2011-09-28 10:36 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-04 11:00 . 2011-10-04 11:18 -------- d-----w- c:\windows\system32\sound
2011-10-04 10:55 . 2011-10-04 10:55 -------- d-----w- c:\windows\system32\Scenario
2011-10-04 10:55 . 2011-10-04 10:55 -------- d-----w- c:\windows\system32\rmdll
2011-10-04 10:55 . 2011-10-04 10:55 -------- d-----w- c:\windows\system32\rm
2011-10-04 10:54 . 2011-10-04 10:54 -------- d-----w- c:\windows\system32\render
2011-10-04 10:54 . 2011-10-04 10:54 -------- d-----w- c:\windows\system32\fonts
2011-10-04 10:54 . 2011-10-04 10:54 -------- d-----w- c:\windows\system32\Debug
2011-10-04 10:53 . 2011-10-04 10:54 -------- d-----w- c:\windows\system32\DATA
2011-10-04 10:38 . 2011-10-04 10:53 -------- d-----w- c:\windows\system32\art
2011-10-04 10:38 . 2011-10-04 10:38 -------- d-----w- c:\windows\system32\ai
2011-10-04 10:38 . 2011-10-04 10:38 11033360 ----a-w- c:\windows\system32\Spartan.exe
2011-10-04 10:38 . 2011-10-04 10:38 81998 ----a-w- c:\windows\system32\RockallDLL.dll
2011-10-04 10:38 . 2011-10-04 10:38 746496 ----a-w- c:\windows\system32\granny2.dll
2011-10-04 10:37 . 2011-10-04 10:38 139536 ----a-w- c:\windows\system32\eulax.dll
2011-10-04 10:37 . 2011-10-04 10:37 173408 ----a-w- c:\windows\system32\pw32b.dll
2011-10-04 10:37 . 2011-10-04 10:37 152848 ----a-w- c:\windows\system32\AOEOnlineReplace.exe
2011-10-04 10:37 . 2011-10-04 10:37 2982672 ----a-w- c:\windows\system32\AOEOnline.exe
2011-10-04 09:58 . 2011-10-04 09:58 -------- d-----w- c:\program files\Microsoft Games
2011-10-04 09:57 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-10-04 09:57 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-10-04 09:57 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-10-04 09:56 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-10-04 09:56 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-10-04 09:56 . 2011-10-04 09:56 -------- d-----w- c:\windows\system32\xlive
2011-10-04 09:56 . 2011-10-04 09:56 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-10-03 18:32 . 2011-10-03 18:32 -------- d-----w- c:\programdata\Hewlett-Packard
2011-10-03 18:32 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2011-10-03 17:32 . 2011-10-03 17:32 -------- d-----w- c:\program files\Lavalys
2011-10-03 16:52 . 2011-10-03 16:52 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-10-03 16:22 . 2011-10-03 16:22 1 ----a-w- c:\windows\system32\SI.bin
2011-10-03 15:46 . 2011-10-03 17:21 -------- d-----w- c:\programdata\Ubisoft
2011-10-03 15:26 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-10-01 22:27 . 2011-09-16 14:52 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-10-01 22:27 . 2011-09-16 14:44 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-10-01 22:27 . 2011-09-16 14:44 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-10-01 22:27 . 2011-10-01 22:33 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-10-01 22:25 . 2011-10-01 22:29 -------- d-----w- c:\programdata\TuneUp Software
2011-10-01 22:25 . 2011-10-01 22:25 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-10-01 22:06 . 2011-10-01 22:13 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-10-01 22:04 . 2011-10-01 22:04 -------- d-----w- c:\program files\Adobe Media Player
2011-10-01 22:03 . 2011-10-01 22:03 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-10-01 15:24 . 2009-07-21 02:04 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-10-01 15:23 . 2009-07-21 02:04 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-10-01 15:23 . 2011-10-01 15:23 -------- d-----w- c:\windows\system32\RsFx
2011-10-01 15:22 . 2011-10-01 15:22 -------- d-----w- c:\windows\system32\1033
2011-10-01 15:20 . 2011-10-01 15:23 -------- d-----w- c:\program files\Microsoft SQL Server
2011-10-01 15:19 . 2011-10-01 15:19 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-10-01 15:19 . 2011-10-01 15:19 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-10-01 15:19 . 2011-10-01 15:19 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-10-01 15:19 . 2011-10-01 15:19 596304 ----a-w- c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU\install.exe
2011-10-01 15:19 . 2011-10-01 15:19 53088 ----a-w- c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU\install.res.1031.dll
2011-10-01 15:18 . 2011-10-01 15:18 -------- d-----w- c:\programdata\PreEmptive Solutions
2011-10-01 15:16 . 2011-10-12 18:21 -------- d-----w- c:\program files\Microsoft Silverlight
2011-10-01 15:14 . 2011-10-01 15:14 -------- d-----w- c:\program files\Microsoft ASP.NET
2011-10-01 15:14 . 2011-10-01 15:14 -------- d-----w- c:\program files\IIS
2011-10-01 15:14 . 2011-10-04 13:49 2490752 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll
2011-10-01 15:10 . 2011-10-01 15:22 -------- d-----w- c:\windows\system32\1031
2011-10-01 15:09 . 2011-10-01 15:09 -------- d-----w- c:\windows\symbols
2011-10-01 15:09 . 2011-10-04 13:39 -------- d-----w- c:\program files\Common Files\Merge Modules
2011-10-01 15:09 . 2011-10-01 15:20 -------- d-----w- c:\program files\Microsoft SDKs
2011-10-01 15:09 . 2011-10-01 15:18 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-10-01 15:09 . 2011-10-01 15:12 -------- d-----w- c:\program files\Microsoft F#
2011-10-01 15:09 . 2011-10-01 15:10 -------- d-----w- c:\program files\HTML Help Workshop
2011-10-01 15:09 . 2011-10-01 15:09 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-10-01 15:07 . 2011-10-01 15:07 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-10-01 15:05 . 2011-10-01 15:22 -------- d-----w- c:\program files\Microsoft.NET
2011-10-01 15:04 . 2011-10-01 15:04 -------- d-----w- c:\windows\PCHEALTH
2011-10-01 14:20 . 2011-10-01 14:20 -------- d-----w- c:\program files\Alcohol Soft
2011-10-01 14:14 . 2011-10-01 14:14 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-10-01 14:14 . 2011-10-01 14:14 -------- d-----w- c:\program files\Franzis
2011-09-30 09:51 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-09-30 09:51 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-09-30 09:50 . 2011-09-30 09:50 -------- d-----w- c:\program files\Winamp Detect
2011-09-30 09:50 . 2011-09-30 09:51 -------- d-----w- c:\program files\Winamp
2011-09-30 09:45 . 2011-09-30 09:45 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-09-29 20:24 . 2011-09-29 20:24 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2011-09-29 20:15 . 2011-09-29 20:15 -------- d-----w- c:\program files\Secunia
2011-09-28 19:27 . 2011-09-28 19:27 -------- d-----w- c:\program files\Windows7FirewallControl
2011-09-28 18:32 . 2011-09-28 18:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-28 18:32 . 2011-09-28 18:32 -------- d-----w- c:\windows\system32\Macromed
2011-09-28 12:55 . 2011-09-28 12:55 -------- d-----w- c:\program files\mst software
2011-09-28 12:31 . 2011-09-28 12:51 -------- d-----w- c:\program files\Process296Monitor
2011-09-28 11:52 . 2011-09-28 11:52 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2011-09-28 11:40 . 2011-09-28 11:40 -------- d-----w- C:\RaidTool
2011-09-28 11:40 . 2008-03-19 02:54 151552 ------r- c:\windows\system32\xRaidAPI.dll
2011-09-28 11:40 . 2007-11-19 03:28 1966080 ------r- c:\windows\system32\xRaidSetup.exe
2011-09-28 11:40 . 2008-07-31 02:21 79960 ----a-w- c:\windows\system32\drivers\jraid.sys
2011-09-28 11:40 . 2011-09-28 11:40 -------- d-----w- c:\windows\RaidTool
2011-09-28 11:34 . 2011-09-28 11:34 -------- d-----w- c:\program files\Intel
2011-09-28 11:34 . 2008-08-19 02:56 53248 ----a-r- c:\windows\system32\CSVer.dll
2011-09-28 11:34 . 2011-09-28 11:34 -------- d-----w- C:\Intel
2011-09-28 11:31 . 2011-09-28 12:03 16608 ----a-w- c:\windows\gdrv.sys
2011-09-28 11:30 . 2011-09-28 11:30 -------- d-----w- c:\program files\OpenOffice.org 3
2011-09-28 11:20 . 2009-07-20 10:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2011-09-28 11:20 . 2009-07-20 10:26 84496 ----a-w- c:\windows\system32\KemXML.dll
2011-09-28 11:20 . 2009-07-20 10:26 117264 ----a-w- c:\windows\system32\KemWnd.dll
2011-09-28 11:20 . 2009-07-20 10:26 145936 ----a-w- c:\windows\system32\KemUtil.dll
2011-09-28 11:20 . 2009-07-20 10:26 170512 ----a-w- c:\windows\system32\kemutb.dll
2011-09-28 11:20 . 2011-09-28 11:20 -------- d-----w- c:\programdata\Logitech
2011-09-28 11:20 . 2011-09-28 11:22 -------- d-----w- c:\program files\Common Files\Logishrd
2011-09-28 11:20 . 2011-09-28 11:20 -------- d-----w- c:\program files\Logitech
2011-09-28 11:20 . 2011-09-28 11:21 -------- d-----w- c:\programdata\LogiShrd
2011-09-28 11:08 . 2011-09-28 11:08 -------- d-----w- c:\program files\xp-AntiSpy_deutsch39711
2011-09-28 11:07 . 2011-09-28 11:07 -------- d-----w- c:\program files\VideoLAN
2011-09-28 11:03 . 2011-10-07 19:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-28 11:03 . 2011-10-04 20:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-28 10:59 . 2011-09-28 10:59 -------- d-----r- c:\program files\Skype
2011-09-28 10:59 . 2011-09-28 10:59 -------- d-----w- c:\programdata\Skype
2011-09-28 10:57 . 2011-09-28 10:57 -------- d-----w- c:\programdata\Malwarebytes
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-04 10:17 . 2009-08-18 09:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-10-04 10:17 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-27 14:33 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-09-30 21:55 . 2011-09-27 20:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-24 6265376]
"Skytel"="Skytel.exe" [2008-07-24 1833504]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2011-04-06 831488]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-9-28 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-09-18 15:34 205976 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-28 2151640]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2011-09-28 24944]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\BAD6.tmp [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 64512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-10-01 722416]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-09-23 342480]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-09-23 463824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-09-16 1526080]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2011-04-06 405504]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 10:36]
.
.
------- Zusätzlicher Suchlauf -------
.
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oj8q3gd4.default\
FF - prefs.js: browser.startup.homepage - chrome://foxtab/content/homepage.html
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\BAD6.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-627701320-1578443614-114551620-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:21,07,9d,ae,42,7a,14,e6,11,65,af,3b,08,36,c4,1a,97,0e,a2,71,72,08,8b,
e0,dc,47,77,ac,84,ce,36,3a,cd,ba,52,e0,df,4b,be,f9,1d,b0,b4,3e,79,0d,fc,54,\
"??"=hex:38,f4,4e,01,4f,25,95,da,fb,b9,53,76,e6,ff,a6,4c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(6096)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
.
Zeit der Fertigstellung: 2011-10-12 21:00:24
ComboFix-quarantined-files.txt 2011-10-12 19:00
.
Vor Suchlauf: 9 Verzeichnis(se), 118.872.481.792 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 118.828.900.352 Bytes frei
.
- - End Of File - - ACF72B170EA4B19299F912CF9166BAFC
|
|
14.10.2011, 00:05
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im Recycle.bin, Datei nicht existend? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ --> Trojaner im Recycle.bin, Datei nicht existend? |
|
| Themen zu Trojaner im Recycle.bin, Datei nicht existend? |
| ad-aware, avast, benachrichtigungsdienst, build 7601, c:\windows\system32\services.exe, clean, cpu, dateien, defender, detected, dllhost.exe, explorer.exe, gruppe, launch, log, logfile, lsass.exe, löschen, nvidia, recycle.bin, scan, server, services.exe, software, svchost.exe, tan, taskhost.exe, trojan.win32.generic, trojaner, updates, windows media player, winlogon.exe, wmp |
Linear-Darstellung
